From d06d0e79f839a26ab2cf81b00ba2d180623c57a9 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Fri, 25 Mar 2022 11:28:54 -0600
Subject: go.mod: Upgrade CertMagic to v0.16.0

Includes several breaking changes; code base updated accordingly.

- Added lots of context arguments
- Use fs.ErrNotExist
- Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager
---
 modules/caddytls/acmeissuer.go                      | 14 +++++++-------
 modules/caddytls/automation.go                      |  6 +++---
 modules/caddytls/certmanagers.go                    | 12 ++++++------
 modules/caddytls/distributedstek/distributedstek.go | 10 ++++++----
 modules/caddytls/storageloader.go                   |  7 +++++--
 modules/caddytls/tls.go                             |  4 ++--
 modules/caddytls/zerosslissuer.go                   |  8 ++++----
 7 files changed, 33 insertions(+), 28 deletions(-)

(limited to 'modules/caddytls')

diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
index 48a961f..fd60cc8 100644
--- a/modules/caddytls/acmeissuer.go
+++ b/modules/caddytls/acmeissuer.go
@@ -85,7 +85,7 @@ type ACMEIssuer struct {
 	PreferredChains *ChainPreference `json:"preferred_chains,omitempty"`
 
 	rootPool *x509.CertPool
-	template certmagic.ACMEManager
+	template certmagic.ACMEIssuer
 	magic    *certmagic.Config
 	logger   *zap.Logger
 }
@@ -172,8 +172,8 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error {
 	return nil
 }
 
-func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) {
-	template := certmagic.ACMEManager{
+func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEIssuer, error) {
+	template := certmagic.ACMEIssuer{
 		CA:                iss.CA,
 		TestCA:            iss.TestCA,
 		Email:             iss.Email,
@@ -224,22 +224,22 @@ func (iss *ACMEIssuer) SetConfig(cfg *certmagic.Config) {
 
 // PreCheck implements the certmagic.PreChecker interface.
 func (iss *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error {
-	return certmagic.NewACMEManager(iss.magic, iss.template).PreCheck(ctx, names, interactive)
+	return certmagic.NewACMEIssuer(iss.magic, iss.template).PreCheck(ctx, names, interactive)
 }
 
 // Issue obtains a certificate for the given csr.
 func (iss *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) {
-	return certmagic.NewACMEManager(iss.magic, iss.template).Issue(ctx, csr)
+	return certmagic.NewACMEIssuer(iss.magic, iss.template).Issue(ctx, csr)
 }
 
 // IssuerKey returns the unique issuer key for the configured CA endpoint.
 func (iss *ACMEIssuer) IssuerKey() string {
-	return certmagic.NewACMEManager(iss.magic, iss.template).IssuerKey()
+	return certmagic.NewACMEIssuer(iss.magic, iss.template).IssuerKey()
 }
 
 // Revoke revokes the given certificate.
 func (iss *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error {
-	return certmagic.NewACMEManager(iss.magic, iss.template).Revoke(ctx, cert, reason)
+	return certmagic.NewACMEIssuer(iss.magic, iss.template).Revoke(ctx, cert, reason)
 }
 
 // GetACMEIssuer returns iss. This is useful when other types embed ACMEIssuer, because
diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go
index eb97c82..26884bc 100644
--- a/modules/caddytls/automation.go
+++ b/modules/caddytls/automation.go
@@ -141,8 +141,8 @@ type AutomationPolicy struct {
 	// they are only used to populate an underlying certmagic.Config's
 	// fields during provisioning so that the modules can survive a
 	// re-provisioning.
-	Issuers  []certmagic.Issuer             `json:"-"`
-	Managers []certmagic.CertificateManager `json:"-"`
+	Issuers  []certmagic.Issuer  `json:"-"`
+	Managers []certmagic.Manager `json:"-"`
 
 	magic   *certmagic.Config
 	storage certmagic.Storage
@@ -199,7 +199,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error {
 			return fmt.Errorf("loading external certificate manager modules: %v", err)
 		}
 		for _, getCertVal := range vals.([]interface{}) {
-			ap.Managers = append(ap.Managers, getCertVal.(certmagic.CertificateManager))
+			ap.Managers = append(ap.Managers, getCertVal.(certmagic.Manager))
 		}
 	}
 
diff --git a/modules/caddytls/certmanagers.go b/modules/caddytls/certmanagers.go
index 653e9f5..8c8d701 100644
--- a/modules/caddytls/certmanagers.go
+++ b/modules/caddytls/certmanagers.go
@@ -198,11 +198,11 @@ func (hcg *HTTPCertGetter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 
 // Interface guards
 var (
-	_ certmagic.CertificateManager = (*Tailscale)(nil)
-	_ caddy.Provisioner            = (*Tailscale)(nil)
-	_ caddyfile.Unmarshaler        = (*Tailscale)(nil)
+	_ certmagic.Manager     = (*Tailscale)(nil)
+	_ caddy.Provisioner     = (*Tailscale)(nil)
+	_ caddyfile.Unmarshaler = (*Tailscale)(nil)
 
