From ecd5eeab3857a0d6903a85bf52183171bda1920c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 3 Jun 2021 12:18:25 -0600 Subject: go.mod: Update direct dependencies --- modules/caddyhttp/celmatcher.go | 4 +--- modules/caddypki/acmeserver/acmeserver.go | 23 +++++++++++++++-------- modules/caddytls/internalissuer.go | 4 +--- 3 files changed, 17 insertions(+), 14 deletions(-) (limited to 'modules') diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index bab0a07..d7d55d8 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -35,7 +35,6 @@ import ( "github.com/google/cel-go/interpreter/functions" exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" "google.golang.org/protobuf/proto" - timestamp "google.golang.org/protobuf/types/known/timestamppb" ) func init() { @@ -231,8 +230,7 @@ func (celTypeAdapter) NativeToValue(value interface{}) ref.Val { case pkix.Name: return celPkixName{&v} case time.Time: - // TODO: eliminate direct protobuf dependency, sigh -- just wrap stdlib time.Time instead... - return types.Timestamp{Timestamp: ×tamp.Timestamp{Seconds: v.Unix(), Nanos: int32(v.Nanosecond())}} + return types.Timestamp{Time: v} case error: types.NewErr(v.Error()) } diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index f5c013b..e6399ea 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -29,6 +29,7 @@ import ( "github.com/go-chi/chi" "github.com/smallstep/certificates/acme" acmeAPI "github.com/smallstep/certificates/acme/api" + acmeNoSQL "github.com/smallstep/certificates/acme/db/nosql" "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" @@ -138,17 +139,23 @@ func (ash *Handler) Provision(ctx caddy.Context) error { return err } - acmeAuth, err := acme.New(auth, acme.AuthorityOptions{ - DB: auth.GetDatabase().(nosql.DB), // stores all the server state - DNS: ash.Host, // used for directory links; TODO: not needed - Prefix: strings.Trim(ash.PathPrefix, "/"), // used for directory links - }) - if err != nil { - return err + var acmeDB acme.DB + if authorityConfig.DB != nil { + acmeDB, err = acmeNoSQL.New(auth.GetDatabase().(nosql.DB)) + if err != nil { + return fmt.Errorf("configuring ACME DB: %v", err) + } } // create the router for the ACME endpoints - acmeRouterHandler := acmeAPI.New(acmeAuth) + acmeRouterHandler := acmeAPI.NewHandler(acmeAPI.HandlerOptions{ + CA: auth, + DB: acmeDB, // stores all the server state + DNS: ash.Host, // used for directory links; TODO: not needed (follow-up upstream with step-ca) + Prefix: ash.PathPrefix, // used for directory links + }) + + // extract its http.Handler so we can use it directly r := chi.NewRouter() r.Route(ash.PathPrefix, func(r chi.Router) { acmeRouterHandler.Route(r) diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index a6ae587..7a25f6d 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -175,9 +175,7 @@ func (d customCertLifetime) Modify(cert *x509.Certificate, _ provisioner.SignOpt return nil } -const ( - defaultInternalCertLifetime = 12 * time.Hour -) +const defaultInternalCertLifetime = 12 * time.Hour // Interface guards var ( -- cgit v1.2.3