From 5a0715689444537cf2c41e3362468b97f31493b6 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 18 Jan 2022 14:18:31 -0500 Subject: [PATCH] httpcaddyfile: Add pki app `root` and `intermediate` cert/key config (#4514) --- caddyconfig/httpcaddyfile/pkiapp.go | 68 +++++++++++++++++++ .../global_options_skip_install_trust.txt | 22 +++++- 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index b1aac75fafb..9feb43351ff 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -31,6 +31,16 @@ func init() { // name // root_cn // intermediate_cn +// root { +// cert +// key +// format +// } +// intermediate { +// cert +// key +// format +// } // } // } // @@ -74,6 +84,64 @@ func parsePKIApp(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, } pkiCa.IntermediateCommonName = d.Val() + case "root": + if pkiCa.Root == nil { + pkiCa.Root = new(caddypki.KeyPair) + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "cert": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Root.Certificate = d.Val() + + case "key": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Root.PrivateKey = d.Val() + + case "format": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Root.Format = d.Val() + + default: + return nil, d.Errf("unrecognized pki ca root option '%s'", d.Val()) + } + } + + case "intermediate": + if pkiCa.Intermediate == nil { + pkiCa.Intermediate = new(caddypki.KeyPair) + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "cert": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Intermediate.Certificate = d.Val() + + case "key": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Intermediate.PrivateKey = d.Val() + + case "format": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Intermediate.Format = d.Val() + + default: + return nil, d.Errf("unrecognized pki ca intermediate option '%s'", d.Val()) + } + } + default: return nil, d.Errf("unrecognized pki ca option '%s'", d.Val()) } diff --git a/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt index 39c118ff8ac..8116a4b3981 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt @@ -5,6 +5,16 @@ name "Local" root_cn "Custom Local Root Name" intermediate_cn "Custom Local Intermediate Name" + root { + cert /path/to/cert.pem + key /path/to/key.pem + format pem_file + } + intermediate { + cert /path/to/cert.pem + key /path/to/key.pem + format pem_file + } } ca foo { name "Foo" @@ -118,7 +128,17 @@ acme-bar.example.com { "name": "Local", "root_common_name": "Custom Local Root Name", "intermediate_common_name": "Custom Local Intermediate Name", - "install_trust": false + "install_trust": false, + "root": { + "certificate": "/path/to/cert.pem", + "private_key": "/path/to/key.pem", + "format": "pem_file" + }, + "intermediate": { + "certificate": "/path/to/cert.pem", + "private_key": "/path/to/key.pem", + "format": "pem_file" + } } } },