(issuer certmagic.Issuer, options map[string]any)
| 514 | type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer } |
| 515 | |
| 516 | func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]any) error { |
| 517 | acmeWrapper, ok := issuer.(acmeCapable) |
| 518 | if !ok { |
| 519 | return nil |
| 520 | } |
| 521 | acmeIssuer := acmeWrapper.GetACMEIssuer() |
| 522 | if acmeIssuer == nil { |
| 523 | return nil |
| 524 | } |
| 525 | |
| 526 | globalEmail := options["email"] |
| 527 | globalACMECA := options["acme_ca"] |
| 528 | globalACMECARoot := options["acme_ca_root"] |
| 529 | globalACMEDNS, globalACMEDNSok := options["acme_dns"] // can be set to nil (to use globally-defined "dns" value instead), but it is still set |
| 530 | globalACMEEAB := options["acme_eab"] |
| 531 | globalPreferredChains := options["preferred_chains"] |
| 532 | globalCertLifetime := options["cert_lifetime"] |
| 533 | globalHTTPPort, globalHTTPSPort := options["http_port"], options["https_port"] |
| 534 | globalDefaultBind := options["default_bind"] |
| 535 | |
| 536 | if globalEmail != nil && acmeIssuer.Email == "" { |
| 537 | acmeIssuer.Email = globalEmail.(string) |
| 538 | } |
| 539 | if globalACMECA != nil && acmeIssuer.CA == "" { |
| 540 | acmeIssuer.CA = globalACMECA.(string) |
| 541 | } |
| 542 | if globalACMECARoot != nil && !slices.Contains(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string)) { |
| 543 | acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string)) |
| 544 | } |
| 545 | if globalACMEDNSok && (acmeIssuer.Challenges == nil || acmeIssuer.Challenges.DNS == nil || acmeIssuer.Challenges.DNS.ProviderRaw == nil) { |
| 546 | globalDNS := options["dns"] |
| 547 | if globalDNS == nil && globalACMEDNS == nil { |
| 548 | return fmt.Errorf("acme_dns specified without DNS provider config, but no provider specified with 'dns' global option") |
| 549 | } |
| 550 | if acmeIssuer.Challenges == nil { |
| 551 | acmeIssuer.Challenges = new(caddytls.ChallengesConfig) |
| 552 | } |
| 553 | if acmeIssuer.Challenges.DNS == nil { |
| 554 | acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) |
| 555 | } |
| 556 | if globalACMEDNS != nil && acmeIssuer.Challenges.DNS.ProviderRaw == nil { |
| 557 | // Set a global DNS provider if `acme_dns` is set |
| 558 | acmeIssuer.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(globalACMEDNS, "name", globalACMEDNS.(caddy.Module).CaddyModule().ID.Name(), nil) |
| 559 | } |
| 560 | } |
| 561 | if globalACMEEAB != nil && acmeIssuer.ExternalAccount == nil { |
| 562 | acmeIssuer.ExternalAccount = globalACMEEAB.(*acme.EAB) |
| 563 | } |
| 564 | if globalPreferredChains != nil && acmeIssuer.PreferredChains == nil { |
| 565 | acmeIssuer.PreferredChains = globalPreferredChains.(*caddytls.ChainPreference) |
| 566 | } |
| 567 | // only configure alt HTTP and TLS-ALPN ports if the DNS challenge is not enabled (wouldn't hurt, but isn't necessary since the DNS challenge is exclusive of others) |
| 568 | if globalHTTPPort != nil && (acmeIssuer.Challenges == nil || acmeIssuer.Challenges.DNS == nil) && (acmeIssuer.Challenges == nil || acmeIssuer.Challenges.HTTP == nil || acmeIssuer.Challenges.HTTP.AlternatePort == 0) { |
| 569 | if acmeIssuer.Challenges == nil { |
| 570 | acmeIssuer.Challenges = new(caddytls.ChallengesConfig) |
| 571 | } |
| 572 | if acmeIssuer.Challenges.HTTP == nil { |
| 573 | acmeIssuer.Challenges.HTTP = new(caddytls.HTTPChallengeConfig) |
no test coverage detected