summaryrefslogtreecommitdiff
path: root/modules/caddypki/acmeserver
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2021-02-02 17:23:52 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2021-02-02 17:23:52 -0700
commitbf50d7010a26468791f4397c0f0c4f9a8ed1d6a2 (patch)
tree6956ee718cea0976e2fe23e5867010655cb2df0f /modules/caddypki/acmeserver
parent8ec90f1c402b5e1aa1eea59e45f700aeb45da6ba (diff)
acmeserver: Support custom CAs from Caddyfile
The HTTP Caddyfile adapter can now configure the PKI app, and the acme_server directive can now be used to specify a custom CA used for issuing certificates. More customization options can follow later as needed.
Diffstat (limited to 'modules/caddypki/acmeserver')
-rw-r--r--modules/caddypki/acmeserver/caddyfile.go47
1 files changed, 41 insertions, 6 deletions
diff --git a/modules/caddypki/acmeserver/caddyfile.go b/modules/caddypki/acmeserver/caddyfile.go
index 6687460..9ac0bb2 100644
--- a/modules/caddypki/acmeserver/caddyfile.go
+++ b/modules/caddypki/acmeserver/caddyfile.go
@@ -16,23 +16,58 @@ package acmeserver
import (
"github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile"
- "github.com/caddyserver/caddy/v2/modules/caddyhttp"
+ "github.com/caddyserver/caddy/v2/modules/caddypki"
)
func init() {
- httpcaddyfile.RegisterHandlerDirective("acme_server", parseACMEServer)
+ httpcaddyfile.RegisterDirective("acme_server", parseACMEServer)
}
// parseACMEServer sets up an ACME server handler from Caddyfile tokens.
//
-// acme_server [<matcher>]
+// acme_server [<matcher>] {
+// ca <id>
+// }
//
-func parseACMEServer(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) {
- var as Handler
+func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) {
+ if !h.Next() {
+ return nil, h.ArgErr()
+ }
+
+ matcherSet, err := h.ExtractMatcherSet()
+ if err != nil {
+ return nil, err
+ }
+
+ var acmeServer Handler
+ var ca *caddypki.CA
+
for h.Next() {
if h.NextArg() {
return nil, h.ArgErr()
}
+ for h.NextBlock(0) {
+ switch h.Val() {
+ case "ca":
+ if !h.AllArgs(&acmeServer.CA) {
+ return nil, h.ArgErr()
+ }
+ if ca == nil {
+ ca = new(caddypki.CA)
+ }
+ ca.ID = acmeServer.CA
+ }
+ }
}
- return as, nil
+
+ configVals := h.NewRoute(matcherSet, acmeServer)
+
+ if ca == nil {
+ return configVals, nil
+ }
+
+ return append(configVals, httpcaddyfile.ConfigValue{
+ Class: "pki.ca",
+ Value: ca,
+ }), nil
}