( pairings []sbAddrAssociation, options map[string]any, warnings []caddyconfig.Warning, )
| 195 | } |
| 196 | |
| 197 | func (st ServerType) buildPKIApp( |
| 198 | pairings []sbAddrAssociation, |
| 199 | options map[string]any, |
| 200 | warnings []caddyconfig.Warning, |
| 201 | ) (*caddypki.PKI, []caddyconfig.Warning, error) { |
| 202 | skipInstallTrust := false |
| 203 | if _, ok := options["skip_install_trust"]; ok { |
| 204 | skipInstallTrust = true |
| 205 | } |
| 206 | |
| 207 | // check if auto_https is off - in that case we should not create |
| 208 | // any PKI infrastructure even with skip_install_trust directive |
| 209 | autoHTTPS := []string{} |
| 210 | if ah, ok := options["auto_https"].([]string); ok { |
| 211 | autoHTTPS = ah |
| 212 | } |
| 213 | autoHTTPSOff := slices.Contains(autoHTTPS, "off") |
| 214 | |
| 215 | falseBool := false |
| 216 | |
| 217 | // Load the PKI app configured via global options |
| 218 | var pkiApp *caddypki.PKI |
| 219 | unwrappedPki, ok := options["pki"].(*caddypki.PKI) |
| 220 | if ok { |
| 221 | pkiApp = unwrappedPki |
| 222 | } else { |
| 223 | pkiApp = &caddypki.PKI{CAs: make(map[string]*caddypki.CA)} |
| 224 | } |
| 225 | for _, ca := range pkiApp.CAs { |
| 226 | if skipInstallTrust { |
| 227 | ca.InstallTrust = &falseBool |
| 228 | } |
| 229 | pkiApp.CAs[ca.ID] = ca |
| 230 | } |
| 231 | |
| 232 | // Add in the CAs configured via directives |
| 233 | for _, p := range pairings { |
| 234 | for _, sblock := range p.serverBlocks { |
| 235 | // find all the CAs that were defined and add them to the app config |
| 236 | // i.e. from any "acme_server" directives |
| 237 | for _, caCfgValue := range sblock.pile["pki.ca"] { |
| 238 | ca := caCfgValue.Value.(*caddypki.CA) |
| 239 | if skipInstallTrust { |
| 240 | ca.InstallTrust = &falseBool |
| 241 | } |
| 242 | |
| 243 | // the CA might already exist from global options, so |
| 244 | // don't overwrite it in that case |
| 245 | if _, ok := pkiApp.CAs[ca.ID]; !ok { |
| 246 | pkiApp.CAs[ca.ID] = ca |
| 247 | } |
| 248 | } |
| 249 | } |
| 250 | } |
| 251 | |
| 252 | // if there was no CAs defined in any of the servers, |
| 253 | // and we were requested to not install trust, then |
| 254 | // add one for the default/local CA to do so |
no outgoing calls
no test coverage detected