forked from elazarl/goproxy
/
cached_signer.go
91 lines (72 loc) · 1.67 KB
/
cached_signer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package goproxy
import (
"crypto/tls"
"log"
"sort"
"strings"
"sync"
"time"
)
type ExpiringCertMap struct {
TTL time.Duration
data sync.Map
}
type expireEntry struct {
ExpiresAt time.Time
Value interface{}
}
func (t *ExpiringCertMap) Store(key string, val interface{}) {
t.data.Store(key, expireEntry{
ExpiresAt: time.Now().Add(t.TTL),
Value: val,
})
}
func (t *ExpiringCertMap) Load(key string) (val interface{}) {
entry, ok := t.data.Load(key)
if !ok {
return nil
}
expireEntry := entry.(expireEntry)
if time.Now().After(expireEntry.ExpiresAt) {
return nil
}
return expireEntry.Value
}
func newTTLMap(ttl time.Duration) (m ExpiringCertMap) {
m.TTL = ttl
go func() {
for now := range time.Tick(time.Second) {
m.data.Range(func(k, v interface{}) bool {
if v.(expireEntry).ExpiresAt.After(now) {
m.data.Delete(k)
}
return true
})
}
}()
return
}
type cachedSigner struct {
cache ExpiringCertMap
semaphore chan struct{}
}
func newCachedSigner(ttl time.Duration) cachedSigner {
return cachedSigner{cache: newTTLMap(ttl), semaphore: make(chan struct{}, 1)}
}
func (s *cachedSigner) signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err error) {
sort.Strings(hosts)
hostKey := strings.Join(hosts, ";")
s.semaphore <- struct{}{}
defer func() { <-s.semaphore }()
if cachedCert := s.cache.Load(hostKey); cachedCert != nil {
log.Print("returning cached cert for " + hostKey)
return cachedCert.(*tls.Certificate), nil
}
log.Print("generating fresh cert for " + hostKey)
genCert, err := signHost(ca, hosts)
if err != nil {
return cert, err
}
s.cache.Store(hostKey, genCert)
return genCert, nil
}