Provision sets up the CA.
(ctx caddy.Context, id string, log *zap.Logger)
| 97 | |
| 98 | // Provision sets up the CA. |
| 99 | func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error { |
| 100 | ca.mu = new(sync.RWMutex) |
| 101 | ca.log = log.Named("ca." + id) |
| 102 | ca.ctx = ctx |
| 103 | |
| 104 | if id == "" { |
| 105 | return fmt.Errorf("CA ID is required (use 'local' for the default CA)") |
| 106 | } |
| 107 | ca.mu.Lock() |
| 108 | ca.ID = id |
| 109 | ca.mu.Unlock() |
| 110 | |
| 111 | if ca.StorageRaw != nil { |
| 112 | val, err := ctx.LoadModule(ca, "StorageRaw") |
| 113 | if err != nil { |
| 114 | return fmt.Errorf("loading storage module: %v", err) |
| 115 | } |
| 116 | cmStorage, err := val.(caddy.StorageConverter).CertMagicStorage() |
| 117 | if err != nil { |
| 118 | return fmt.Errorf("creating storage configuration: %v", err) |
| 119 | } |
| 120 | ca.storage = cmStorage |
| 121 | } |
| 122 | if ca.storage == nil { |
| 123 | ca.storage = ctx.Storage() |
| 124 | } |
| 125 | |
| 126 | if ca.Name == "" { |
| 127 | ca.Name = defaultCAName |
| 128 | } |
| 129 | if ca.RootCommonName == "" { |
| 130 | ca.RootCommonName = defaultRootCommonName |
| 131 | } |
| 132 | if ca.IntermediateCommonName == "" { |
| 133 | ca.IntermediateCommonName = defaultIntermediateCommonName |
| 134 | } |
| 135 | if ca.IntermediateLifetime == 0 { |
| 136 | ca.IntermediateLifetime = caddy.Duration(defaultIntermediateLifetime) |
| 137 | } |
| 138 | if ca.MaintenanceInterval == 0 { |
| 139 | ca.MaintenanceInterval = caddy.Duration(defaultMaintenanceInterval) |
| 140 | } |
| 141 | if ca.RenewalWindowRatio <= 0 || ca.RenewalWindowRatio > 1 { |
| 142 | ca.RenewalWindowRatio = defaultRenewalWindowRatio |
| 143 | } |
| 144 | |
| 145 | // load the certs and key that will be used for signing |
| 146 | var rootCert *x509.Certificate |
| 147 | var rootCertChain, interCertChain []*x509.Certificate |
| 148 | var rootKey, interKey crypto.Signer |
| 149 | var err error |
| 150 | if ca.Root != nil { |
| 151 | if ca.Root.Format == "" || ca.Root.Format == "pem_file" { |
| 152 | ca.rootCertPath = ca.Root.Certificate |
| 153 | } |
| 154 | rootCertChain, rootKey, err = ca.Root.Load() |
| 155 | rootCert = rootCertChain[0] |
| 156 | } else { |