forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
reload.go
54 lines (41 loc) · 1.06 KB
/
reload.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package reload
import (
"crypto/tls"
"fmt"
"sync"
)
// ReloadFunc are functions that are called when a reload is requested
type ReloadFunc func(map[string]interface{}) error
// CertificateGetter satisfies ReloadFunc and its GetCertificate method
// satisfies the tls.GetCertificate function signature. Currently it does not
// allow changing paths after the fact.
type CertificateGetter struct {
sync.RWMutex
cert *tls.Certificate
certFile string
keyFile string
}
func NewCertificateGetter(certFile, keyFile string) *CertificateGetter {
return &CertificateGetter{
certFile: certFile,
keyFile: keyFile,
}
}
func (cg *CertificateGetter) Reload(_ map[string]interface{}) error {
cert, err := tls.LoadX509KeyPair(cg.certFile, cg.keyFile)
if err != nil {
return err
}
cg.Lock()
defer cg.Unlock()
cg.cert = &cert
return nil
}
func (cg *CertificateGetter) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
cg.RLock()
defer cg.RUnlock()
if cg.cert == nil {
return nil, fmt.Errorf("nil certificate")
}
return cg.cert, nil
}