ExAcme.RevocationBuilder (ExAcme v0.5.2)

View Source

Provides functionality to build ACME certificate revocation requests.

Use this module to construct a revocation request by supplying the certificate in one of several formats (X509.Certificate struct, DER binary, or PEM string) and an optional revocation reason.

Attributes

  • certificate - The DER-encoded certificate to revoke
  • reason - The revocation reason

Summary

Types

t()

A certificate revocation builder

Functions

Sets the certificate for revocation using an X509 certificate struct, DER binary, or PEM string.

Creates a new revocation builder.

Sets the revocation reason.

Converts the revocation builder to a map.

Types

t()

@type t() :: %ExAcme.RevocationBuilder{
  certificate: binary() | nil,
  reason: integer() | nil
}

A certificate revocation builder

Functions

certificate(revocation, list)

@spec certificate(t(),
  certificate: X509.Certificate.t(),
  der: binary(),
  pem: binary()
) :: t()

Sets the certificate for revocation using an X509 certificate struct, DER binary, or PEM string.

Parameters

  • revocation: The current revocation builder.
  • certificate: Keyword with one of the following options:
    • certificate: An X509.Certificate struct representing the certificate to revoke.
    • der: A DER-encoded binary of the certificate to revoke.
    • pem: A PEM-encoded string of the certificate to revoke.

Returns

Examples

# Using a certificate struct
iex> cert = X509.Certificate.self_signed(X509.PrivateKey.new_ec(:secp256r1), "/CN=example.com")
iex> revocation = ExAcme.RevocationBuilder.new_revocation()
iex> |> ExAcme.RevocationBuilder.certificate(certificate: cert)

# Using a PEM string
iex> pem = File.read!("path/to/certificate.pem")
iex> revocation = ExAcme.RevocationBuilder.new_revocation()
iex> |> ExAcme.RevocationBuilder.certificate(pem: pem)

# Using a DER binary
iex> der = File.read!("path/to/certificate.der")
iex> revocation = ExAcme.RevocationBuilder.new_revocation()
iex> |> ExAcme.RevocationBuilder.certificate(der: der)

new_revocation()

@spec new_revocation() :: t()

Creates a new revocation builder.

Returns

reason(revocation, reason)

@spec reason(t(), atom() | integer()) :: t()

Sets the revocation reason.

Accepts either a named reason or a numeric reason code as defined in RFC 5280.

Parameters

  • revocation: The current revocation builder.
  • reason: An atom representing the reason (:unspecified, :key_compromise, :affiliation_changed, :superseded, or :cessation_of_operation) or an integer code.

Returns

Examples

# Using a named reason
iex> revocation = ExAcme.RevocationBuilder.new_revocation()
iex> revocation = ExAcme.RevocationBuilder.reason(revocation, :key_compromise)
iex> revocation.reason
1

# Using a numeric reason code
iex> revocation = ExAcme.RevocationBuilder.new_revocation()
iex> revocation = ExAcme.RevocationBuilder.reason(revocation, 4)
iex> revocation.reason
4

to_map(revocation)

@spec to_map(t()) :: map()

Converts the revocation builder to a map.

Removes any keys with nil values and converts all keys to camelCase for API compatibility.

Parameters

  • revocation: The revocation builder struct.

Returns

  • A map representing the revocation request.