MCPcopy
hub / github.com/caddyserver/caddy / HandleHTTPChallenge

Method HandleHTTPChallenge

modules/caddytls/tls.go:766–808  ·  view source on GitHub ↗

HandleHTTPChallenge ensures that the ACME HTTP challenge or ZeroSSL HTTP validation request is handled for the certificate named by r.Host, if it is an HTTP challenge request. It requires that the automation policy for r.Host has an issuer that implements GetACMEIssuer() or is a *ZeroSSLIssuer.

(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

764// is an HTTP challenge request. It requires that the automation policy for
765// r.Host has an issuer that implements GetACMEIssuer() or is a *ZeroSSLIssuer.
766func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool {
767 acmeChallenge := certmagic.LooksLikeHTTPChallenge(r)
768 zerosslValidation := certmagic.LooksLikeZeroSSLHTTPValidation(r)
769
770 // no-op if it's not an ACME challenge request
771 if !acmeChallenge && !zerosslValidation {
772 return false
773 }
774
775 // try all the issuers until we find the one that initiated the challenge
776 ap := t.getAutomationPolicyForName(r.Host)
777
778 if acmeChallenge {
779 type acmeCapable interface{ GetACMEIssuer() *ACMEIssuer }
780
781 for _, iss := range ap.magic.Issuers {
782 if acmeIssuer, ok := iss.(acmeCapable); ok {
783 if acmeIssuer.GetACMEIssuer().issuer.HandleHTTPChallenge(w, r) {
784 return true
785 }
786 }
787 }
788
789 // it's possible another server in this process initiated the challenge;
790 // users have requested that Caddy only handle HTTP challenges it initiated,
791 // so that users can proxy the others through to their backends; but we
792 // might not have an automation policy for all identifiers that are trying
793 // to get certificates (e.g. the admin endpoint), so we do this manual check
794 if challenge, ok := certmagic.GetACMEChallenge(r.Host); ok {
795 return certmagic.SolveHTTPChallenge(t.logger, w, r, challenge.Challenge)
796 }
797 } else if zerosslValidation {
798 for _, iss := range ap.magic.Issuers {
799 if ziss, ok := iss.(*ZeroSSLIssuer); ok {
800 if ziss.issuer.HandleZeroSSLHTTPValidation(w, r) {
801 return true
802 }
803 }
804 }
805 }
806
807 return false
808}
809
810// AddAutomationPolicy provisions and adds ap to the list of the app's
811// automation policies. If an existing automation policy exists that has

Callers 1

ServeHTTPMethod · 0.80

Calls 2

GetACMEIssuerMethod · 0.65

Tested by

no test coverage detected