diff options
Diffstat (limited to 'modules/caddytls')
-rw-r--r-- | modules/caddytls/acmeissuer.go | 14 | ||||
-rw-r--r-- | modules/caddytls/automation.go | 6 | ||||
-rw-r--r-- | modules/caddytls/certmanagers.go | 12 | ||||
-rw-r--r-- | modules/caddytls/distributedstek/distributedstek.go | 10 | ||||
-rw-r--r-- | modules/caddytls/storageloader.go | 7 | ||||
-rw-r--r-- | modules/caddytls/tls.go | 4 | ||||
-rw-r--r-- | modules/caddytls/zerosslissuer.go | 8 |
7 files changed, 33 insertions, 28 deletions
diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 48a961f..fd60cc8 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -85,7 +85,7 @@ type ACMEIssuer struct { PreferredChains *ChainPreference `json:"preferred_chains,omitempty"` rootPool *x509.CertPool - template certmagic.ACMEManager + template certmagic.ACMEIssuer magic *certmagic.Config logger *zap.Logger } @@ -172,8 +172,8 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { return nil } -func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { - template := certmagic.ACMEManager{ +func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEIssuer, error) { + template := certmagic.ACMEIssuer{ CA: iss.CA, TestCA: iss.TestCA, Email: iss.Email, @@ -224,22 +224,22 @@ func (iss *ACMEIssuer) SetConfig(cfg *certmagic.Config) { // PreCheck implements the certmagic.PreChecker interface. func (iss *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error { - return certmagic.NewACMEManager(iss.magic, iss.template).PreCheck(ctx, names, interactive) + return certmagic.NewACMEIssuer(iss.magic, iss.template).PreCheck(ctx, names, interactive) } // Issue obtains a certificate for the given csr. func (iss *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) { - return certmagic.NewACMEManager(iss.magic, iss.template).Issue(ctx, csr) + return certmagic.NewACMEIssuer(iss.magic, iss.template).Issue(ctx, csr) } // IssuerKey returns the unique issuer key for the configured CA endpoint. func (iss *ACMEIssuer) IssuerKey() string { - return certmagic.NewACMEManager(iss.magic, iss.template).IssuerKey() + return certmagic.NewACMEIssuer(iss.magic, iss.template).IssuerKey() } // Revoke revokes the given certificate. func (iss *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error { - return certmagic.NewACMEManager(iss.magic, iss.template).Revoke(ctx, cert, reason) + return certmagic.NewACMEIssuer(iss.magic, iss.template).Revoke(ctx, cert, reason) } // GetACMEIssuer returns iss. This is useful when other types embed ACMEIssuer, because diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index eb97c82..26884bc 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -141,8 +141,8 @@ type AutomationPolicy struct { // they are only used to populate an underlying certmagic.Config's // fields during provisioning so that the modules can survive a // re-provisioning. - Issuers []certmagic.Issuer `json:"-"` - Managers []certmagic.CertificateManager `json:"-"` + Issuers []certmagic.Issuer `json:"-"` + Managers []certmagic.Manager `json:"-"` magic *certmagic.Config storage certmagic.Storage @@ -199,7 +199,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { return fmt.Errorf("loading external certificate manager modules: %v", err) } for _, getCertVal := range vals.([]interface{}) { - ap.Managers = append(ap.Managers, getCertVal.(certmagic.CertificateManager)) + ap.Managers = append(ap.Managers, getCertVal.(certmagic.Manager)) } } diff --git a/modules/caddytls/certmanagers.go b/modules/caddytls/certmanagers.go index 653e9f5..8c8d701 100644 --- a/modules/caddytls/certmanagers.go +++ b/modules/caddytls/certmanagers.go @@ -198,11 +198,11 @@ func (hcg *HTTPCertGetter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Interface guards var ( - _ certmagic.CertificateManager = (*Tailscale)(nil) - _ caddy.Provisioner = (*Tailscale)(nil) - _ caddyfile.Unmarshaler = (*Tailscale)(nil) + _ certmagic.Manager = (*Tailscale)(nil) + _ caddy.Provisioner = (*Tailscale)(nil) + _ caddyfile.Unmarshaler = (*Tailscale)(nil) - _ certmagic.CertificateManager = (*HTTPCertGetter)(nil) - _ caddy.Provisioner = (*HTTPCertGetter)(nil) - _ caddyfile.Unmarshaler = (*HTTPCertGetter)(nil) + _ certmagic.Manager = (*HTTPCertGetter)(nil) + _ caddy.Provisioner = (*HTTPCertGetter)(nil) + _ caddyfile.Unmarshaler = (*HTTPCertGetter)(nil) ) diff --git a/modules/caddytls/distributedstek/distributedstek.go b/modules/caddytls/distributedstek/distributedstek.go index e76fc47..18ed694 100644 --- a/modules/caddytls/distributedstek/distributedstek.go +++ b/modules/caddytls/distributedstek/distributedstek.go @@ -26,7 +26,9 @@ import ( "bytes" "encoding/gob" "encoding/json" + "errors" "fmt" + "io/fs" "log" "runtime/debug" "time" @@ -115,7 +117,7 @@ func (s *Provider) Next(doneChan <-chan struct{}) <-chan [][32]byte { func (s *Provider) loadSTEK() (distributedSTEK, error) { var sg distributedSTEK - gobBytes, err := s.storage.Load(stekFileName) + gobBytes, err := s.storage.Load(s.ctx, stekFileName) if err != nil { return sg, err // don't wrap, in case error is certmagic.ErrNotExist } @@ -133,7 +135,7 @@ func (s *Provider) storeSTEK(dstek distributedSTEK) error { if err != nil { return fmt.Errorf("encoding STEK gob: %v", err) } - err = s.storage.Store(stekFileName, buf.Bytes()) + err = s.storage.Store(s.ctx, stekFileName, buf.Bytes()) if err != nil { return fmt.Errorf("storing STEK gob: %v", err) } @@ -151,11 +153,11 @@ func (s *Provider) getSTEK() (distributedSTEK, error) { } //nolint:errcheck - defer s.storage.Unlock(stekLockName) + defer s.storage.Unlock(s.ctx, stekLockName) // load the current STEKs from storage dstek, err := s.loadSTEK() - if _, isNotExist := err.(certmagic.ErrNotExist); isNotExist { + if errors.Is(err, fs.ErrNotExist) { // if there is none, then make some right away dstek, err = s.rotateKeys(dstek) if err != nil { diff --git a/modules/caddytls/storageloader.go b/modules/caddytls/storageloader.go index e78996f..ef9d51e 100644 --- a/modules/caddytls/storageloader.go +++ b/modules/caddytls/storageloader.go @@ -35,6 +35,8 @@ type StorageLoader struct { // Reference to the globally configured storage module. storage certmagic.Storage + + ctx caddy.Context } // CaddyModule returns the Caddy module information. @@ -48,6 +50,7 @@ func (StorageLoader) CaddyModule() caddy.ModuleInfo { // Provision loads the storage module for sl. func (sl *StorageLoader) Provision(ctx caddy.Context) error { sl.storage = ctx.Storage() + sl.ctx = ctx return nil } @@ -55,11 +58,11 @@ func (sl *StorageLoader) Provision(ctx caddy.Context) error { func (sl StorageLoader) LoadCertificates() ([]Certificate, error) { certs := make([]Certificate, 0, len(sl.Pairs)) for _, pair := range sl.Pairs { - certData, err := sl.storage.Load(pair.Certificate) + certData, err := sl.storage.Load(sl.ctx, pair.Certificate) if err != nil { return nil, err } - keyData, err := sl.storage.Load(pair.Key) + keyData, err := sl.storage.Load(sl.ctx, pair.Key) if err != nil { return nil, err } diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 31c559c..9fe30fe 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -199,7 +199,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { return fmt.Errorf("loading certificates: %v", err) } for _, cert := range certs { - err := magic.CacheUnmanagedTLSCertificate(cert.Certificate, cert.Tags) + err := magic.CacheUnmanagedTLSCertificate(ctx, cert.Certificate, cert.Tags) if err != nil { return fmt.Errorf("caching unmanaged certificate: %v", err) } @@ -336,7 +336,7 @@ func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { for _, iss := range ap.magic.Issuers { if am, ok := iss.(acmeCapable); ok { iss := am.GetACMEIssuer() - if certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) { + if certmagic.NewACMEIssuer(iss.magic, iss.template).HandleHTTPChallenge(w, r) { return true } } diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go index a8830a0..a75063b 100644 --- a/modules/caddytls/zerosslissuer.go +++ b/modules/caddytls/zerosslissuer.go @@ -69,12 +69,12 @@ func (iss *ZeroSSLIssuer) Provision(ctx caddy.Context) error { } // newAccountCallback generates EAB if not already provided. It also sets a valid default contact on the account if not set. -func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, am *certmagic.ACMEManager, acct acme.Account) (acme.Account, error) { - if am.ExternalAccount != nil { +func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, acmeIss *certmagic.ACMEIssuer, acct acme.Account) (acme.Account, error) { + if acmeIss.ExternalAccount != nil { return acct, nil } var err error - am.ExternalAccount, acct, err = iss.generateEABCredentials(ctx, acct) + acmeIss.ExternalAccount, acct, err = iss.generateEABCredentials(ctx, acct) return acct, err } @@ -153,7 +153,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context, acct acme. }, acct, nil } -// initialize modifies the template for the underlying ACMEManager +// initialize modifies the template for the underlying ACMEIssuer // values by setting the CA endpoint to the ZeroSSL directory and // setting the NewAccountFunc callback to one which allows us to // generate EAB credentials only if a new account is being made. |