(r *http.Request)
| 172 | } |
| 173 | |
| 174 | func (a *adminAPI) getCAFromAPIRequestPath(r *http.Request) (*CA, error) { |
| 175 | // Grab the CA ID from the request path, it should be the 4th segment (/pki/ca/<ca>) |
| 176 | id := strings.Split(r.URL.Path, "/")[3] |
| 177 | if id == "" { |
| 178 | return nil, caddy.APIError{ |
| 179 | HTTPStatus: http.StatusBadRequest, |
| 180 | Err: fmt.Errorf("missing CA in path"), |
| 181 | } |
| 182 | } |
| 183 | |
| 184 | // Find the CA by ID, if PKI is configured |
| 185 | var ca *CA |
| 186 | var ok bool |
| 187 | if a.pkiApp != nil { |
| 188 | ca, ok = a.pkiApp.CAs[id] |
| 189 | } |
| 190 | |
| 191 | // If we didn't find the CA, and PKI is not configured |
| 192 | // then we'll either error out if the CA ID is not the |
| 193 | // default. If the CA ID is the default, then we'll |
| 194 | // provision it, because the user probably aims to |
| 195 | // change their config to enable PKI immediately after |
| 196 | // if they actually requested the local CA ID. |
| 197 | if !ok { |
| 198 | if id != DefaultCAID { |
| 199 | return nil, caddy.APIError{ |
| 200 | HTTPStatus: http.StatusNotFound, |
| 201 | Err: fmt.Errorf("no certificate authority configured with id: %s", id), |
| 202 | } |
| 203 | } |
| 204 | |
| 205 | // Provision the default CA, which generates and stores a root |
| 206 | // certificate in storage, if one doesn't already exist. |
| 207 | ca = new(CA) |
| 208 | err := ca.Provision(a.ctx, id, a.log) |
| 209 | if err != nil { |
| 210 | return nil, caddy.APIError{ |
| 211 | HTTPStatus: http.StatusInternalServerError, |
| 212 | Err: fmt.Errorf("failed to provision CA %s, %w", id, err), |
| 213 | } |
| 214 | } |
| 215 | } |
| 216 | |
| 217 | return ca, nil |
| 218 | } |
| 219 | |
| 220 | func rootAndIntermediatePEM(ca *CA) (root, inter []byte, err error) { |
| 221 | root, err = pemEncodeCert(ca.RootCertificate().Raw) |
no test coverage detected