From 6a14e2c2a8881d5e90f1ee363ec4662a3f87402b Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 30 Jul 2020 15:18:14 -0600 Subject: caddytls: Replace lego with acmez (#3621) * Replace lego with acmez; upgrade CertMagic * Update integration test --- caddyconfig/httpcaddyfile/builtins.go | 14 ++++++++++++++ caddyconfig/httpcaddyfile/options.go | 7 ++++--- caddyconfig/httpcaddyfile/tlsapp.go | 3 ++- 3 files changed, 20 insertions(+), 4 deletions(-) (limited to 'caddyconfig') diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index fde5601..5dbb406 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -29,6 +29,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddytls" + "github.com/mholt/acmez/acme" "go.uber.org/zap/zapcore" ) @@ -262,6 +263,19 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.CA = arg[0] + case "eab": + arg := h.RemainingArgs() + if len(arg) != 2 { + return nil, h.ArgErr() + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + acmeIssuer.ExternalAccount = &acme.EAB{ + KeyID: arg[0], + MACKey: arg[1], + } + case "dns": if !h.NextArg() { return nil, h.ArgErr() diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 2b6b111..f69ca3e 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -20,6 +20,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddytls" + "github.com/mholt/acmez/acme" ) func init() { @@ -182,7 +183,7 @@ func parseOptStorage(d *caddyfile.Dispenser) (interface{}, error) { } func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { - eab := new(caddytls.ExternalAccountBinding) + eab := new(acme.EAB) for d.Next() { if d.NextArg() { return nil, d.ArgErr() @@ -195,11 +196,11 @@ func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { } eab.KeyID = d.Val() - case "hmac": + case "mac_key": if !d.NextArg() { return nil, d.ArgErr() } - eab.HMAC = d.Val() + eab.MACKey = d.Val() default: return nil, d.Errf("unrecognized parameter '%s'", d.Val()) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 029c024..aa3e5be 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -27,6 +27,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddytls" "github.com/caddyserver/certmagic" + "github.com/mholt/acmez/acme" ) func (st ServerType) buildTLSApp( @@ -399,7 +400,7 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon mgr.TrustedRootsPEMFiles = []string{acmeCARoot.(string)} } if acmeEAB != nil { - mgr.ExternalAccount = acmeEAB.(*caddytls.ExternalAccountBinding) + mgr.ExternalAccount = acmeEAB.(*acme.EAB) } if keyType != nil { ap.KeyType = keyType.(string) -- cgit v1.2.3