Documentation
¶
Index ¶
- Constants
- func LetsEncryptProduction() string
- func LetsEncryptStaging() string
- func LoadCertificateFromFile(path string) (*x509.Certificate, error)
- type ACMEUser
- type LetsEncryptProvider
- func (p *LetsEncryptProvider) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (p *LetsEncryptProvider) Renew(ctx context.Context, force bool) error
- func (p *LetsEncryptProvider) Start(ctx context.Context) error
- func (p *LetsEncryptProvider) Status(ctx context.Context) (*loomv1.TLSStatus, error)
- func (p *LetsEncryptProvider) Stop(ctx context.Context) error
- type Manager
- type ManualProvider
- func (p *ManualProvider) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (p *ManualProvider) Renew(ctx context.Context, force bool) error
- func (p *ManualProvider) Start(ctx context.Context) error
- func (p *ManualProvider) Status(ctx context.Context) (*loomv1.TLSStatus, error)
- func (p *ManualProvider) Stop(ctx context.Context) error
- type Provider
- type SelfSignedProvider
- func (p *SelfSignedProvider) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (p *SelfSignedProvider) Renew(ctx context.Context, force bool) error
- func (p *SelfSignedProvider) Start(ctx context.Context) error
- func (p *SelfSignedProvider) Status(ctx context.Context) (*loomv1.TLSStatus, error)
- func (p *SelfSignedProvider) Stop(ctx context.Context) error
Constants ¶
const ( DefaultLetsEncryptProduction = "https://acme-v02.api.letsencrypt.org/directory" DefaultLetsEncryptStaging = "https://acme-staging-v02.api.letsencrypt.org/directory" )
Default ACME directory URLs. Can be overridden via environment variables:
- LOOM_ACME_PRODUCTION_URL
- LOOM_ACME_STAGING_URL
Variables ¶
This section is empty.
Functions ¶
func LetsEncryptProduction ¶
func LetsEncryptProduction() string
LetsEncryptProduction returns the production ACME directory URL.
func LetsEncryptStaging ¶
func LetsEncryptStaging() string
LetsEncryptStaging returns the staging ACME directory URL.
func LoadCertificateFromFile ¶
func LoadCertificateFromFile(path string) (*x509.Certificate, error)
LoadCertificateFromFile loads a certificate from a PEM file.
Types ¶
type ACMEUser ¶
type ACMEUser struct {
Email string
Registration *registration.Resource
// contains filtered or unexported fields
}
ACMEUser implements the required registration.User interface.
func (*ACMEUser) GetPrivateKey ¶
func (u *ACMEUser) GetPrivateKey() crypto.PrivateKey
func (*ACMEUser) GetRegistration ¶
func (u *ACMEUser) GetRegistration() *registration.Resource
type LetsEncryptProvider ¶
type LetsEncryptProvider struct {
// contains filtered or unexported fields
}
LetsEncryptProvider manages certificates from Let's Encrypt.
func NewLetsEncryptProvider ¶
func NewLetsEncryptProvider(config *loomv1.LetsEncryptConfig) (*LetsEncryptProvider, error)
NewLetsEncryptProvider creates a Let's Encrypt certificate provider.
func (*LetsEncryptProvider) GetCertificate ¶
func (p *LetsEncryptProvider) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate returns the current certificate.
func (*LetsEncryptProvider) Renew ¶
func (p *LetsEncryptProvider) Renew(ctx context.Context, force bool) error
Renew manually triggers certificate renewal.
func (*LetsEncryptProvider) Start ¶
func (p *LetsEncryptProvider) Start(ctx context.Context) error
Start initializes the ACME client and starts background renewal.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager handles TLS certificate management for the server. It supports multiple certificate sources: Let's Encrypt, manual files, and self-signed.
func NewManager ¶
NewManager creates a new TLS manager from configuration.
type ManualProvider ¶
type ManualProvider struct {
// contains filtered or unexported fields
}
ManualProvider loads certificates from files specified in configuration.
func NewManualProvider ¶
func NewManualProvider(config *loomv1.ManualTLSConfig) (*ManualProvider, error)
NewManualProvider creates a manual certificate provider.
func (*ManualProvider) GetCertificate ¶
func (p *ManualProvider) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate returns the manually loaded certificate.
func (*ManualProvider) Renew ¶
func (p *ManualProvider) Renew(ctx context.Context, force bool) error
Renew returns an error because manual certificates must be renewed manually.
func (*ManualProvider) Start ¶
func (p *ManualProvider) Start(ctx context.Context) error
Start is a no-op for manual provider.
type Provider ¶
type Provider interface {
// GetCertificate returns a certificate for the given client hello.
// This is called on every TLS handshake.
GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
// Start initializes the provider and starts background tasks (e.g., renewal).
Start(ctx context.Context) error
// Stop gracefully shuts down the provider.
Stop(ctx context.Context) error
// Status returns the current status of certificates managed by this provider.
Status(ctx context.Context) (*loomv1.TLSStatus, error)
// Renew manually triggers certificate renewal.
Renew(ctx context.Context, force bool) error
}
Provider is the interface for TLS certificate providers.
type SelfSignedProvider ¶
type SelfSignedProvider struct {
// contains filtered or unexported fields
}
SelfSignedProvider generates and serves self-signed certificates for development.
func NewSelfSignedProvider ¶
func NewSelfSignedProvider(config *loomv1.SelfSignedConfig) (*SelfSignedProvider, error)
NewSelfSignedProvider creates a self-signed certificate provider.
func (*SelfSignedProvider) GetCertificate ¶
func (p *SelfSignedProvider) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate returns the self-signed certificate.
func (*SelfSignedProvider) Renew ¶
func (p *SelfSignedProvider) Renew(ctx context.Context, force bool) error
Renew regenerates the self-signed certificate.
func (*SelfSignedProvider) Start ¶
func (p *SelfSignedProvider) Start(ctx context.Context) error
Start is a no-op for self-signed provider.
Source Files