[][src]Struct acme_micro::order::Auth

pub struct Auth { /* fields omitted */ }

An authorization (ownership proof) for a domain name.

Each authorization for an order much be progressed to a valid state before the ACME API will issue a certificate.

Authorizations may or may not be required depending on previous orders against the same ACME account. The ACME API decides if the authorization is needed.

Currently there are two ways of providing the authorization.

  • In a text file served using HTTP from a web server of the domain being authorized.
  • A TXT DNS record under the domain being authorized.

Methods

impl Auth[src]

pub fn domain_name(&self) -> &str[src]

Domain name for this authorization.

pub fn need_challenge(&self) -> bool[src]

Whether we actually need to do the authorization. This might not be needed if we have proven ownership of the domain recently in a previous order.

pub fn http_challenge(&self) -> Challenge<Http>[src]

Get the http challenge.

The http challenge must be placed so it is accessible under:

http://<domain-to-be-proven>/.well-known/acme-challenge/<token>

The challenge will be accessed over HTTP (not HTTPS), for obvious reasons.

use acme_micro::order::Auth;
use acme_micro::Error;
use std::fs::File;
use std::io::Write;

fn web_authorize(auth: &Auth) -> Result<(), Error> {
  let challenge = auth.http_challenge();
  // Assuming our web server's root is under /var/www
  let path = {
    let token = challenge.http_token();
    format!("/var/www/.well-known/acme-challenge/{}", token)
  };
  let mut file = File::create(&path)?;
  file.write_all(challenge.http_proof().as_bytes())?;
  challenge.validate(5000)?;
  Ok(())
}

pub fn dns_challenge(&self) -> Challenge<Dns>[src]

Get the dns challenge.

The dns challenge is a TXT record that must put created under:

_acme-challenge.<domain-to-be-proven>.  TXT  <proof>

The contains the signed token proving this account update it.

use acme_micro::order::Auth;
use acme_micro::Error;

fn dns_authorize(auth: &Auth) -> Result<(), Error> {
  let challenge = auth.dns_challenge();
  let record = format!("_acme-challenge.{}.", auth.domain_name());
  // route_53_set_record(&record, "TXT", challenge.dns_proof());
  challenge.validate(5000)?;
  Ok(())
}

The dns proof is not the same as the http proof.

pub fn tls_alpn_challenge(&self) -> Challenge<TlsAlpn>[src]

Get the TLS ALPN challenge.

The TLS ALPN challenge is a certificate that must be served when a request is made for the ALPN protocol "tls-alpn-01". The certificate must contain a single dNSName SAN containing the domain being validated, as well as an ACME extension containing the SHA256 of the key authorization.

pub fn api_auth(&self) -> &ApiAuth[src]

Access the underlying JSON object for debugging. We don't refresh the authorization when the corresponding challenge is validated, so there will be no changes to see here.

Trait Implementations

impl Debug for Auth[src]

Auto Trait Implementations

impl RefUnwindSafe for Auth

impl Send for Auth

impl Sync for Auth

impl Unpin for Auth

impl UnwindSafe for Auth

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> Sealed<T> for T where
    T: ?Sized

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.