summaryrefslogtreecommitdiff
path: root/caddyconfig
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2022-01-05 22:45:41 -0500
committerGitHub <noreply@github.com>2022-01-05 22:45:41 -0500
commit4b9849c7922c3a0a7b1bd487f5d890fcff32aaba (patch)
tree13afa68ac4edcabeff5b60a1daede60f0c76f659 /caddyconfig
parent80d7a356b3443e0a994e5d6abfa6082ba3d5e6e7 (diff)
httpcaddyfile: Support configuring `pki` app names via global options (#4450)
Diffstat (limited to 'caddyconfig')
-rw-r--r--caddyconfig/httpcaddyfile/pkiapp.go96
1 files changed, 93 insertions, 3 deletions
diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go
index a21951d..b1aac75 100644
--- a/caddyconfig/httpcaddyfile/pkiapp.go
+++ b/caddyconfig/httpcaddyfile/pkiapp.go
@@ -16,23 +16,108 @@ package httpcaddyfile
import (
"github.com/caddyserver/caddy/v2/caddyconfig"
+ "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
"github.com/caddyserver/caddy/v2/modules/caddypki"
)
+func init() {
+ RegisterGlobalOption("pki", parsePKIApp)
+}
+
+// parsePKIApp parses the global log option. Syntax:
+//
+// pki {
+// ca [<id>] {
+// name <name>
+// root_cn <name>
+// intermediate_cn <name>
+// }
+// }
+//
+// When the CA ID is unspecified, 'local' is assumed.
+//
+func parsePKIApp(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, error) {
+ pki := &caddypki.PKI{CAs: make(map[string]*caddypki.CA)}
+
+ for d.Next() {
+ for nesting := d.Nesting(); d.NextBlock(nesting); {
+ switch d.Val() {
+ case "ca":
+ pkiCa := new(caddypki.CA)
+ if d.NextArg() {
+ pkiCa.ID = d.Val()
+ if d.NextArg() {
+ return nil, d.ArgErr()
+ }
+ }
+ if pkiCa.ID == "" {
+ pkiCa.ID = caddypki.DefaultCAID
+ }
+
+ for nesting := d.Nesting(); d.NextBlock(nesting); {
+ switch d.Val() {
+ case "name":
+ if !d.NextArg() {
+ return nil, d.ArgErr()
+ }
+ pkiCa.Name = d.Val()
+
+ case "root_cn":
+ if !d.NextArg() {
+ return nil, d.ArgErr()
+ }
+ pkiCa.RootCommonName = d.Val()
+
+ case "intermediate_cn":
+ if !d.NextArg() {
+ return nil, d.ArgErr()
+ }
+ pkiCa.IntermediateCommonName = d.Val()
+
+ default:
+ return nil, d.Errf("unrecognized pki ca option '%s'", d.Val())
+ }
+ }
+
+ pki.CAs[pkiCa.ID] = pkiCa
+
+ default:
+ return nil, d.Errf("unrecognized pki option '%s'", d.Val())
+ }
+ }
+ }
+
+ return pki, nil
+}
+
func (st ServerType) buildPKIApp(
pairings []sbAddrAssociation,
options map[string]interface{},
warnings []caddyconfig.Warning,
) (*caddypki.PKI, []caddyconfig.Warning, error) {
- pkiApp := &caddypki.PKI{CAs: make(map[string]*caddypki.CA)}
-
skipInstallTrust := false
if _, ok := options["skip_install_trust"]; ok {
skipInstallTrust = true
}
falseBool := false
+ // Load the PKI app configured via global options
+ var pkiApp *caddypki.PKI
+ unwrappedPki, ok := options["pki"].(*caddypki.PKI)
+ if ok {
+ pkiApp = unwrappedPki
+ } else {
+ pkiApp = &caddypki.PKI{CAs: make(map[string]*caddypki.CA)}
+ }
+ for _, ca := range pkiApp.CAs {
+ if skipInstallTrust {
+ ca.InstallTrust = &falseBool
+ }
+ pkiApp.CAs[ca.ID] = ca
+ }
+
+ // Add in the CAs configured via directives
for _, p := range pairings {
for _, sblock := range p.serverBlocks {
// find all the CAs that were defined and add them to the app config
@@ -42,7 +127,12 @@ func (st ServerType) buildPKIApp(
if skipInstallTrust {
ca.InstallTrust = &falseBool
}
- pkiApp.CAs[ca.ID] = ca
+
+ // the CA might already exist from global options, so
+ // don't overwrite it in that case
+ if _, ok := pkiApp.CAs[ca.ID]; !ok {
+ pkiApp.CAs[ca.ID] = ca
+ }
}
}
}