6c555f94e3
3 main reasons: - The cert and key that we store in this object are not always used for TLS. - The package name "provider" was a little too generic. - dynamiccert.Provider reads more go-ish than provider.DynamicCertProvider. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
46 lines
1018 B
Go
46 lines
1018 B
Go
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package dynamiccert
|
|
|
|
import (
|
|
"sync"
|
|
|
|
"k8s.io/apiserver/pkg/server/dynamiccertificates"
|
|
)
|
|
|
|
// Provider provides a getter, CurrentCertKeyContent(), and a setter, Set(), for a PEM-formatted
|
|
// certificate and matching key.
|
|
type Provider interface {
|
|
dynamiccertificates.CertKeyContentProvider
|
|
Set(certPEM, keyPEM []byte)
|
|
}
|
|
|
|
type provider struct {
|
|
certPEM []byte
|
|
keyPEM []byte
|
|
mutex sync.RWMutex
|
|
}
|
|
|
|
// New returns an empty Provider. The returned Provider is thread-safe.
|
|
func New() Provider {
|
|
return &provider{}
|
|
}
|
|
|
|
func (p *provider) Set(certPEM, keyPEM []byte) {
|
|
p.mutex.Lock() // acquire a write lock
|
|
defer p.mutex.Unlock()
|
|
p.certPEM = certPEM
|
|
p.keyPEM = keyPEM
|
|
}
|
|
|
|
func (p *provider) Name() string {
|
|
return "DynamicCertProvider"
|
|
}
|
|
|
|
func (p *provider) CurrentCertKeyContent() (cert []byte, key []byte) {
|
|
p.mutex.RLock() // acquire a read lock
|
|
defer p.mutex.RUnlock()
|
|
return p.certPEM, p.keyPEM
|
|
}
|