/
dynamic_tls_cert_provider.go
52 lines (43 loc) · 1.48 KB
/
dynamic_tls_cert_provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package provider
import (
"crypto/tls"
"sync"
)
type DynamicTLSCertProvider interface {
SetIssuerHostToTLSCertMap(issuerToJWKSMap map[string]*tls.Certificate)
SetDefaultTLSCert(certificate *tls.Certificate)
GetTLSCert(lowercaseIssuerHostName string) *tls.Certificate
GetDefaultTLSCert() *tls.Certificate
}
type dynamicTLSCertProvider struct {
issuerHostToTLSCertMap map[string]*tls.Certificate
defaultCert *tls.Certificate
mutex sync.RWMutex
}
func NewDynamicTLSCertProvider() DynamicTLSCertProvider {
return &dynamicTLSCertProvider{
issuerHostToTLSCertMap: map[string]*tls.Certificate{},
}
}
func (p *dynamicTLSCertProvider) SetIssuerHostToTLSCertMap(issuerHostToTLSCertMap map[string]*tls.Certificate) {
p.mutex.Lock() // acquire a write lock
defer p.mutex.Unlock()
p.issuerHostToTLSCertMap = issuerHostToTLSCertMap
}
func (p *dynamicTLSCertProvider) SetDefaultTLSCert(certificate *tls.Certificate) {
p.mutex.Lock() // acquire a write lock
defer p.mutex.Unlock()
p.defaultCert = certificate
}
func (p *dynamicTLSCertProvider) GetTLSCert(issuerHostName string) *tls.Certificate {
p.mutex.RLock() // acquire a read lock
defer p.mutex.RUnlock()
return p.issuerHostToTLSCertMap[issuerHostName]
}
func (p *dynamicTLSCertProvider) GetDefaultTLSCert() *tls.Certificate {
p.mutex.RLock() // acquire a read lock
defer p.mutex.RUnlock()
return p.defaultCert
}