-	_ certmagic.CertificateManager = (*HTTPCertGetter)(nil)
-	_ caddy.Provisioner            = (*HTTPCertGetter)(nil)
-	_ caddyfile.Unmarshaler        = (*HTTPCertGetter)(nil)
+	_ certmagic.Manager     = (*HTTPCertGetter)(nil)
+	_ caddy.Provisioner     = (*HTTPCertGetter)(nil)
+	_ caddyfile.Unmarshaler = (*HTTPCertGetter)(nil)
 )
diff --git a/modules/caddytls/distributedstek/distributedstek.go b/modules/caddytls/distributedstek/distributedstek.go
index e76fc47..18ed694 100644
--- a/modules/caddytls/distributedstek/distributedstek.go
+++ b/modules/caddytls/distributedstek/distributedstek.go
@@ -26,7 +26,9 @@ import (
 	"bytes"
 	"encoding/gob"
 	"encoding/json"
+	"errors"
 	"fmt"
+	"io/fs"
 	"log"
 	"runtime/debug"
 	"time"
@@ -115,7 +117,7 @@ func (s *Provider) Next(doneChan <-chan struct{}) <-chan [][32]byte {
 
 func (s *Provider) loadSTEK() (distributedSTEK, error) {
 	var sg distributedSTEK
-	gobBytes, err := s.storage.Load(stekFileName)
+	gobBytes, err := s.storage.Load(s.ctx, stekFileName)
 	if err != nil {
 		return sg, err // don't wrap, in case error is certmagic.ErrNotExist
 	}
@@ -133,7 +135,7 @@ func (s *Provider) storeSTEK(dstek distributedSTEK) error {
 	if err != nil {
 		return fmt.Errorf("encoding STEK gob: %v", err)
 	}
-	err = s.storage.Store(stekFileName, buf.Bytes())
+	err = s.storage.Store(s.ctx, stekFileName, buf.Bytes())
 	if err != nil {
 		return fmt.Errorf("storing STEK gob: %v", err)
 	}
@@ -151,11 +153,11 @@ func (s *Provider) getSTEK() (distributedSTEK, error) {
 	}
 
 	//nolint:errcheck
-	defer s.storage.Unlock(stekLockName)
+	defer s.storage.Unlock(s.ctx, stekLockName)
 
 	// load the current STEKs from storage
 	dstek, err := s.loadSTEK()
-	if _, isNotExist := err.(certmagic.ErrNotExist); isNotExist {
+	if errors.Is(err, fs.ErrNotExist) {
 		// if there is none, then make some right away
 		dstek, err = s.rotateKeys(dstek)
 		if err != nil {
diff --git a/modules/caddytls/storageloader.go b/modules/caddytls/storageloader.go
index e78996f..ef9d51e 100644
--- a/modules/caddytls/storageloader.go
+++ b/modules/caddytls/storageloader.go
@@ -35,6 +35,8 @@ type StorageLoader struct {
 
 	// Reference to the globally configured storage module.
 	storage certmagic.Storage
+
+	ctx caddy.Context
 }
 
 // CaddyModule returns the Caddy module information.
@@ -48,6 +50,7 @@ func (StorageLoader) CaddyModule() caddy.ModuleInfo {
 // Provision loads the storage module for sl.
 func (sl *StorageLoader) Provision(ctx caddy.Context) error {
 	sl.storage = ctx.Storage()
+	sl.ctx = ctx
 	return nil
 }
 
@@ -55,11 +58,11 @@ func (sl *StorageLoader) Provision(ctx caddy.Context) error {
 func (sl StorageLoader) LoadCertificates() ([]Certificate, error) {
 	certs := make([]Certificate, 0, len(sl.Pairs))
 	for _, pair := range sl.Pairs {
-		certData, err := sl.storage.Load(pair.Certificate)
+		certData, err := sl.storage.Load(sl.ctx, pair.Certificate)
 		if err != nil {
 			return nil, err
 		}
-		keyData, err := sl.storage.Load(pair.Key)
+		keyData, err := sl.storage.Load(sl.ctx, pair.Key)
 		if err != nil {
 			return nil, err
 		}
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 31c559c..9fe30fe 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -199,7 +199,7 @@ func (t *TLS) Provision(ctx caddy.Context) error {
 			return fmt.Errorf("loading certificates: %v", err)
 		}
 		for _, cert := range certs {
-			err := magic.CacheUnmanagedTLSCertificate(cert.Certificate, cert.Tags)
+			err := magic.CacheUnmanagedTLSCertificate(ctx, cert.Certificate, cert.Tags)
 			if err != nil {
 				return fmt.Errorf("caching unmanaged certificate: %v", err)
 			}
@@ -336,7 +336,7 @@ func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool {
 	for _, iss := range ap.magic.Issuers {
 		if am, ok := iss.(acmeCapable); ok {
 			iss := am.GetACMEIssuer()
-			if certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) {
+			if certmagic.NewACMEIssuer(iss.magic, iss.template).HandleHTTPChallenge(w, r) {
 				return true
 			}
 		}
diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go
index a8830a0..a75063b 100644
--- a/modules/caddytls/zerosslissuer.go
+++ b/modules/caddytls/zerosslissuer.go
@@ -69,12 +69,12 @@ func (iss *ZeroSSLIssuer) Provision(ctx caddy.Context) error {
 }
 
 // newAccountCallback generates EAB if not already provided. It also sets a valid default contact on the account if not set.
-func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, am *certmagic.ACMEManager, acct acme.Account) (acme.Account, error) {
-	if am.ExternalAccount != nil {
+func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, acmeIss *certmagic.ACMEIssuer, acct acme.Account) (acme.Account, error) {
+	if acmeIss.ExternalAccount != nil {
 		return acct, nil
 	}
 	var err error
-	am.ExternalAccount, acct, err = iss.generateEABCredentials(ctx, acct)
+	acmeIss.ExternalAccount, acct, err = iss.generateEABCredentials(ctx, acct)
 	return acct, err
 }
 
@@ -153,7 +153,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context, acct acme.
 	}, acct, nil
 }
 
-// initialize modifies the template for the underlying ACMEManager
+// initialize modifies the template for the underlying ACMEIssuer
 // values by setting the CA endpoint to the ZeroSSL directory and
 // setting the NewAccountFunc callback to one which allows us to
 // generate EAB credentials only if a new account is being made.
-- 
cgit v1.2.3