MCPcopy
hub / github.com/caddyserver/caddy / loadOrGenRoot

Method loadOrGenRoot

modules/caddypki/ca.go:274–313  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

272}
273
274func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey crypto.Signer, err error) {
275 if ca.Root != nil {
276 rootChain, rootSigner, err := ca.Root.Load()
277 if err != nil {
278 return nil, nil, err
279 }
280 return rootChain[0], rootSigner, nil
281 }
282 rootCertPEM, err := ca.storage.Load(ca.ctx, ca.storageKeyRootCert())
283 if err != nil {
284 if !errors.Is(err, fs.ErrNotExist) {
285 return nil, nil, fmt.Errorf("loading root cert: %v", err)
286 }
287
288 // TODO: should we require that all or none of the assets are required before overwriting anything?
289 rootCert, rootKey, err = ca.genRoot()
290 if err != nil {
291 return nil, nil, fmt.Errorf("generating root: %v", err)
292 }
293 }
294
295 if rootCert == nil {
296 rootCert, err = pemDecodeCertificate(rootCertPEM)
297 if err != nil {
298 return nil, nil, fmt.Errorf("parsing root certificate PEM: %v", err)
299 }
300 }
301 if rootKey == nil {
302 rootKeyPEM, err := ca.storage.Load(ca.ctx, ca.storageKeyRootKey())
303 if err != nil {
304 return nil, nil, fmt.Errorf("loading root key: %v", err)
305 }
306 rootKey, err = certmagic.PEMDecodePrivateKey(rootKeyPEM)
307 if err != nil {
308 return nil, nil, fmt.Errorf("decoding root key: %v", err)
309 }
310 }
311
312 return rootCert, rootKey, nil
313}
314
315func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey crypto.Signer, err error) {
316 repl := ca.newReplacer()

Callers 3

ProvisionMethod · 0.95
RootKeyMethod · 0.95
renewCertsForCAMethod · 0.80

Calls 5

storageKeyRootCertMethod · 0.95
genRootMethod · 0.95
storageKeyRootKeyMethod · 0.95
pemDecodeCertificateFunction · 0.85
LoadMethod · 0.80

Tested by

no test coverage detected