pki: Avoid provisioning the `local` CA when not necessary (#4463)

* pki: Avoid provisioning the `local` CA when not necessary * pki: Refactor CA loading to keep the logic in the PKI app
author: Francis Lavoie <lavofr@gmail.com> 2021-12-13 14:25:35 -0500
committer: GitHub <noreply@github.com> 2021-12-13 12:25:35 -0700
commit: c04d24cafa60e522842d5188587ab07af2082e9b (patch)
tree: 47037af1a6cee638f054f3b3e4a9358970f5266a /modules/caddytls
parent: 81ee34e9623c3ac630f46c81a26e7823d0b2bf7b (diff)
1 files changed, 8 insertions, 7 deletions
diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go
index 7a25f6d..d9b6117 100644
--- a/modules/caddytls/internalissuer.go
+++ b/modules/caddytls/internalissuer.go
@@ -19,7 +19,6 @@ import (
 	"context"
 	"crypto/x509"
 	"encoding/pem"
-	"fmt"
 	"time"
 
 	"github.com/caddyserver/caddy/v2"
@@ -68,18 +67,20 @@ func (InternalIssuer) CaddyModule() caddy.ModuleInfo {
 func (iss *InternalIssuer) Provision(ctx caddy.Context) error {
 	iss.logger = ctx.Logger(iss)
 
+	// set some defaults
+	if iss.CA == "" {
+		iss.CA = caddypki.DefaultCAID
+	}
+
 	// get a reference to the configured CA
 	appModule, err := ctx.App("pki")
 	if err != nil {
 		return err
 	}
 	pkiApp := appModule.(*caddypki.PKI)
-	if iss.CA == "" {
-		iss.CA = caddypki.DefaultCAID
-	}
-	ca, ok := pkiApp.CAs[iss.CA]
-	if !ok {
-		return fmt.Errorf("no certificate authority configured with id: %s", iss.CA)
+	ca, err := pkiApp.GetCA(iss.CA, &ctx)
+	if err != nil {
+		return err
 	}
 	iss.ca = ca
author	Francis Lavoie <lavofr@gmail.com>	2021-12-13 14:25:35 -0500
committer	GitHub <noreply@github.com>	2021-12-13 12:25:35 -0700
commit	c04d24cafa60e522842d5188587ab07af2082e9b (patch)
tree	47037af1a6cee638f054f3b3e4a9358970f5266a /modules/caddytls
parent	81ee34e9623c3ac630f46c81a26e7823d0b2bf7b (diff)