ContainerImage.Pinniped/internal/provider/dynamic_tls_serving_cert_provider.go

// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package provider

import (
	"sync"

	"k8s.io/apiserver/pkg/server/dynamiccertificates"
)

type DynamicTLSServingCertProvider interface {
	dynamiccertificates.CertKeyContentProvider
	Set(certPEM, keyPEM []byte)
}

type dynamicTLSServingCertProvider struct {
	certPEM []byte
	keyPEM  []byte
	mutex   sync.RWMutex
}

// TODO rename this type to DynamicCertProvider, since we are now going to use it for other types of certs too
func NewDynamicTLSServingCertProvider() DynamicTLSServingCertProvider {
	return &dynamicTLSServingCertProvider{}
}

func (p *dynamicTLSServingCertProvider) Set(certPEM, keyPEM []byte) {
	p.mutex.Lock() // acquire a write lock
	defer p.mutex.Unlock()
	p.certPEM = certPEM
	p.keyPEM = keyPEM
}

func (p *dynamicTLSServingCertProvider) Name() string {
	return "DynamicTLSServingCertProvider"
}

func (p *dynamicTLSServingCertProvider) CurrentCertKeyContent() (cert []byte, key []byte) {
	p.mutex.RLock() // acquire a read lock
	defer p.mutex.RUnlock()
	return p.certPEM, p.keyPEM
}