certcache

package

v0.0.0-...-45fb5ce Latest Latest Go to latest Published: Jan 13, 2026 License: Apache-2.0 Imports: 16 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cloudengio/go.webapp

Links

Open Source Insights

README ¶

Package cloudeng.io/webapp/webauth/acme/certcache

import cloudeng.io/webapp/webauth/acme/certcache

Package certcache provides support for working with autocert caches with persistent backing stores for storing and distributing certificates.

Variables

ErrReadonlyCache, ErrLocalOperation, ErrBackingOperation, ErrLockFailed

ErrReadonlyCache = errors.New("readonly cache")
ErrLocalOperation = errors.New("local operation")
ErrBackingOperation = errors.New("backing store operation")
ErrLockFailed = errors.New("lock acquisition failed")

ErrCacheMiss

ErrCacheMiss = autocert.ErrCacheMiss

ErrCacheMiss is the same as autocert.ErrCacheMiss

Functions

Func HasReadonlyOption

func HasReadonlyOption(opts []Option) bool

HasReadonlyOption returns true if the supplied options include the WithReadonly option set to true.

Func IsAcmeAccountKey

func IsAcmeAccountKey(name string) bool

IsAcmeAccountKey returns true if the specified name is for an ACME account private key.

Func IsLocalName

func IsLocalName(name string) bool

IsLocalName returns true if the specified name is for local-only data such as ACME client private keys or http-01 challenge tokens.

Func ParseRevocationReason

func ParseRevocationReason(reason string) (acme.CRLReasonCode, error)

ParseRevocationReason parses the supplied revocation reason string and returns the corresponding acme.CRLReasonCode.

Func RefreshCertificate

func RefreshCertificate(_ context.Context, mgr *autocert.Manager, host string) (*tls.Certificate, error)

RefreshCertificate attempts to refresh the certificate for the specified host using the provided autocert.Manager by simulating a TLS ClientHello for the specified host. It prefers to use the PreferredCipherSuites and PreferredSignatureSchemes defined in webapp package to force the use of ECDSA certificates rather than RSA.

Func WrapHostPolicyNoPort

func WrapHostPolicyNoPort(existing autocert.HostPolicy) autocert.HostPolicy

WrapHostPolicyNoPort wraps an existing autocert.HostPolicy to strip any port information from the host before passing it to the existing policy. This is required when running in a test environment where well-known/hardwired ports (80, 443) are not used.

Types

Type CachingStore

type CachingStore struct {
	// contains filtered or unexported fields
}

CachingStore implements a 'caching store' that intergrates with autocert. It provides an instance of autocert.Cache that will store certificates in 'backing' store, but use the local file system for temporary/private data such as the ACME client's private key. This allows for certificates to be shared across multiple hosts by using a distributed 'backing' store such as AWS' secretsmanager. In addition, certificates may be extracted safely on the host that manages them programmatically.

Functions

func NewCachingStore(localDir string, backingStore StoreFS, opts ...Option) (*CachingStore, error)

NewCachingStore returns an instance of autocert.Cache that will store certificates in 'backing' store, but use the local file system for temporary/private data such as the ACME client's private key. This allows for certificates to be shared across multiple hosts by using a distributed 'backing' store such as AWS' secretsmanager. Certificates may be extracted safely for use by other servers. CachingStore implements autocert.Cache.

Methods

func (dc *CachingStore) Delete(ctx context.Context, name string) error

Delete implements autocert.Cache.

func (dc *CachingStore) Get(ctx context.Context, name string) ([]byte, error)

Get implements autocert.Cache.

func (dc *CachingStore) GetAccountKey(ctx context.Context) (crypto.Signer, error)

GetAccountKey retrieves the ACME account private key from the cache.

func (dc *CachingStore) Put(ctx context.Context, name string, data []byte) error

Put implements autocert.Cache.

func (dc *CachingStore) ReadFile(name string) ([]byte, error)

Implement file.ReadfileFS“

func (dc *CachingStore) ReadFileCtx(ctx context.Context, name string) ([]byte, error)

Implement file.ReadfileFS

func (dc *CachingStore) WriteFile(name string, data []byte, perm fs.FileMode) error

Implement file.WritefileFS

func (dc *CachingStore) WriteFileCtx(ctx context.Context, name string, data []byte, _ fs.FileMode) error

Implement file.WritefileFS

Type Option

type Option func(o *options)

Functions

func WithReadonly(readonly bool) Option

WithReadonly sets whether the caching store is readonly.

func WithSaveAccountKey(name string) Option

WithSaveAccountKey sets whether ACME account keys are to be saved to the backing store using the specified name.

Type StoreFS

type StoreFS interface {
	ReadFileCtx(ctx context.Context, name string) ([]byte, error)
	WriteFileCtx(ctx context.Context, name string, data []byte, perm fs.FileMode) error
	Delete(ctx context.Context, name string) error
}

StoreFS defines an interface that combines reading, writing and deleting files and is used to create an acme/autocert cache.

Functions

func NewLocalStore(dir string) (StoreFS, error)

Documentation ¶

Overview ¶

Package certcache provides support for working with autocert caches with persistent backing stores for storing and distributing certificates.

