| 697 | } |
| 698 | |
| 699 | func ParseCaddyfilePreferredChainsOptions(d *caddyfile.Dispenser) (*ChainPreference, error) { |
| 700 | chainPref := new(ChainPreference) |
| 701 | if d.NextArg() { |
| 702 | smallestOpt := d.Val() |
| 703 | if smallestOpt == "smallest" { |
| 704 | trueBool := true |
| 705 | chainPref.Smallest = &trueBool |
| 706 | if d.NextArg() { // Only one argument allowed |
| 707 | return nil, d.ArgErr() |
| 708 | } |
| 709 | if d.NextBlock(d.Nesting()) { // Don't allow other options when smallest == true |
| 710 | return nil, d.Err("No more options are accepted when using the 'smallest' option") |
| 711 | } |
| 712 | } else { // Smallest option should always be 'smallest' or unset |
| 713 | return nil, d.Errf("Invalid argument '%s'", smallestOpt) |
| 714 | } |
| 715 | } |
| 716 | for nesting := d.Nesting(); d.NextBlock(nesting); { |
| 717 | switch d.Val() { |
| 718 | case "root_common_name": |
| 719 | rootCommonNameOpt := d.RemainingArgs() |
| 720 | chainPref.RootCommonName = append(chainPref.RootCommonName, rootCommonNameOpt...) |
| 721 | if rootCommonNameOpt == nil { |
| 722 | return nil, d.ArgErr() |
| 723 | } |
| 724 | if chainPref.AnyCommonName != nil { |
| 725 | return nil, d.Err("Can't set root_common_name when any_common_name is already set") |
| 726 | } |
| 727 | |
| 728 | case "any_common_name": |
| 729 | anyCommonNameOpt := d.RemainingArgs() |
| 730 | chainPref.AnyCommonName = append(chainPref.AnyCommonName, anyCommonNameOpt...) |
| 731 | if anyCommonNameOpt == nil { |
| 732 | return nil, d.ArgErr() |
| 733 | } |
| 734 | if chainPref.RootCommonName != nil { |
| 735 | return nil, d.Err("Can't set any_common_name when root_common_name is already set") |
| 736 | } |
| 737 | |
| 738 | default: |
| 739 | return nil, d.Errf("Received unrecognized parameter '%s'", d.Val()) |
| 740 | } |
| 741 | } |
| 742 | |
| 743 | if chainPref.Smallest == nil && chainPref.RootCommonName == nil && chainPref.AnyCommonName == nil { |
| 744 | return nil, d.Err("No options for preferred_chains received") |
| 745 | } |
| 746 | |
| 747 | return chainPref, nil |
| 748 | } |
| 749 | |
| 750 | // ChainPreference describes the client's preferred certificate chain, |
| 751 | // useful if the CA offers alternate chains. The first matching chain |