mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-16 21:56:40 -05:00
caddytls: Reuse issuer between PreCheck and Issue (#4866)
This enables EAB reuse for ZeroSSLIssuer (which is now supported by ZeroSSL).
This commit is contained in:
parent
660c59b6f3
commit
412dcc07d3
3 changed files with 12 additions and 13 deletions
|
@ -85,9 +85,11 @@ type ACMEIssuer struct {
|
||||||
PreferredChains *ChainPreference `json:"preferred_chains,omitempty"`
|
PreferredChains *ChainPreference `json:"preferred_chains,omitempty"`
|
||||||
|
|
||||||
rootPool *x509.CertPool
|
rootPool *x509.CertPool
|
||||||
template certmagic.ACMEIssuer
|
|
||||||
magic *certmagic.Config
|
|
||||||
logger *zap.Logger
|
logger *zap.Logger
|
||||||
|
|
||||||
|
template certmagic.ACMEIssuer // set at Provision
|
||||||
|
magic *certmagic.Config // set at PreCheck
|
||||||
|
issuer *certmagic.ACMEIssuer // set at PreCheck; result of template + magic
|
||||||
}
|
}
|
||||||
|
|
||||||
// CaddyModule returns the Caddy module information.
|
// CaddyModule returns the Caddy module information.
|
||||||
|
@ -217,30 +219,27 @@ func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEIssuer, error) {
|
||||||
// the ConfigSetter interface.
|
// the ConfigSetter interface.
|
||||||
func (iss *ACMEIssuer) SetConfig(cfg *certmagic.Config) {
|
func (iss *ACMEIssuer) SetConfig(cfg *certmagic.Config) {
|
||||||
iss.magic = cfg
|
iss.magic = cfg
|
||||||
|
iss.issuer = certmagic.NewACMEIssuer(cfg, iss.template)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: I kind of hate how each call to these methods needs to
|
|
||||||
// make a new ACME manager to fill in defaults before using; can
|
|
||||||
// we find the right place to do that just once and then re-use?
|
|
||||||
|
|
||||||
// PreCheck implements the certmagic.PreChecker interface.
|
// PreCheck implements the certmagic.PreChecker interface.
|
||||||
func (iss *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error {
|
func (iss *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error {
|
||||||
return certmagic.NewACMEIssuer(iss.magic, iss.template).PreCheck(ctx, names, interactive)
|
return iss.issuer.PreCheck(ctx, names, interactive)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Issue obtains a certificate for the given csr.
|
// Issue obtains a certificate for the given csr.
|
||||||
func (iss *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) {
|
func (iss *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) {
|
||||||
return certmagic.NewACMEIssuer(iss.magic, iss.template).Issue(ctx, csr)
|
return iss.issuer.Issue(ctx, csr)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IssuerKey returns the unique issuer key for the configured CA endpoint.
|
// IssuerKey returns the unique issuer key for the configured CA endpoint.
|
||||||
func (iss *ACMEIssuer) IssuerKey() string {
|
func (iss *ACMEIssuer) IssuerKey() string {
|
||||||
return certmagic.NewACMEIssuer(iss.magic, iss.template).IssuerKey()
|
return iss.issuer.IssuerKey()
|
||||||
}
|
}
|
||||||
|
|
||||||
// Revoke revokes the given certificate.
|
// Revoke revokes the given certificate.
|
||||||
func (iss *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error {
|
func (iss *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error {
|
||||||
return certmagic.NewACMEIssuer(iss.magic, iss.template).Revoke(ctx, cert, reason)
|
return iss.issuer.Revoke(ctx, cert, reason)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetACMEIssuer returns iss. This is useful when other types embed ACMEIssuer, because
|
// GetACMEIssuer returns iss. This is useful when other types embed ACMEIssuer, because
|
||||||
|
|
|
@ -336,7 +336,7 @@ func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool {
|
||||||
for _, iss := range ap.magic.Issuers {
|
for _, iss := range ap.magic.Issuers {
|
||||||
if am, ok := iss.(acmeCapable); ok {
|
if am, ok := iss.(acmeCapable); ok {
|
||||||
iss := am.GetACMEIssuer()
|
iss := am.GetACMEIssuer()
|
||||||
if certmagic.NewACMEIssuer(iss.magic, iss.template).HandleHTTPChallenge(w, r) {
|
if iss.issuer.HandleHTTPChallenge(w, r) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -162,8 +162,8 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context, acct acme.
|
||||||
func (iss *ZeroSSLIssuer) initialize() {
|
func (iss *ZeroSSLIssuer) initialize() {
|
||||||
iss.mu.Lock()
|
iss.mu.Lock()
|
||||||
defer iss.mu.Unlock()
|
defer iss.mu.Unlock()
|
||||||
if iss.template.NewAccountFunc == nil {
|
if iss.ACMEIssuer.issuer.NewAccountFunc == nil {
|
||||||
iss.template.NewAccountFunc = iss.newAccountCallback
|
iss.ACMEIssuer.issuer.NewAccountFunc = iss.newAccountCallback
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue