50 lines
1.1 KiB
Go
50 lines
1.1 KiB
Go
package httpd
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"sync"
|
|
|
|
"github.com/drakkan/sftpgo/ldapauthserver/logger"
|
|
)
|
|
|
|
type certManager struct {
|
|
cert *tls.Certificate
|
|
certPath string
|
|
keyPath string
|
|
lock *sync.RWMutex
|
|
}
|
|
|
|
func (m *certManager) loadCertificate() error {
|
|
newCert, err := tls.LoadX509KeyPair(m.certPath, m.keyPath)
|
|
if err != nil {
|
|
logger.Warn(logSender, "", "unable to load https certificate: %v", err)
|
|
return err
|
|
}
|
|
logger.Debug(logSender, "", "https certificate successfully loaded")
|
|
m.lock.Lock()
|
|
defer m.lock.Unlock()
|
|
m.cert = &newCert
|
|
return nil
|
|
}
|
|
|
|
func (m *certManager) GetCertificateFunc() func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
|
|
return func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
|
m.lock.RLock()
|
|
defer m.lock.RUnlock()
|
|
return m.cert, nil
|
|
}
|
|
}
|
|
|
|
func newCertManager(certificateFile, certificateKeyFile string) (*certManager, error) {
|
|
manager := &certManager{
|
|
cert: nil,
|
|
certPath: certificateFile,
|
|
keyPath: certificateKeyFile,
|
|
lock: new(sync.RWMutex),
|
|
}
|
|
err := manager.loadCertificate()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return manager, nil
|
|
}
|