Struct acme::order::Auth

source ·
pub struct Auth { /* private fields */ }
Expand description

An authorization (ownership proof) for a domain name.

Each authorization for an order much be progressed to a valid state before the ACME API will issue a certificate.

Authorizations may or may not be required depending on previous orders against the same ACME account. The ACME API decides if the authorization is needed.

Currently there are two ways of providing the authorization.

  • In a text file served using HTTP from a web server of the domain being authorized.
  • A TXT DNS record under the domain being authorized.

Implementations§

source§

impl Auth

source

pub fn domain_name(&self) -> &str

Domain name for this authorization.

source

pub fn need_challenge(&self) -> bool

Whether we actually need to do the authorization. This might not be needed if we have proven ownership of the domain recently in a previous order.

source

pub fn http_challenge(&self) -> Option<Challenge<Http>>

Get the http challenge.

The http challenge must be placed so it is accessible under:

http://<domain-to-be-proven>/.well-known/acme-challenge/<token>

The challenge will be accessed over HTTP (not HTTPS), for obvious reasons.

use std::{fs::File, io::Write as _, time::Duration};

use acme::order::Auth;

async fn web_authorize(auth: &Auth) -> eyre::Result<()> {
  let challenge = auth.http_challenge().unwrap();

  // Assuming our web server's root is under /var/www
  let path = {
    let token = challenge.http_token();
    format!("/var/www/.well-known/acme-challenge/{}", token)
  };

  let mut file = File::create(&path)?;
  file.write_all(challenge.http_proof()?.as_bytes())?;
  challenge.validate(Duration::from_millis(5000)).await?;

  Ok(())
}
source

pub fn dns_challenge(&self) -> Option<Challenge<Dns>>

Get the dns challenge.

The dns challenge is a TXT record that must put created under:

_acme-challenge.<domain-to-be-proven>.  TXT  <proof>

The <proof> contains the signed token proving this account update it.

use std::time::Duration;

use acme::order::Auth;

async fn dns_authorize(auth: &Auth) -> eyre::Result<()> {
  let challenge = auth.dns_challenge().unwrap();
  let record = format!("_acme-challenge.{}.", auth.domain_name());
  // route_53_set_record(&record, "TXT", challenge.dns_proof());
  challenge.validate(Duration::from_millis(5000)).await?;
  Ok(())
}

The dns proof is not the same as the http proof.

source

pub fn tls_alpn_challenge(&self) -> Option<Challenge<TlsAlpn>>

Returns the TLS ALPN challenge.

The TLS ALPN challenge is a certificate that must be served when a TLS connection is made with the ALPN protocol “acme-tls/1”. The certificate must contain a single dNSName SAN containing the domain being validated, as well as an ACME extension containing the SHA256 of the key authorization.

source

pub fn api_auth(&self) -> &Authorization

Returns a reference to the authorization’s API object.

Useful for debugging.

We don’t refresh the authorization when the corresponding challenge is validated, so there will be no changes to see here.

Trait Implementations§

source§

impl Debug for Auth

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl Freeze for Auth

§

impl !RefUnwindSafe for Auth

§

impl Send for Auth

§

impl Sync for Auth

§

impl Unpin for Auth

§

impl !UnwindSafe for Auth

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

source§

fn vzip(self) -> V

source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more