HandleHTTPChallenge ensures that the ACME HTTP challenge or ZeroSSL HTTP validation request is handled for the certificate named by r.Host, if it is an HTTP challenge request. It requires that the automation policy for r.Host has an issuer that implements GetACMEIssuer() or is a *ZeroSSLIssuer.
(w http.ResponseWriter, r *http.Request)
| 764 | // is an HTTP challenge request. It requires that the automation policy for |
| 765 | // r.Host has an issuer that implements GetACMEIssuer() or is a *ZeroSSLIssuer. |
| 766 | func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { |
| 767 | acmeChallenge := certmagic.LooksLikeHTTPChallenge(r) |
| 768 | zerosslValidation := certmagic.LooksLikeZeroSSLHTTPValidation(r) |
| 769 | |
| 770 | // no-op if it's not an ACME challenge request |
| 771 | if !acmeChallenge && !zerosslValidation { |
| 772 | return false |
| 773 | } |
| 774 | |
| 775 | // try all the issuers until we find the one that initiated the challenge |
| 776 | ap := t.getAutomationPolicyForName(r.Host) |
| 777 | |
| 778 | if acmeChallenge { |
| 779 | type acmeCapable interface{ GetACMEIssuer() *ACMEIssuer } |
| 780 | |
| 781 | for _, iss := range ap.magic.Issuers { |
| 782 | if acmeIssuer, ok := iss.(acmeCapable); ok { |
| 783 | if acmeIssuer.GetACMEIssuer().issuer.HandleHTTPChallenge(w, r) { |
| 784 | return true |
| 785 | } |
| 786 | } |
| 787 | } |
| 788 | |
| 789 | // it's possible another server in this process initiated the challenge; |
| 790 | // users have requested that Caddy only handle HTTP challenges it initiated, |
| 791 | // so that users can proxy the others through to their backends; but we |
| 792 | // might not have an automation policy for all identifiers that are trying |
| 793 | // to get certificates (e.g. the admin endpoint), so we do this manual check |
| 794 | if challenge, ok := certmagic.GetACMEChallenge(r.Host); ok { |
| 795 | return certmagic.SolveHTTPChallenge(t.logger, w, r, challenge.Challenge) |
| 796 | } |
| 797 | } else if zerosslValidation { |
| 798 | for _, iss := range ap.magic.Issuers { |
| 799 | if ziss, ok := iss.(*ZeroSSLIssuer); ok { |
| 800 | if ziss.issuer.HandleZeroSSLHTTPValidation(w, r) { |
| 801 | return true |
| 802 | } |
| 803 | } |
| 804 | } |
| 805 | } |
| 806 | |
| 807 | return false |
| 808 | } |
| 809 | |
| 810 | // AddAutomationPolicy provisions and adds ap to the list of the app's |
| 811 | // automation policies. If an existing automation policy exists that has |
no test coverage detected