caddytls: add 'key_type' subdirective (#3956)

* caddytls: add 'key_type' subdirective

* Suggested change

* *string -> string

* test

caddyconfig/httpcaddyfile/builtins.go

@@ -87,6 +87,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 	var folderLoader caddytls.FolderLoader
 	var certSelector caddytls.CustomCertSelectionPolicy
 	var acmeIssuer *caddytls.ACMEIssuer
+	var keyType string
 	var internalIssuer *caddytls.InternalIssuer
 	var issuers []certmagic.Issuer
 	var onDemand bool
@@ -267,6 +268,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 				}
 				acmeIssuer.CA = arg[0]
 
+			case "key_type":
+				arg := h.RemainingArgs()
+				if len(arg) != 1 {
+					return nil, h.ArgErr()
+				}
+				keyType = arg[0]
+
 			case "eab":
 				arg := h.RemainingArgs()
 				if len(arg) != 2 {
@@ -384,6 +392,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 		})
 	}
 
+	if keyType != "" {
+		configVals = append(configVals, ConfigValue{
+			Class: "tls.key_type",
+			Value: keyType,
+		})
+	}
+
 	// on-demand TLS
 	if onDemand {
 		configVals = append(configVals, ConfigValue{

caddyconfig/httpcaddyfile/tlsapp.go

@@ -108,6 +108,10 @@ func (st ServerType) buildTLSApp(
 				ap.OnDemand = true
 			}
 
+			if keyTypeVals, ok := sblock.pile["tls.key_type"]; ok {
+				ap.KeyType = keyTypeVals[0].Value.(string)
+			}
+
 			// certificate issuers
 			if issuerVals, ok := sblock.pile["tls.cert_issuer"]; ok {
 				var issuers []certmagic.Issuer

caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt

@@ -7,6 +7,7 @@
 example.com {
 	tls {
 		on_demand
+		key_type rsa2048
 	}
 }
 
@@ -79,6 +80,7 @@ http://example.net {
 								"module": "zerossl"
 							}
 						],
+						"key_type": "rsa2048",
 						"on_demand": true
 					},
 					{