diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2021-02-02 17:23:52 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2021-02-02 17:23:52 -0700 |
commit | bf50d7010a26468791f4397c0f0c4f9a8ed1d6a2 (patch) | |
tree | 6956ee718cea0976e2fe23e5867010655cb2df0f /modules/caddypki/acmeserver | |
parent | 8ec90f1c402b5e1aa1eea59e45f700aeb45da6ba (diff) |
acmeserver: Support custom CAs from Caddyfile
The HTTP Caddyfile adapter can now configure the PKI app, and the acme_server directive can now be used to specify a custom CA used for issuing certificates. More customization options can follow later as needed.
Diffstat (limited to 'modules/caddypki/acmeserver')
-rw-r--r-- | modules/caddypki/acmeserver/caddyfile.go | 47 |
1 files changed, 41 insertions, 6 deletions
diff --git a/modules/caddypki/acmeserver/caddyfile.go b/modules/caddypki/acmeserver/caddyfile.go index 6687460..9ac0bb2 100644 --- a/modules/caddypki/acmeserver/caddyfile.go +++ b/modules/caddypki/acmeserver/caddyfile.go @@ -16,23 +16,58 @@ package acmeserver import ( "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" - "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddypki" ) func init() { - httpcaddyfile.RegisterHandlerDirective("acme_server", parseACMEServer) + httpcaddyfile.RegisterDirective("acme_server", parseACMEServer) } // parseACMEServer sets up an ACME server handler from Caddyfile tokens. // -// acme_server [<matcher>] +// acme_server [<matcher>] { +// ca <id> +// } // -func parseACMEServer(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { - var as Handler +func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { + if !h.Next() { + return nil, h.ArgErr() + } + + matcherSet, err := h.ExtractMatcherSet() + if err != nil { + return nil, err + } + + var acmeServer Handler + var ca *caddypki.CA + for h.Next() { if h.NextArg() { return nil, h.ArgErr() } + for h.NextBlock(0) { + switch h.Val() { + case "ca": + if !h.AllArgs(&acmeServer.CA) { + return nil, h.ArgErr() + } + if ca == nil { + ca = new(caddypki.CA) + } + ca.ID = acmeServer.CA + } + } } - return as, nil + + configVals := h.NewRoute(matcherSet, acmeServer) + + if ca == nil { + return configVals, nil + } + + return append(configVals, httpcaddyfile.ConfigValue{ + Class: "pki.ca", + Value: ca, + }), nil } |