Add processing of RequireEAB through Linked CA

authority/provisioners.go

@@ -510,12 +510,13 @@ func ProvisionerToCertificates(p *linkedca.Provisioner) (provisioner.Interface,
 	case *linkedca.ProvisionerDetails_ACME:
 		cfg := d.ACME
 		return &provisioner.ACME{
-			ID:      p.Id,
+			ID:         p.Id,
-			Type:    p.Type.String(),
+			Type:       p.Type.String(),
-			Name:    p.Name,
+			Name:       p.Name,
-			ForceCN: cfg.ForceCn,
+			ForceCN:    cfg.ForceCn,
-			Claims:  claims,
+			RequireEAB: cfg.RequireEab,
-			Options: options,
+			Claims:     claims,
+			Options:    options,
 		}, nil
 	case *linkedca.ProvisionerDetails_OIDC:
 		cfg := d.OIDC

docs/provisioners.md

@@ -346,6 +346,7 @@ Below is an example of an ACME provisioner in the `ca.json`:
     "type": "ACME",
     "name": "my-acme-provisioner",
     "forceCN": true,
+    "requireEAB": false,
     "claims": {
         "maxTLSCertDuration": "8h",
         "defaultTLSCertDuration": "2h",
@@ -361,6 +362,9 @@ Below is an example of an ACME provisioner in the `ca.json`:
 * `forceCN` (optional): force one of the SANs to become the Common Name, if a
   common name is not provided.
 
+* `requireEAB` (optional): require clients to provide External Account Binding 
+  credentials when creating an ACME Account.
+
 * `claims` (optional): overwrites the default claims set in the authority, see
   the [top](#provisioners) section for all the options.