Provision sets up the ACME server handler.
(ctx caddy.Context)
| 122 | |
| 123 | // Provision sets up the ACME server handler. |
| 124 | func (ash *Handler) Provision(ctx caddy.Context) error { |
| 125 | ash.ctx = ctx |
| 126 | ash.logger = ctx.Logger() |
| 127 | |
| 128 | // set some defaults |
| 129 | if ash.CA == "" { |
| 130 | ash.CA = caddypki.DefaultCAID |
| 131 | } |
| 132 | if ash.PathPrefix == "" { |
| 133 | ash.PathPrefix = defaultPathPrefix |
| 134 | } |
| 135 | if ash.Lifetime == 0 { |
| 136 | ash.Lifetime = caddy.Duration(12 * time.Hour) |
| 137 | } |
| 138 | if len(ash.Challenges) > 0 { |
| 139 | if err := ash.Challenges.validate(); err != nil { |
| 140 | return err |
| 141 | } |
| 142 | } |
| 143 | |
| 144 | ash.warnIfPolicyAllowsAll() |
| 145 | |
| 146 | // get a reference to the configured CA |
| 147 | appModule, err := ctx.App("pki") |
| 148 | if err != nil { |
| 149 | return err |
| 150 | } |
| 151 | pkiApp := appModule.(*caddypki.PKI) |
| 152 | ca, err := pkiApp.GetCA(ctx, ash.CA) |
| 153 | if err != nil { |
| 154 | return err |
| 155 | } |
| 156 | |
| 157 | // make sure leaf cert lifetime is less than the intermediate cert lifetime. this check only |
| 158 | // applies for caddy-managed intermediate certificates |
| 159 | if ca.Intermediate == nil && ash.Lifetime >= ca.IntermediateLifetime { |
| 160 | return fmt.Errorf("certificate lifetime (%s) should be less than intermediate certificate lifetime (%s)", time.Duration(ash.Lifetime), time.Duration(ca.IntermediateLifetime)) |
| 161 | } |
| 162 | |
| 163 | database, err := ash.openDatabase() |
| 164 | if err != nil { |
| 165 | return err |
| 166 | } |
| 167 | |
| 168 | authorityConfig := caddypki.AuthorityConfig{ |
| 169 | SignWithRoot: ash.SignWithRoot, |
| 170 | AuthConfig: &authority.AuthConfig{ |
| 171 | Provisioners: provisioner.List{ |
| 172 | &provisioner.ACME{ |
| 173 | Name: ash.CA, |
| 174 | Challenges: ash.Challenges.toSmallstepType(), |
| 175 | Options: &provisioner.Options{ |
| 176 | X509: ash.Policy.normalizeRules(), |
| 177 | }, |
| 178 | Type: provisioner.TypeACME.String(), |
| 179 | Claims: &provisioner.Claims{ |
| 180 | MinTLSDur: &provisioner.Duration{Duration: 5 * time.Minute}, |
| 181 | MaxTLSDur: &provisioner.Duration{Duration: 24 * time.Hour * 365}, |
nothing calls this directly
no test coverage detected