Index ¶

Variables
func HasReadonlyOption(opts []Option) bool
func IsAcmeAccountKey(name string) bool
func IsLocalName(name string) bool
func ParseRevocationReason(reason string) (acme.CRLReasonCode, error)
func RefreshCertificate(_ context.Context, mgr *autocert.Manager, host string) (*tls.Certificate, error)
func WrapHostPolicyNoPort(existing autocert.HostPolicy) autocert.HostPolicy
type CachingStore
- func NewCachingStore(localDir string, backingStore StoreFS, opts ...Option) (*CachingStore, error)
type Option
- func WithReadonly(readonly bool) Option
- func WithSaveAccountKey(name string) Option
type StoreFS
- func NewLocalStore(dir string) (StoreFS, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrReadonlyCache    = errors.New("readonly cache")
	ErrLocalOperation   = errors.New("local operation")
	ErrBackingOperation = errors.New("backing store operation")
	ErrLockFailed       = errors.New("lock acquisition failed")
)

View Source

var ErrCacheMiss = autocert.ErrCacheMiss

ErrCacheMiss is the same as autocert.ErrCacheMiss

Functions ¶

func HasReadonlyOption ¶

func HasReadonlyOption(opts []Option) bool

HasReadonlyOption returns true if the supplied options include the WithReadonly option set to true.

func IsAcmeAccountKey ¶

func IsAcmeAccountKey(name string) bool

IsAcmeAccountKey returns true if the specified name is for an ACME account private key.

func IsLocalName ¶

func IsLocalName(name string) bool

IsLocalName returns true if the specified name is for local-only data such as ACME client private keys or http-01 challenge tokens.

func ParseRevocationReason ¶

func ParseRevocationReason(reason string) (acme.CRLReasonCode, error)

ParseRevocationReason parses the supplied revocation reason string and returns the corresponding acme.CRLReasonCode.

func RefreshCertificate ¶

func RefreshCertificate(_ context.Context, mgr *autocert.Manager, host string) (*tls.Certificate, error)

RefreshCertificate attempts to refresh the certificate for the specified host using the provided autocert.Manager by simulating a TLS ClientHello for the specified host. It prefers to use the PreferredCipherSuites and PreferredSignatureSchemes defined in webapp package to force the use of ECDSA certificates rather than RSA.

func WrapHostPolicyNoPort ¶

func WrapHostPolicyNoPort(existing autocert.HostPolicy) autocert.HostPolicy

WrapHostPolicyNoPort wraps an existing autocert.HostPolicy to strip any port information from the host before passing it to the existing policy. This is required when running in a test environment where well-known/hardwired ports (80, 443) are not used.

Types ¶

type CachingStore ¶

type CachingStore struct {
	// contains filtered or unexported fields
}

CachingStore implements a 'caching store' that intergrates with autocert. It provides an instance of autocert.Cache that will store certificates in 'backing' store, but use the local file system for temporary/private data such as the ACME client's private key. This allows for certificates to be shared across multiple hosts by using a distributed 'backing' store such as AWS' secretsmanager. In addition, certificates may be extracted safely on the host that manages them programmatically.

func NewCachingStore ¶

func NewCachingStore(localDir string, backingStore StoreFS, opts ...Option) (*CachingStore, error)

NewCachingStore returns an instance of autocert.Cache that will store certificates in 'backing' store, but use the local file system for temporary/private data such as the ACME client's private key. This allows for certificates to be shared across multiple hosts by using a distributed 'backing' store such as AWS' secretsmanager. Certificates may be extracted safely for use by other servers. CachingStore implements autocert.Cache.

func (*CachingStore) Delete ¶

func (dc *CachingStore) Delete(ctx context.Context, name string) error

Delete implements autocert.Cache.

func (*CachingStore) Get ¶

func (dc *CachingStore) Get(ctx context.Context, name string) ([]byte, error)

Get implements autocert.Cache.

func (*CachingStore) GetAccountKey ¶

func (dc *CachingStore) GetAccountKey(ctx context.Context) (crypto.Signer, error)

GetAccountKey retrieves the ACME account private key from the cache.

func (*CachingStore) Put ¶

func (dc *CachingStore) Put(ctx context.Context, name string, data []byte) error

Put implements autocert.Cache.

func (*CachingStore) ReadFile ¶

func (dc *CachingStore) ReadFile(name string) ([]byte, error)

Implement file.ReadfileFS“

func (*CachingStore) ReadFileCtx ¶

func (dc *CachingStore) ReadFileCtx(ctx context.Context, name string) ([]byte, error)

Implement file.ReadfileFS

func (*CachingStore) WriteFile ¶

func (dc *CachingStore) WriteFile(name string, data []byte, perm fs.FileMode) error

Implement file.WritefileFS

func (*CachingStore) WriteFileCtx ¶

func (dc *CachingStore) WriteFileCtx(ctx context.Context, name string, data []byte, _ fs.FileMode) error

Implement file.WritefileFS

type Option ¶

type Option func(o *options)

func WithReadonly ¶

func WithReadonly(readonly bool) Option

WithReadonly sets whether the caching store is readonly.

func WithSaveAccountKey ¶

func WithSaveAccountKey(name string) Option

WithSaveAccountKey sets whether ACME account keys are to be saved to the backing store using the specified name.

type StoreFS ¶

type StoreFS interface {
	ReadFileCtx(ctx context.Context, name string) ([]byte, error)
	WriteFileCtx(ctx context.Context, name string, data []byte, perm fs.FileMode) error
	Delete(ctx context.Context, name string) error
}

StoreFS defines an interface that combines reading, writing and deleting files and is used to create an acme/autocert cache.

func NewLocalStore ¶

func NewLocalStore(dir string) (StoreFS, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL