| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- package httpd
- import (
- "crypto/tls"
- "sync"
- "github.com/drakkan/sftpgo/ldapauthserver/logger"
- )
- type certManager struct {
- cert *tls.Certificate
- certPath string
- keyPath string
- lock *sync.RWMutex
- }
- func (m *certManager) loadCertificate() error {
- newCert, err := tls.LoadX509KeyPair(m.certPath, m.keyPath)
- if err != nil {
- logger.Warn(logSender, "", "unable to load https certificate: %v", err)
- return err
- }
- logger.Debug(logSender, "", "https certificate successfully loaded")
- m.lock.Lock()
- defer m.lock.Unlock()
- m.cert = &newCert
- return nil
- }
- func (m *certManager) GetCertificateFunc() func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
- return func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
- m.lock.RLock()
- defer m.lock.RUnlock()
- return m.cert, nil
- }
- }
- func newCertManager(certificateFile, certificateKeyFile string) (*certManager, error) {
- manager := &certManager{
- cert: nil,
- certPath: certificateFile,
- keyPath: certificateKeyFile,
- lock: new(sync.RWMutex),
- }
- err := manager.loadCertificate()
- if err != nil {
- return nil, err
- }
- return manager, nil
- }
|
