newBaseAutomationPolicy returns a new TLS automation policy that gets its values from the global options map. It should be used as the base for any other automation policies. A nil policy (and no error) will be returned if there are no default/global options. However, if always is true, a non-nil va
( options map[string]any, _ []caddyconfig.Warning, always bool, )
| 901 | // returned if there are no default/global options. However, if always is |
| 902 | // true, a non-nil value will always be returned (unless there is an error). |
| 903 | func newBaseAutomationPolicy( |
| 904 | options map[string]any, |
| 905 | _ []caddyconfig.Warning, |
| 906 | always bool, |
| 907 | ) (*caddytls.AutomationPolicy, error) { |
| 908 | issuers, hasIssuers := options["cert_issuer"] |
| 909 | _, hasLocalCerts := options["local_certs"] |
| 910 | keyType, hasKeyType := options["key_type"] |
| 911 | ocspStapling, hasOCSPStapling := options["ocsp_stapling"] |
| 912 | renewalWindowRatio, hasRenewalWindowRatio := options["renewal_window_ratio"] |
| 913 | hasGlobalAutomationOpts := hasIssuers || hasLocalCerts || hasKeyType || hasOCSPStapling || hasRenewalWindowRatio |
| 914 | |
| 915 | globalACMECA := options["acme_ca"] |
| 916 | globalACMECARoot := options["acme_ca_root"] |
| 917 | _, globalACMEDNS := options["acme_dns"] // can be set to nil (to use globally-defined "dns" value instead), but it is still set |
| 918 | globalACMEEAB := options["acme_eab"] |
| 919 | globalPreferredChains := options["preferred_chains"] |
| 920 | hasGlobalACMEDefaults := globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS || globalACMEEAB != nil || globalPreferredChains != nil |
| 921 | |
| 922 | // if there are no global options related to automation policies |
| 923 | // set, then we can just return right away |
| 924 | if !hasGlobalAutomationOpts && !hasGlobalACMEDefaults { |
| 925 | if always { |
| 926 | return new(caddytls.AutomationPolicy), nil |
| 927 | } |
| 928 | return nil, nil |
| 929 | } |
| 930 | |
| 931 | ap := new(caddytls.AutomationPolicy) |
| 932 | if hasKeyType { |
| 933 | ap.KeyType = keyType.(string) |
| 934 | } |
| 935 | |
| 936 | if hasIssuers && hasLocalCerts { |
| 937 | return nil, fmt.Errorf("global options are ambiguous: local_certs is confusing when combined with cert_issuer, because local_certs is also a specific kind of issuer") |
| 938 | } |
| 939 | |
| 940 | if hasIssuers { |
| 941 | ap.Issuers = issuers.([]certmagic.Issuer) |
| 942 | } else if hasLocalCerts { |
| 943 | ap.Issuers = []certmagic.Issuer{new(caddytls.InternalIssuer)} |
| 944 | } |
| 945 | |
| 946 | if hasGlobalACMEDefaults { |
| 947 | for i := range ap.Issuers { |
| 948 | if err := fillInGlobalACMEDefaults(ap.Issuers[i], options); err != nil { |
| 949 | return nil, fmt.Errorf("filling in global issuer defaults for issuer %d: %v", i, err) |
| 950 | } |
| 951 | } |
| 952 | } |
| 953 | |
| 954 | if hasOCSPStapling { |
| 955 | ocspConfig := ocspStapling.(certmagic.OCSPConfig) |
| 956 | ap.DisableOCSPStapling = ocspConfig.DisableStapling |
| 957 | ap.OCSPOverrides = ocspConfig.ResponderOverrides |
| 958 | } |
| 959 | |
| 960 | if hasRenewalWindowRatio { |
no test coverage detected