implicitACMEIssuers returns the issuers to use for ACME-related tls shortcuts such as ca, ca_root, and dns. If any global cert_issuer options configure ACME issuers, those become the templates for the local shortcut configuration; otherwise, default ACME issuers are used.
(h Helper, acmeIssuer *caddytls.ACMEIssuer)
| 617 | // configure ACME issuers, those become the templates for the local shortcut |
| 618 | // configuration; otherwise, default ACME issuers are used. |
| 619 | func implicitACMEIssuers(h Helper, acmeIssuer *caddytls.ACMEIssuer) []certmagic.Issuer { |
| 620 | globalIssuers, _ := h.Option("cert_issuer").([]certmagic.Issuer) |
| 621 | |
| 622 | var implicitIssuers []certmagic.Issuer |
| 623 | for _, issuer := range globalIssuers { |
| 624 | acmeWrapper, ok := issuer.(acmeCapable) |
| 625 | if !ok { |
| 626 | continue |
| 627 | } |
| 628 | baseIssuer := acmeWrapper.GetACMEIssuer() |
| 629 | if baseIssuer == nil { |
| 630 | continue |
| 631 | } |
| 632 | implicitIssuers = append(implicitIssuers, mergeACMEIssuers(baseIssuer, acmeIssuer)) |
| 633 | } |
| 634 | if len(implicitIssuers) > 0 { |
| 635 | return implicitIssuers |
| 636 | } |
| 637 | |
| 638 | // If an ACME CA endpoint was set locally, the user expects to use only that |
| 639 | // CA rather than the usual default fallback issuers. |
| 640 | defaultIssuers := caddytls.DefaultIssuers(acmeIssuer.Email) |
| 641 | if acmeIssuer.CA != "" { |
| 642 | defaultIssuers = []certmagic.Issuer{new(caddytls.ACMEIssuer)} |
| 643 | } |
| 644 | |
| 645 | implicitIssuers = make([]certmagic.Issuer, 0, len(defaultIssuers)) |
| 646 | for _, issuer := range defaultIssuers { |
| 647 | acmeWrapper, ok := issuer.(acmeCapable) |
| 648 | if !ok { |
| 649 | implicitIssuers = append(implicitIssuers, issuer) |
| 650 | continue |
| 651 | } |
| 652 | baseIssuer := acmeWrapper.GetACMEIssuer() |
| 653 | if baseIssuer == nil { |
| 654 | implicitIssuers = append(implicitIssuers, issuer) |
| 655 | continue |
| 656 | } |
| 657 | implicitIssuers = append(implicitIssuers, mergeACMEIssuers(baseIssuer, acmeIssuer)) |
| 658 | } |
| 659 | return implicitIssuers |
| 660 | } |
| 661 | |
| 662 | func mergeACMEIssuers(base, overrides *caddytls.ACMEIssuer) *caddytls.ACMEIssuer { |
| 663 | if base == nil { |
no test coverage detected