MCPcopy
hub / github.com/caddyserver/caddy / Provision

Method Provision

modules/caddypki/acmeserver/acmeserver.go:124–218  ·  view source on GitHub ↗

Provision sets up the ACME server handler.

(ctx caddy.Context)

Source from the content-addressed store, hash-verified

122
123// Provision sets up the ACME server handler.
124func (ash *Handler) Provision(ctx caddy.Context) error {
125 ash.ctx = ctx
126 ash.logger = ctx.Logger()
127
128 // set some defaults
129 if ash.CA == "" {
130 ash.CA = caddypki.DefaultCAID
131 }
132 if ash.PathPrefix == "" {
133 ash.PathPrefix = defaultPathPrefix
134 }
135 if ash.Lifetime == 0 {
136 ash.Lifetime = caddy.Duration(12 * time.Hour)
137 }
138 if len(ash.Challenges) > 0 {
139 if err := ash.Challenges.validate(); err != nil {
140 return err
141 }
142 }
143
144 ash.warnIfPolicyAllowsAll()
145
146 // get a reference to the configured CA
147 appModule, err := ctx.App("pki")
148 if err != nil {
149 return err
150 }
151 pkiApp := appModule.(*caddypki.PKI)
152 ca, err := pkiApp.GetCA(ctx, ash.CA)
153 if err != nil {
154 return err
155 }
156
157 // make sure leaf cert lifetime is less than the intermediate cert lifetime. this check only
158 // applies for caddy-managed intermediate certificates
159 if ca.Intermediate == nil && ash.Lifetime >= ca.IntermediateLifetime {
160 return fmt.Errorf("certificate lifetime (%s) should be less than intermediate certificate lifetime (%s)", time.Duration(ash.Lifetime), time.Duration(ca.IntermediateLifetime))
161 }
162
163 database, err := ash.openDatabase()
164 if err != nil {
165 return err
166 }
167
168 authorityConfig := caddypki.AuthorityConfig{
169 SignWithRoot: ash.SignWithRoot,
170 AuthConfig: &authority.AuthConfig{
171 Provisioners: provisioner.List{
172 &provisioner.ACME{
173 Name: ash.CA,
174 Challenges: ash.Challenges.toSmallstepType(),
175 Options: &provisioner.Options{
176 X509: ash.Policy.normalizeRules(),
177 },
178 Type: provisioner.TypeACME.String(),
179 Claims: &provisioner.Claims{
180 MinTLSDur: &provisioner.Duration{Duration: 5 * time.Minute},
181 MaxTLSDur: &provisioner.Duration{Duration: 24 * time.Hour * 365},

Callers

nothing calls this directly

Calls 12

warnIfPolicyAllowsAllMethod · 0.95
openDatabaseMethod · 0.95
makeClientMethod · 0.95
DurationMethod · 0.80
AppMethod · 0.80
GetCAMethod · 0.80
toSmallstepTypeMethod · 0.80
normalizeRulesMethod · 0.80
NewAuthorityMethod · 0.80
LoggerMethod · 0.45
validateMethod · 0.45
StringMethod · 0.45

Tested by

no test coverage detected