/
store.go
123 lines (103 loc) · 3.5 KB
/
store.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package certificate
import (
"encoding/json"
"errors"
"os"
"strings"
"sync"
)
// JsonStore is responsible for storing and managing certificates. It can save and load data to/from a JSON file.
type JsonStore struct {
path string
certificates []*Details
locks map[string]*sync.Mutex
}
// NewStore creates a new certificate store using the specified path for storage, and tries to load any saved data.
func NewStore(path string) (*JsonStore, error) {
j := &JsonStore{
path: path,
locks: make(map[string]*sync.Mutex),
}
if err := j.load(); err != nil {
return nil, err
}
return j, nil
}
// load attempts to load the current store from disk. If the file is not found, no error is returned.
func (j *JsonStore) load() error {
b, err := os.ReadFile(j.path)
if errors.Is(err, os.ErrNotExist) {
return nil
} else if err != nil {
return err
}
return json.Unmarshal(b, &j.certificates)
}
// save serialises the current store to disk.
func (j *JsonStore) save() error {
j.pruneCertificates()
b, err := json.Marshal(j.certificates)
if err != nil {
return err
}
return os.WriteFile(j.path, b, 0600)
}
// GetCertificate returns a previously stored certificate with the given subject and alt names, or `nil` if none exists.
//
// Returned certificates are not guaranteed to be valid.
func (j *JsonStore) GetCertificate(subjectName string, altNames []string) *Details {
for i := range j.certificates {
if j.certificates[i].IsFor(subjectName, altNames) {
return j.certificates[i]
}
}
return nil
}
// LockCertificate acquires a lock over the writing of the given certificate. All calls to LockCertificate should
// be followed by calls to UnlockCertificate.
func (j *JsonStore) LockCertificate(subjectName string, altNames []string) {
j.lockFor(subjectName, altNames).Lock()
}
// UnlockCertificate releases a previously acquired lock over the writing of the given certificate.
func (j *JsonStore) UnlockCertificate(subjectName string, altNames []string) {
j.lockFor(subjectName, altNames).Unlock()
}
// lockFor provides the mutex to use for locking access to the given certificate.
func (j *JsonStore) lockFor(subjectName string, altNames []string) *sync.Mutex {
key := strings.Join(append([]string{subjectName}, altNames...), ";")
if mu, ok := j.locks[key]; ok {
return mu
} else {
mu = &sync.Mutex{}
j.locks[key] = mu
return mu
}
}
// removeCertificate removes any previously stored certificate with the given subject and alt names.
func (j *JsonStore) removeCertificate(subjectName string, altNames []string) {
for i := range j.certificates {
if j.certificates[i].IsFor(subjectName, altNames) {
j.certificates = append(j.certificates[:i], j.certificates[i+1:]...)
return
}
}
}
// pruneCertificates removes any certificates that are no longer valid.
func (j *JsonStore) pruneCertificates() {
savedCerts := j.certificates[:0]
for i := range j.certificates {
if j.certificates[i].ValidFor(0) {
savedCerts = append(savedCerts, j.certificates[i])
}
}
j.certificates = savedCerts
}
// SaveCertificate adds the given certificate to the store. Any previously saved certificates for the same subject
// and alt names will be removed. The store will be saved to disk after the certificate is added.
//
// Callers should acquire a lock on the certificate by calling LockCertificate before saving it.
func (j *JsonStore) SaveCertificate(certificate *Details) error {
j.removeCertificate(certificate.Subject, certificate.AltNames)
j.certificates = append(j.certificates, certificate)
return j.save()
}