Loads the PKI app and loads the intermediate certificates into the certificate pool
(ctx caddy.Context)
| 315 | |
| 316 | // Loads the PKI app and loads the intermediate certificates into the certificate pool |
| 317 | func (p *PKIIntermediateCAPool) Provision(ctx caddy.Context) error { |
| 318 | pkiApp, err := ctx.AppIfConfigured("pki") |
| 319 | if err != nil { |
| 320 | return fmt.Errorf("pki_intermediate CA pool requires that a PKI app is configured: %v", err) |
| 321 | } |
| 322 | pki := pkiApp.(*caddypki.PKI) |
| 323 | for _, caID := range p.Authority { |
| 324 | c, err := pki.GetCA(ctx, caID) |
| 325 | if err != nil || c == nil { |
| 326 | return fmt.Errorf("getting CA %s: %v", caID, err) |
| 327 | } |
| 328 | p.ca = append(p.ca, c) |
| 329 | } |
| 330 | |
| 331 | caPool := x509.NewCertPool() |
| 332 | var certs []*x509.Certificate |
| 333 | for _, ca := range p.ca { |
| 334 | for _, c := range ca.IntermediateCertificateChain() { |
| 335 | if c == nil { |
| 336 | return fmt.Errorf("CA %s has a nil certificate in its intermediate chain", ca.ID) |
| 337 | } |
| 338 | caPool.AddCert(c) |
| 339 | certs = append(certs, c) |
| 340 | } |
| 341 | } |
| 342 | p.pool = caPool |
| 343 | p.certs = certs |
| 344 | return nil |
| 345 | } |
| 346 | |
| 347 | // Syntax: |
| 348 | // |
nothing calls this directly
no test coverage detected