From 244b839f9813ae68c5527e6aadadaff0642c1a00 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Tue, 31 Mar 2020 17:56:36 -0600
Subject: pki: Add trust subcommand to install root cert (closes #3204)

---
 modules/caddypki/ca.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'modules/caddypki/ca.go')

diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go
index f15883e..21a8bd5 100644
--- a/modules/caddypki/ca.go
+++ b/modules/caddypki/ca.go
@@ -24,6 +24,7 @@ import (
 
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/certmagic"
+	"github.com/smallstep/truststore"
 	"go.uber.org/zap"
 )
 
@@ -323,6 +324,27 @@ func (ca CA) newReplacer() *caddy.Replacer {
 	return repl
 }
 
+// installRoot installs this CA's root certificate into the
+// local trust store(s) if it is not already trusted. The CA
+// must already be provisioned.
+func (ca CA) installRoot() error {
+	// avoid password prompt if already trusted
+	if trusted(ca.root) {
+		ca.log.Info("root certificate is already trusted by system",
+			zap.String("path", ca.rootCertPath))
+		return nil
+	}
+
+	ca.log.Warn("installing root certificate (you might be prompted for password)",
+		zap.String("path", ca.rootCertPath))
+
+	return truststore.Install(ca.root,
+		truststore.WithDebug(),
+		truststore.WithFirefox(),
+		truststore.WithJava(),
+	)
+}
+
 const (
 	defaultCAID                   = "local"
 	defaultCAName                 = "Caddy Local Authority"
-- 
cgit v1.2.3