MCPcopy
hub / github.com/caddyserver/certmagic / reusePrivateKey

Method reusePrivateKey

config.go:759–790  ·  view source on GitHub ↗

reusePrivateKey looks for a private key for domain in storage in the configured issuers paths. For the first private key it finds, it returns that key both decoded and PEM-encoded, as well as the reordered list of issuers to use instead of cfg.Issuers (because if a key is found, that issuer should b

(ctx context.Context, domain string)

Source from the content-addressed store, hash-verified

757// is found, that issuer should be tried first, so it is moved to the front in a copy of
758// cfg.Issuers).
759func (cfg *Config) reusePrivateKey(ctx context.Context, domain string) (privKey crypto.PrivateKey, privKeyPEM []byte, issuers []Issuer, err error) {
760 // make a copy of cfg.Issuers so that if we have to reorder elements, we don't
761 // inadvertently mutate the configured issuers (see append calls below)
762 issuers = make([]Issuer, len(cfg.Issuers))
763 copy(issuers, cfg.Issuers)
764
765 for i, issuer := range issuers {
766 // see if this issuer location in storage has a private key for the domain
767 privateKeyStorageKey := StorageKeys.SitePrivateKey(issuer.IssuerKey(), domain)
768 privKeyPEM, err = cfg.Storage.Load(ctx, privateKeyStorageKey)
769 if errors.Is(err, fs.ErrNotExist) {
770 err = nil // obviously, it's OK to not have a private key; so don't prevent obtaining a cert
771 continue
772 }
773 if err != nil {
774 return nil, nil, nil, fmt.Errorf("loading existing private key for reuse with issuer %s: %v", issuer.IssuerKey(), err)
775 }
776
777 // we loaded a private key; try decoding it so we can use it
778 privKey, err = PEMDecodePrivateKey(privKeyPEM)
779 if err != nil {
780 return nil, nil, nil, err
781 }
782
783 // since the private key was found in storage for this issuer, move it
784 // to the front of the list so we prefer this issuer first
785 issuers = append([]Issuer{issuer}, append(issuers[:i], issuers[i+1:]...)...)
786 break
787 }
788
789 return
790}
791
792// storageHasCertResourcesAnyIssuer returns true if storage has all the
793// certificate resources in storage from any configured issuer. It checks

Callers 1

obtainCertMethod · 0.95

Calls 4

PEMDecodePrivateKeyFunction · 0.85
SitePrivateKeyMethod · 0.80
IssuerKeyMethod · 0.65
LoadMethod · 0.65

Tested by

no test coverage detected