[][src]Struct acme_lib::order::Auth

pub struct Auth<P: Persist> { /* fields omitted */ }

An authorization (ownership proof) for a domain name.

Each authorization for an order much be progressed to a valid state before the ACME API will issue a certificate.

Authorizations may or may not be required depending on previous orders against the same ACME account. The ACME API decides if the authorization is needed.

Currently there are two ways of providing the authorization.

  • In a text file served using HTTP from a web server of the domain being authorized.
  • A TXT DNS record under the domain being authorized.

Methods

impl<P: Persist> Auth<P>[src]

pub fn domain_name(&self) -> &str[src]

Domain name for this authorization.

pub fn need_challenge(&self) -> bool[src]

Whether we actually need to do the authorization. This might not be needed if we have proven ownership of the domain recently in a previous order.

pub fn http_challenge(&self) -> Challenge<P, Http>[src]

Get the http challenge.

The http challenge must be placed so it is accessible under:

http://<domain-to-be-proven>/.well-known/acme-challenge/<token>

The challenge will be accessed over HTTP (not HTTPS), for obvious reasons.

use acme_lib::persist::Persist;
use acme_lib::order::Auth;
use acme_lib::Error;
use std::fs::File;
use std::io::Write;

fn web_authorize<P: Persist>(auth: &Auth<P>) -> Result<(), Error> {
  let challenge = auth.http_challenge();
  // Assuming our web server's root is under /var/www
  let path = {
    let token = challenge.http_token();
    format!("/var/www/.well-known/acme-challenge/{}", token)
  };
  let mut file = File::create(&path)?;
  file.write_all(challenge.http_proof().as_bytes())?;
  challenge.validate(5000)?;
  Ok(())
}

pub fn dns_challenge(&self) -> Challenge<P, Dns>[src]

Get the dns challenge.

The dns challenge is a TXT record that must put created under:

_acme-challenge.<domain-to-be-proven>.  TXT  <proof>

The contains the signed token proving this account update it.

use acme_lib::persist::Persist;
use acme_lib::order::Auth;
use acme_lib::Error;

fn dns_authorize<P: Persist>(auth: &Auth<P>) -> Result<(), Error> {
  let challenge = auth.dns_challenge();
  let record = format!("_acme-challenge.{}.", auth.domain_name());
  // route_53_set_record(&record, "TXT", challenge.dns_proof());
  challenge.validate(5000)?;
  Ok(())
}

The dns proof is not the same as the http proof.

pub fn api_auth(&self) -> &ApiAuth[src]

Access the underlying JSON object for debugging. We don't refresh the authorization when the corresponding challenge is validated, so there will be no changes to see here.

Auto Trait Implementations

impl<P> Send for Auth<P> where
    P: Sync

impl<P> Sync for Auth<P> where
    P: Sync

Blanket Implementations

impl<T, U> Into for T where
    U: From<T>, [src]

impl<T> From for T[src]

impl<T, U> TryFrom for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T> Borrow for T where
    T: ?Sized[src]

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> BorrowMut for T where
    T: ?Sized[src]

impl<T, U> TryInto for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.