Export interface for GetRenewalInfo
We can't assume the ARI-supporting issuer types are exactly *ACMEIssuer; they may be implemented by third party packages (such as caddytls.ACMEIssuer).
This commit is contained in:
parent
bd400cc9fb
commit
ed73243f8b
@ -235,7 +235,8 @@ func (iss *ACMEIssuer) newBasicACMEClient() (*acmez.Client, error) {
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (iss *ACMEIssuer) getRenewalInfo(ctx context.Context, cert Certificate) (acme.RenewalInfo, error) {
|
||||
// GetRenewalInfo gets the ACME Renewal Information (ARI) for the certificate.
|
||||
func (iss *ACMEIssuer) GetRenewalInfo(ctx context.Context, cert Certificate) (acme.RenewalInfo, error) {
|
||||
acmeClient, err := iss.newBasicACMEClient()
|
||||
if err != nil {
|
||||
return acme.RenewalInfo{}, err
|
||||
@ -312,6 +313,15 @@ func buildUAString() string {
|
||||
return ua
|
||||
}
|
||||
|
||||
// RenewalInfoGetter is a type that can get ACME Renewal Information (ARI).
|
||||
// Users of this package that wrap the ACMEIssuer or use any other issuer
|
||||
// that supports ARI will need to implement this so that CertMagic can
|
||||
// update ARI which happens outside the normal issuance flow and is thus
|
||||
// not required by the Issuer interface (a type assertion is performed).
|
||||
type RenewalInfoGetter interface {
|
||||
GetRenewalInfo(context.Context, Certificate) (acme.RenewalInfo, error)
|
||||
}
|
||||
|
||||
// These internal rate limits are designed to prevent accidentally
|
||||
// firehosing a CA's ACME endpoints. They are not intended to
|
||||
// replace or replicate the CA's actual rate limits.
|
||||
|
@ -509,8 +509,8 @@ func (cfg *Config) updateARI(ctx context.Context, cert Certificate, logger *zap.
|
||||
|
||||
// of the issuers configured, hopefully one of them is the ACME CA we got the cert from
|
||||
for _, iss := range cfg.Issuers {
|
||||
if acmeIss, ok := iss.(*ACMEIssuer); ok {
|
||||
newARI, err = acmeIss.getRenewalInfo(ctx, cert) // be sure to use existing newARI variable so we can compare against old value in the defer
|
||||
if ariGetter, ok := iss.(RenewalInfoGetter); ok {
|
||||
newARI, err = ariGetter.GetRenewalInfo(ctx, cert) // be sure to use existing newARI variable so we can compare against old value in the defer
|
||||
if err != nil {
|
||||
// could be anything, but a common error might simply be the "wrong" ACME CA
|
||||
// (meaning, different from the one that issued the cert, thus the only one
|
||||
@ -576,7 +576,7 @@ func (cfg *Config) updateARI(ctx context.Context, cert Certificate, logger *zap.
|
||||
}
|
||||
}
|
||||
|
||||
err = fmt.Errorf("could not fully update ACME renewal info: either no ACME issuer configured for certificate, or all failed (make sure the ACME CA that issued the certificate is configured)")
|
||||
err = fmt.Errorf("could not fully update ACME renewal info: either no issuer supporting ARI is configured for certificate, or all such failed (make sure the ACME CA that issued the certificate is configured)")
|
||||
return
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user