acumen/order

Order types and CSR generation for ACME certificate requests.

An order represents a request for a certificate covering one or more identifiers (domain names or IP addresses). This module also provides helpers to generate Certificate Signing Requests (CSRs) from an order.

Types

CsrError

</>

Errors that can occur when generating a CSR from an order.

pub type CsrError {
  NoIdentifiers
  InvalidIdentifier
  SigningFailed
}

Constructors

```
NoIdentifiers
```
The order has no identifiers.
```
InvalidIdentifier
```
An identifier could not be encoded (e.g., non-ASCII DNS name, invalid IP).
```
SigningFailed
```
The CSR could not be signed.

Order

</>

An ACME order for certificate issuance.

pub type Order {
  Order(
    url: url.Url,
    status: Status,
    identifiers: List(acumen.Identifier),
    authorizations: List(url.Url),
    finalize_url: url.Url,
    expires: option.Option(timestamp.Timestamp),
    not_before: option.Option(timestamp.Timestamp),
    not_after: option.Option(timestamp.Timestamp),
    profile: option.Option(String),
    error: option.Option(acumen.AcmeError),
  )
}

Constructors

```
Order(
  url: url.Url,
  status: Status,
  identifiers: List(acumen.Identifier),
  authorizations: List(url.Url),
  finalize_url: url.Url,
  expires: option.Option(timestamp.Timestamp),
  not_before: option.Option(timestamp.Timestamp),
  not_after: option.Option(timestamp.Timestamp),
  profile: option.Option(String),
  error: option.Option(acumen.AcmeError),
)
```
Arguments

url

The order URL (from Location header).

status

Current order status (certificate URL is inside Valid variant).

identifiers

The identifiers requested on the certificate.

authorizations

URLs to authorization objects (for challenge completion).

finalize_url

URL to finalize the order with a CSR.

expires

When the order expires.

not_before

Requested certificate notBefore (optional).

not_after

Requested certificate notAfter (optional).

profile

Certificate issuance profile (optional).

error

Problem document when order is invalid.

Status

</>

Order status.

pub type Status {
  Pending
  Ready
  Processing
  Valid(certificate_url: url.Url)
  Invalid
}

Constructors

```
Pending
```
Authorizations not yet satisfied.
```
Ready
```
Ready for finalization (all authorizations valid).
```
Processing
```
CA is issuing the certificate.
```
Valid(certificate_url: url.Url)
```
Certificate is available for download at the given URL.
```
Invalid
```
Order failed (e.g., authorization failed).

Values

to_ec_csr

</>

pub fn to_ec_csr(
  order: Order,
  key: ec.PrivateKey,
) -> Result(BitArray, CsrError)

Generates a CSR from an order using an EC key.

Uses the order’s identifiers as Subject Alternative Names, with the first DNS identifier as the Common Name. Returns the CSR in DER format.

Example

let #(private_key, _public_key) = ec.generate_key_pair(ec.P256)
let assert Ok(csr_der) = order.to_ec_csr(ready_order, private_key)

to_rsa_csr

</>

pub fn to_rsa_csr(
  order: Order,
  key: rsa.PrivateKey,
) -> Result(BitArray, CsrError)

Generates a CSR from an order using an RSA key.

Uses the order’s identifiers as Subject Alternative Names, with the first DNS identifier as the Common Name. Returns the CSR in DER format.

Hash algorithm is selected by key size: SHA-512 for 4096+ bits, SHA-384 for 3072+, SHA-256 otherwise.

Example

let assert Ok(#(private_key, _public_key)) = rsa.generate_key_pair(2048)
let assert Ok(csr_der) = order.to_rsa_csr(ready_order, private_key)

Constructors

Constructors

Arguments

Constructors

Example

Example