github.com/ztalab/ZACA@v0.0.1/pkg/caclient/rorate_controller.go

github.com/ztalab/ZACA@v0.0.1/pkg/caclient/rorate_controller.go (about)

     1  package caclient
     2  
     3  import (
     4  	"time"
     5  
     6  	"github.com/ztalab/cfssl/transport/roots"
     7  	"go.uber.org/zap"
     8  )
     9  
    10  // RotateController ...
    11  type RotateController struct {
    12  	transport   *Transport
    13  	rotateAfter time.Duration
    14  	logger      *zap.SugaredLogger
    15  }
    16  
    17  // Run ...
    18  func (rc *RotateController) Run() {
    19  	log := rc.logger
    20  	ticker := time.NewTicker(60 * time.Minute)
    21  	defer func() {
    22  		ticker.Stop()
    23  	}()
    24  	for {
    25  		select {
    26  		case <-ticker.C:
    27  			// Automatically update certificates
    28  			err := rc.transport.AutoUpdate()
    29  			if err != nil {
    30  				log.Errorf("Certificate rotation failed: %v", err)
    31  			}
    32  			rc.AddCert()
    33  		}
    34  	}
    35  }
    36  
    37  func (rc *RotateController) AddCert() {
    38  	log := rc.logger
    39  	store, err := roots.New(rc.transport.Identity.Roots)
    40  	if err != nil {
    41  		log.Errorf("Failed to get roots: %v", err)
    42  		return
    43  	}
    44  	rc.transport.TrustStore.AddCerts(store.Certificates())
    45  
    46  	if len(rc.transport.Identity.ClientRoots) > 0 {
    47  		store, err = roots.New(rc.transport.Identity.ClientRoots)
    48  		if err != nil {
    49  			log.Errorf("Failed to get client roots: %v", err)
    50  			return
    51  		}
    52  		rc.transport.ClientTrustStore.AddCerts(store.Certificates())
    53  	}
    54  	return
    55  }