From 2d056fbe66849f041a233a0d961639fae3835cbb Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 25 Apr 2019 13:54:48 -0600 Subject: Initial commit of Storage, TLS, and automatic HTTPS implementations --- modules/caddytls/acmemanager.go | 84 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 modules/caddytls/acmemanager.go (limited to 'modules/caddytls/acmemanager.go') diff --git a/modules/caddytls/acmemanager.go b/modules/caddytls/acmemanager.go new file mode 100644 index 0000000..a7a460a --- /dev/null +++ b/modules/caddytls/acmemanager.go @@ -0,0 +1,84 @@ +package caddytls + +import ( + "encoding/json" + "fmt" + + "github.com/go-acme/lego/certcrypto" + + "bitbucket.org/lightcodelabs/caddy2" + "github.com/go-acme/lego/challenge" + "github.com/mholt/certmagic" +) + +func init() { + caddy2.RegisterModule(caddy2.Module{ + Name: "tls.management.acme", + New: func() (interface{}, error) { return new(acmeManagerMaker), nil }, + }) +} + +// ManagerMaker TODO: WIP... +type ManagerMaker interface { + newManager(interactive bool) (certmagic.Manager, error) +} + +// acmeManagerMaker makes an ACME manager +// for managinig certificates using ACME. +type acmeManagerMaker struct { + CA string `json:"ca,omitempty"` + Email string `json:"email,omitempty"` + RenewAhead caddy2.Duration `json:"renew_ahead,omitempty"` + KeyType string `json:"key_type,omitempty"` + ACMETimeout caddy2.Duration `json:"acme_timeout,omitempty"` + MustStaple bool `json:"must_staple,omitempty"` + Challenges ChallengesConfig `json:"challenges"` + OnDemand *OnDemandConfig `json:"on_demand,omitempty"` + Storage json.RawMessage `json:"storage,omitempty"` + + storage certmagic.Storage + keyType certcrypto.KeyType +} + +func (m *acmeManagerMaker) Provision() error { + m.setDefaults() + + // DNS providers + if m.Challenges.DNS != nil { + val, err := caddy2.LoadModuleInline("provider", "tls.dns", m.Challenges.DNS) + if err != nil { + return fmt.Errorf("loading TLS storage module: %s", err) + } + m.Challenges.dns = val.(challenge.Provider) + m.Challenges.DNS = nil // allow GC to deallocate - TODO: Does this help? + } + + // policy-specific storage implementation + if m.Storage != nil { + val, err := caddy2.LoadModuleInline("system", "caddy.storage", m.Storage) + if err != nil { + return fmt.Errorf("loading TLS storage module: %s", err) + } + cmStorage, err := val.(caddy2.StorageConverter).CertMagicStorage() + if err != nil { + return fmt.Errorf("creating TLS storage configuration: %v", err) + } + m.storage = cmStorage + m.Storage = nil // allow GC to deallocate - TODO: Does this help? + } + + return nil +} + +// setDefaults indiscriminately sets all the default values in m. +func (m *acmeManagerMaker) setDefaults() { + m.CA = certmagic.LetsEncryptStagingCA // certmagic.Default.CA // TODO: When not testing, switch to production CA + m.Email = certmagic.Default.Email + m.RenewAhead = caddy2.Duration(certmagic.Default.RenewDurationBefore) + m.keyType = certmagic.Default.KeyType + m.storage = certmagic.Default.Storage +} + +func (m *acmeManagerMaker) newManager(interactive bool) (certmagic.Manager, error) { + return nil, nil +} -- cgit v1.2.3