forked from TrueCloudLab/certificates
Add additional ACME meta
properties to provisioner configuration
This commit is contained in:
parent
c9793561ff
commit
b9f238ad4d
2 changed files with 44 additions and 6 deletions
|
@ -234,15 +234,42 @@ func GetDirectory(w http.ResponseWriter, r *http.Request) {
|
|||
NewOrder: linker.GetLink(ctx, acme.NewOrderLinkType),
|
||||
RevokeCert: linker.GetLink(ctx, acme.RevokeCertLinkType),
|
||||
KeyChange: linker.GetLink(ctx, acme.KeyChangeLinkType),
|
||||
Meta: createMetaObject(acmeProv),
|
||||
}
|
||||
// Only add the ACME `meta` object when one (or more) of its
|
||||
// properties is set.
|
||||
if acmeProv.RequireEAB {
|
||||
directory.Meta = &Meta{
|
||||
ExternalAccountRequired: acmeProv.RequireEAB,
|
||||
|
||||
render.JSON(w, directory)
|
||||
}
|
||||
|
||||
// createMetaObject creates a Meta object if the ACME provisioner
|
||||
// has one or more properties that are written in the ACME directory output.
|
||||
// It returns nil if none of the properties are set.
|
||||
func createMetaObject(p *provisioner.ACME) *Meta {
|
||||
if shouldAddMetaObject(p) {
|
||||
return &Meta{
|
||||
TermsOfService: p.TermsOfService,
|
||||
Website: p.Website,
|
||||
CaaIdentities: p.CaaIdentities,
|
||||
ExternalAccountRequired: p.RequireEAB,
|
||||
}
|
||||
}
|
||||
render.JSON(w, directory)
|
||||
return nil
|
||||
}
|
||||
|
||||
// shouldAddMetaObject returns whether or not the ACME provisioner
|
||||
// has properties configured that must be added to the ACME directory object.
|
||||
func shouldAddMetaObject(p *provisioner.ACME) bool {
|
||||
switch {
|
||||
case p.TermsOfService != "":
|
||||
return true
|
||||
case p.Website != "":
|
||||
return true
|
||||
case len(p.CaaIdentities) > 0 && p.CaaIdentities[0] != "":
|
||||
return true
|
||||
case p.RequireEAB:
|
||||
return true
|
||||
default:
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
// NotImplemented returns a 501 and is generally a placeholder for functionality which
|
||||
|
|
|
@ -84,6 +84,17 @@ type ACME struct {
|
|||
Type string `json:"type"`
|
||||
Name string `json:"name"`
|
||||
ForceCN bool `json:"forceCN,omitempty"`
|
||||
// TermsOfService contains a URL pointing to the ACME server's
|
||||
// terms of service. Defaults to empty.
|
||||
TermsOfService string `json:"termsOfService,omitempty"`
|
||||
// Website contains an URL pointing to more information about
|
||||
// the ACME server. Defaults to empty.
|
||||
Website string `json:"website,omitempty"`
|
||||
// CaaIdentities is an array of hostnames that the ACME server
|
||||
// identifies itself with. These hostnames can be used by ACME
|
||||
// clients to determine the correct issuer domain name to use
|
||||
// when configuring CAA records. Defaults to empty array.
|
||||
CaaIdentities []string `json:"caaIdentities,omitempty"`
|
||||
// RequireEAB makes the provisioner require ACME EAB to be provided
|
||||
// by clients when creating a new Account. If set to true, the provided
|
||||
// EAB will be verified. If set to false and an EAB is provided, it is
|
||||
|
|
Loading…
Reference in a new issue