MCPcopy
hub / github.com/caddyserver/caddy / newBaseAutomationPolicy

Function newBaseAutomationPolicy

caddyconfig/httpcaddyfile/tlsapp.go:903–965  ·  view source on GitHub ↗

newBaseAutomationPolicy returns a new TLS automation policy that gets its values from the global options map. It should be used as the base for any other automation policies. A nil policy (and no error) will be returned if there are no default/global options. However, if always is true, a non-nil va

(
	options map[string]any,
	_ []caddyconfig.Warning,
	always bool,
)

Source from the content-addressed store, hash-verified

901// returned if there are no default/global options. However, if always is
902// true, a non-nil value will always be returned (unless there is an error).
903func newBaseAutomationPolicy(
904 options map[string]any,
905 _ []caddyconfig.Warning,
906 always bool,
907) (*caddytls.AutomationPolicy, error) {
908 issuers, hasIssuers := options["cert_issuer"]
909 _, hasLocalCerts := options["local_certs"]
910 keyType, hasKeyType := options["key_type"]
911 ocspStapling, hasOCSPStapling := options["ocsp_stapling"]
912 renewalWindowRatio, hasRenewalWindowRatio := options["renewal_window_ratio"]
913 hasGlobalAutomationOpts := hasIssuers || hasLocalCerts || hasKeyType || hasOCSPStapling || hasRenewalWindowRatio
914
915 globalACMECA := options["acme_ca"]
916 globalACMECARoot := options["acme_ca_root"]
917 _, globalACMEDNS := options["acme_dns"] // can be set to nil (to use globally-defined "dns" value instead), but it is still set
918 globalACMEEAB := options["acme_eab"]
919 globalPreferredChains := options["preferred_chains"]
920 hasGlobalACMEDefaults := globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS || globalACMEEAB != nil || globalPreferredChains != nil
921
922 // if there are no global options related to automation policies
923 // set, then we can just return right away
924 if !hasGlobalAutomationOpts && !hasGlobalACMEDefaults {
925 if always {
926 return new(caddytls.AutomationPolicy), nil
927 }
928 return nil, nil
929 }
930
931 ap := new(caddytls.AutomationPolicy)
932 if hasKeyType {
933 ap.KeyType = keyType.(string)
934 }
935
936 if hasIssuers && hasLocalCerts {
937 return nil, fmt.Errorf("global options are ambiguous: local_certs is confusing when combined with cert_issuer, because local_certs is also a specific kind of issuer")
938 }
939
940 if hasIssuers {
941 ap.Issuers = issuers.([]certmagic.Issuer)
942 } else if hasLocalCerts {
943 ap.Issuers = []certmagic.Issuer{new(caddytls.InternalIssuer)}
944 }
945
946 if hasGlobalACMEDefaults {
947 for i := range ap.Issuers {
948 if err := fillInGlobalACMEDefaults(ap.Issuers[i], options); err != nil {
949 return nil, fmt.Errorf("filling in global issuer defaults for issuer %d: %v", i, err)
950 }
951 }
952 }
953
954 if hasOCSPStapling {
955 ocspConfig := ocspStapling.(certmagic.OCSPConfig)
956 ap.DisableOCSPStapling = ocspConfig.DisableStapling
957 ap.OCSPOverrides = ocspConfig.ResponderOverrides
958 }
959
960 if hasRenewalWindowRatio {

Callers 1

buildTLSAppMethod · 0.85

Calls 1

fillInGlobalACMEDefaultsFunction · 0.85

Tested by

no test coverage detected