mirror of
https://github.com/go-acme/lego.git
synced 2024-11-28 09:33:13 +02:00
feat: Allows defining the reason for the certificate revocation (#1511)
This commit is contained in:
parent
88f62f106d
commit
df54dd233a
@ -7,16 +7,33 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
// Challenge statuses.
|
||||
// https://tools.ietf.org/html/rfc8555#section-7.1.6
|
||||
// ACME status values of Account, Order, Authorization and Challenge objects.
|
||||
// See https://tools.ietf.org/html/rfc8555#section-7.1.6 for details.
|
||||
const (
|
||||
StatusPending = "pending"
|
||||
StatusInvalid = "invalid"
|
||||
StatusValid = "valid"
|
||||
StatusProcessing = "processing"
|
||||
StatusDeactivated = "deactivated"
|
||||
StatusExpired = "expired"
|
||||
StatusInvalid = "invalid"
|
||||
StatusPending = "pending"
|
||||
StatusProcessing = "processing"
|
||||
StatusReady = "ready"
|
||||
StatusRevoked = "revoked"
|
||||
StatusUnknown = "unknown"
|
||||
StatusValid = "valid"
|
||||
)
|
||||
|
||||
// CRL reason codes as defined in RFC 5280.
|
||||
// https://datatracker.ietf.org/doc/html/rfc5280#section-5.3.1
|
||||
const (
|
||||
CRLReasonUnspecified uint = 0
|
||||
CRLReasonKeyCompromise uint = 1
|
||||
CRLReasonCACompromise uint = 2
|
||||
CRLReasonAffiliationChanged uint = 3
|
||||
CRLReasonSuperseded uint = 4
|
||||
CRLReasonCessationOfOperation uint = 5
|
||||
CRLReasonCertificateHold uint = 6
|
||||
CRLReasonRemoveFromCRL uint = 8
|
||||
CRLReasonPrivilegeWithdrawn uint = 9
|
||||
CRLReasonAACompromise uint = 10
|
||||
)
|
||||
|
||||
// Directory the ACME directory object.
|
||||
|
@ -365,6 +365,11 @@ func (c *Certifier) checkResponse(order acme.ExtendedOrder, certRes *Resource, b
|
||||
|
||||
// Revoke takes a PEM encoded certificate or bundle and tries to revoke it at the CA.
|
||||
func (c *Certifier) Revoke(cert []byte) error {
|
||||
return c.RevokeWithReason(cert, nil)
|
||||
}
|
||||
|
||||
// RevokeWithReason takes a PEM encoded certificate or bundle and tries to revoke it at the CA.
|
||||
func (c *Certifier) RevokeWithReason(cert []byte, reason *uint) error {
|
||||
certificates, err := certcrypto.ParsePEMBundle(cert)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -377,6 +382,7 @@ func (c *Certifier) Revoke(cert []byte) error {
|
||||
|
||||
revokeMsg := acme.RevokeCertMessage{
|
||||
Certificate: base64.RawURLEncoding.EncodeToString(x509Cert.Raw),
|
||||
Reason: reason,
|
||||
}
|
||||
|
||||
return c.core.Certificates.Revoke(revokeMsg)
|
||||
|
@ -1,6 +1,7 @@
|
||||
package cmd
|
||||
|
||||
import (
|
||||
"github.com/go-acme/lego/v4/acme"
|
||||
"github.com/go-acme/lego/v4/log"
|
||||
"github.com/urfave/cli"
|
||||
)
|
||||
@ -15,6 +16,11 @@ func createRevoke() cli.Command {
|
||||
Name: "keep, k",
|
||||
Usage: "Keep the certificates after the revocation instead of archiving them.",
|
||||
},
|
||||
cli.UintFlag{
|
||||
Name: "reason",
|
||||
Usage: "Identifies the reason for the certificate revocation. See https://tools.ietf.org/html/rfc5280#section-5.3.1. 0(unspecified),1(keyCompromise),2(cACompromise),3(affiliationChanged),4(superseded),5(cessationOfOperation),6(certificateHold),8(removeFromCRL),9(privilegeWithdrawn),10(aACompromise)",
|
||||
Value: acme.CRLReasonUnspecified,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
@ -37,7 +43,9 @@ func revoke(ctx *cli.Context) error {
|
||||
log.Fatalf("Error while revoking the certificate for domain %s\n\t%v", domain, err)
|
||||
}
|
||||
|
||||
err = client.Certificate.Revoke(certBytes)
|
||||
reason := ctx.Uint("reason")
|
||||
|
||||
err = client.Certificate.RevokeWithReason(certBytes, &reason)
|
||||
if err != nil {
|
||||
log.Fatalf("Error while revoking the certificate for domain %s\n\t%v", domain, err)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user