MCPcopy
hub / github.com/caddyserver/caddy / Issue

Method Issue

modules/caddytls/internalissuer.go:103–149  ·  view source on GitHub ↗

Issue issues a certificate to satisfy the CSR.

(ctx context.Context, csr *x509.CertificateRequest)

Source from the content-addressed store, hash-verified

101
102// Issue issues a certificate to satisfy the CSR.
103func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) {
104 // prepare the signing authority
105 authCfg := caddypki.AuthorityConfig{
106 SignWithRoot: iss.SignWithRoot,
107 }
108 auth, err := iss.ca.NewAuthority(authCfg)
109 if err != nil {
110 return nil, err
111 }
112
113 // get the cert (public key) that will be used for signing
114 var issuerCert *x509.Certificate
115 if iss.SignWithRoot {
116 issuerCert = iss.ca.RootCertificate()
117 } else {
118 chain := iss.ca.IntermediateCertificateChain()
119 issuerCert = chain[0]
120 }
121
122 // ensure issued certificate does not expire later than its issuer
123 lifetime := time.Duration(iss.Lifetime)
124 if time.Now().Add(lifetime).After(issuerCert.NotAfter) {
125 lifetime = time.Until(issuerCert.NotAfter)
126 iss.logger.Warn("cert lifetime would exceed issuer NotAfter, clamping lifetime",
127 zap.Duration("orig_lifetime", time.Duration(iss.Lifetime)),
128 zap.Duration("lifetime", lifetime),
129 zap.Time("not_after", issuerCert.NotAfter),
130 )
131 }
132
133 certChain, err := auth.SignWithContext(ctx, csr, provisioner.SignOptions{}, customCertLifetime(caddy.Duration(lifetime)))
134 if err != nil {
135 return nil, err
136 }
137
138 var buf bytes.Buffer
139 for _, cert := range certChain {
140 err := pem.Encode(&buf, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
141 if err != nil {
142 return nil, err
143 }
144 }
145
146 return &certmagic.IssuedCertificate{
147 Certificate: buf.Bytes(),
148 }, nil
149}
150
151// UnmarshalCaddyfile deserializes Caddyfile tokens into iss.
152//

Callers 1

TestInternalIssuer_IssueFunction · 0.95

Calls 6

customCertLifetimeTypeAlias · 0.85
NewAuthorityMethod · 0.80
RootCertificateMethod · 0.80
DurationMethod · 0.80
AddMethod · 0.45

Tested by 1

TestInternalIssuer_IssueFunction · 0.76