MCPcopy
hub / github.com/caddyserver/caddy / Provision

Method Provision

modules/caddytls/capools.go:660–715  ·  view source on GitHub ↗

Provision implements caddy.Provisioner.

(ctx caddy.Context)

Source from the content-addressed store, hash-verified

658
659// Provision implements caddy.Provisioner.
660func (hcp *HTTPCertPool) Provision(ctx caddy.Context) error {
661 caPool := x509.NewCertPool()
662 var certs []*x509.Certificate
663
664 customTransport := http.DefaultTransport.(*http.Transport).Clone()
665 if hcp.TLS != nil {
666 tlsConfig, err := hcp.TLS.makeTLSClientConfig(ctx)
667 if err != nil {
668 return err
669 }
670 customTransport.TLSClientConfig = tlsConfig
671 }
672
673 httpClient := *http.DefaultClient
674 httpClient.Transport = customTransport
675
676 for _, uri := range hcp.Endpoints {
677 req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil)
678 if err != nil {
679 return err
680 }
681 res, err := httpClient.Do(req) //nolint:gosec // SSRF false positive... uri comes from config
682 if err != nil {
683 return err
684 }
685 pembs, err := io.ReadAll(res.Body)
686 res.Body.Close()
687 if err != nil {
688 return err
689 }
690 if res.StatusCode < 200 || res.StatusCode >= 300 {
691 return fmt.Errorf("HTTP %d fetching CA certificate bundle from %s", res.StatusCode, uri)
692 }
693 // Parse PEM to extract certificates
694 pemData := pembs
695 for len(pemData) > 0 {
696 var block *pem.Block
697 block, pemData = pem.Decode(pemData)
698 if block == nil {
699 break
700 }
701 if block.Type != "CERTIFICATE" {
702 continue
703 }
704 cert, err := x509.ParseCertificate(block.Bytes)
705 if err != nil {
706 return fmt.Errorf("parsing certificate from URL %s: %v", uri, err)
707 }
708 caPool.AddCert(cert)
709 certs = append(certs, cert)
710 }
711 }
712 hcp.pool = caPool
713 hcp.certs = certs
714 return nil
715}
716
717// Syntax:

Callers

nothing calls this directly

Calls 4

makeTLSClientConfigMethod · 0.80
DoMethod · 0.80
CloneMethod · 0.45
CloseMethod · 0.45

Tested by

no test coverage detected