44 lines
1.1 KiB
Go
44 lines
1.1 KiB
Go
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package provider
|
|
|
|
import (
|
|
"sync"
|
|
|
|
"k8s.io/apiserver/pkg/server/dynamiccertificates"
|
|
)
|
|
|
|
type DynamicTLSServingCertProvider interface {
|
|
dynamiccertificates.CertKeyContentProvider
|
|
Set(certPEM, keyPEM []byte)
|
|
}
|
|
|
|
type dynamicTLSServingCertProvider struct {
|
|
certPEM []byte
|
|
keyPEM []byte
|
|
mutex sync.RWMutex
|
|
}
|
|
|
|
// TODO rename this type to DynamicCertProvider, since we are now going to use it for other types of certs too.
|
|
func NewDynamicTLSServingCertProvider() DynamicTLSServingCertProvider {
|
|
return &dynamicTLSServingCertProvider{}
|
|
}
|
|
|
|
func (p *dynamicTLSServingCertProvider) Set(certPEM, keyPEM []byte) {
|
|
p.mutex.Lock() // acquire a write lock
|
|
defer p.mutex.Unlock()
|
|
p.certPEM = certPEM
|
|
p.keyPEM = keyPEM
|
|
}
|
|
|
|
func (p *dynamicTLSServingCertProvider) Name() string {
|
|
return "DynamicTLSServingCertProvider"
|
|
}
|
|
|
|
func (p *dynamicTLSServingCertProvider) CurrentCertKeyContent() (cert []byte, key []byte) {
|
|
p.mutex.RLock() // acquire a read lock
|
|
defer p.mutex.RUnlock()
|
|
return p.certPEM, p.keyPEM
|
|
}
|