diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-31 17:56:36 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-31 17:56:36 -0600 |
commit | 244b839f9813ae68c5527e6aadadaff0642c1a00 (patch) | |
tree | 66c0df8bbf728eed7c511f1023e84b6d4d34ac31 /modules/caddypki/command.go | |
parent | 904d9cab390007610a65f648d05314f5826c3979 (diff) |
pki: Add trust subcommand to install root cert (closes #3204)
Diffstat (limited to 'modules/caddypki/command.go')
-rw-r--r-- | modules/caddypki/command.go | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/modules/caddypki/command.go b/modules/caddypki/command.go index 9276fcb..9117f3f 100644 --- a/modules/caddypki/command.go +++ b/modules/caddypki/command.go @@ -15,6 +15,7 @@ package caddypki import ( + "context" "flag" "fmt" "os" @@ -27,6 +28,25 @@ import ( func init() { caddycmd.RegisterCommand(caddycmd.Command{ + Name: "trust", + Func: cmdTrust, + Short: "Installs a CA certificate into local trust stores", + Long: ` +Adds a root certificate into the local trust stores. Intended for +development environments only. + +Since Caddy will install its root certificates into the local trust +stores automatically when they are first generated, this command is +only necessary if you need to pre-install the certificates before +using them; for example, if you have elevated privileges at one +point but not later, you will want to use this command so that a +password prompt is not required later. + +This command installs the root certificate only for Caddy's +default CA.`, + }) + + caddycmd.RegisterCommand(caddycmd.Command{ Name: "untrust", Func: cmdUntrust, Usage: "[--ca <id> | --cert <path>]", @@ -57,6 +77,30 @@ If no flags are specified, --ca=local is assumed.`, }) } +func cmdTrust(fs caddycmd.Flags) (int, error) { + // we have to create a sort of dummy context so that + // the CA can provision itself... + ctx, cancel := caddy.NewContext(caddy.Context{Context: context.Background()}) + defer cancel() + + // provision the CA, which generates and stores a root + // certificate if one doesn't already exist in storage + ca := CA{ + storage: caddy.DefaultStorage, + } + err := ca.Provision(ctx, defaultCAID, caddy.Log()) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + err = ca.installRoot() + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + return caddy.ExitCodeSuccess, nil +} + func cmdUntrust(fs caddycmd.Flags) (int, error) { ca := fs.String("ca") cert := fs.String("cert") |