caddytls: add 'key_type' subdirective (#3956)

* caddytls: add 'key_type' subdirective * Suggested change * *string -> string * test
author: Jordi Masip <masipcat@users.noreply.github.com> 2021-01-06 20:02:58 +0100
committer: GitHub <noreply@github.com> 2021-01-06 12:02:58 -0700
commit: 8b6fdc04da5b31d8cb62b9d2574d16afe81ad549 (patch)
tree: 0a1e69f78adc71f68a4dbdc85f7c90b7e1fd0170
parent: f0216967dca12831b1aac351fc8c4bfcea148697 (diff)
3 files changed, 21 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go
index 7d16da1..08dfa88 100644
--- a/caddyconfig/httpcaddyfile/builtins.go
+++ b/caddyconfig/httpcaddyfile/builtins.go
@@ -87,6 +87,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 	var folderLoader caddytls.FolderLoader
 	var certSelector caddytls.CustomCertSelectionPolicy
 	var acmeIssuer *caddytls.ACMEIssuer
+	var keyType string
 	var internalIssuer *caddytls.InternalIssuer
 	var issuers []certmagic.Issuer
 	var onDemand bool
@@ -267,6 +268,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 				}
 				acmeIssuer.CA = arg[0]
 
+			case "key_type":
+				arg := h.RemainingArgs()
+				if len(arg) != 1 {
+					return nil, h.ArgErr()
+				}
+				keyType = arg[0]
+
 			case "eab":
 				arg := h.RemainingArgs()
 				if len(arg) != 2 {
@@ -384,6 +392,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 		})
 	}
 
+	if keyType != "" {
+		configVals = append(configVals, ConfigValue{
+			Class: "tls.key_type",
+			Value: keyType,
+		})
+	}
+
 	// on-demand TLS
 	if onDemand {
 		configVals = append(configVals, ConfigValue{
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 440c447..a66146d 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -108,6 +108,10 @@ func (st ServerType) buildTLSApp(
 				ap.OnDemand = true
 			}
 
+			if keyTypeVals, ok := sblock.pile["tls.key_type"]; ok {
+				ap.KeyType = keyTypeVals[0].Value.(string)
+			}
+
 			// certificate issuers
 			if issuerVals, ok := sblock.pile["tls.cert_issuer"]; ok {
 				var issuers []certmagic.Issuer
diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt
index db8e38b..9be0a19 100644
--- a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt
+++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt
@@ -7,6 +7,7 @@
 example.com {
 	tls {
 		on_demand
+		key_type rsa2048
 	}
 }
 
@@ -79,6 +80,7 @@ http://example.net {
 								"module": "zerossl"
 							}
 						],
+						"key_type": "rsa2048",
 						"on_demand": true
 					},
 					{
author	Jordi Masip <masipcat@users.noreply.github.com>	2021-01-06 20:02:58 +0100
committer	GitHub <noreply@github.com>	2021-01-06 12:02:58 -0700
commit	8b6fdc04da5b31d8cb62b9d2574d16afe81ad549 (patch)
tree	0a1e69f78adc71f68a4dbdc85f7c90b7e1fd0170
parent	f0216967dca12831b1aac351fc8c4bfcea148697 (diff)