2023-06-22 22:12:33 +00:00
|
|
|
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
2020-10-27 00:03:26 +00:00
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2023-06-22 22:12:33 +00:00
|
|
|
package dynamictlscertprovider
|
2020-10-27 00:03:26 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"sync"
|
|
|
|
)
|
|
|
|
|
|
|
|
type DynamicTLSCertProvider interface {
|
|
|
|
SetIssuerHostToTLSCertMap(issuerToJWKSMap map[string]*tls.Certificate)
|
2020-10-27 23:33:08 +00:00
|
|
|
SetDefaultTLSCert(certificate *tls.Certificate)
|
2020-10-27 00:03:26 +00:00
|
|
|
GetTLSCert(lowercaseIssuerHostName string) *tls.Certificate
|
2020-10-27 23:33:08 +00:00
|
|
|
GetDefaultTLSCert() *tls.Certificate
|
2020-10-27 00:03:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type dynamicTLSCertProvider struct {
|
|
|
|
issuerHostToTLSCertMap map[string]*tls.Certificate
|
2020-10-27 23:33:08 +00:00
|
|
|
defaultCert *tls.Certificate
|
2020-10-27 00:03:26 +00:00
|
|
|
mutex sync.RWMutex
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewDynamicTLSCertProvider() DynamicTLSCertProvider {
|
|
|
|
return &dynamicTLSCertProvider{
|
|
|
|
issuerHostToTLSCertMap: map[string]*tls.Certificate{},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p *dynamicTLSCertProvider) SetIssuerHostToTLSCertMap(issuerHostToTLSCertMap map[string]*tls.Certificate) {
|
|
|
|
p.mutex.Lock() // acquire a write lock
|
|
|
|
defer p.mutex.Unlock()
|
|
|
|
p.issuerHostToTLSCertMap = issuerHostToTLSCertMap
|
|
|
|
}
|
|
|
|
|
2020-10-27 23:33:08 +00:00
|
|
|
func (p *dynamicTLSCertProvider) SetDefaultTLSCert(certificate *tls.Certificate) {
|
|
|
|
p.mutex.Lock() // acquire a write lock
|
|
|
|
defer p.mutex.Unlock()
|
|
|
|
p.defaultCert = certificate
|
|
|
|
}
|
|
|
|
|
2020-10-27 00:03:26 +00:00
|
|
|
func (p *dynamicTLSCertProvider) GetTLSCert(issuerHostName string) *tls.Certificate {
|
|
|
|
p.mutex.RLock() // acquire a read lock
|
|
|
|
defer p.mutex.RUnlock()
|
|
|
|
return p.issuerHostToTLSCertMap[issuerHostName]
|
|
|
|
}
|
2020-10-27 23:33:08 +00:00
|
|
|
|
|
|
|
func (p *dynamicTLSCertProvider) GetDefaultTLSCert() *tls.Certificate {
|
|
|
|
p.mutex.RLock() // acquire a read lock
|
|
|
|
defer p.mutex.RUnlock()
|
|
|
|
return p.defaultCert
|
|
|
|
}
|