go.temporal.io/server@v1.23.0/common/rpc/encryption/local_store_per_host_cert_provider_map.go (about) 1 // The MIT License 2 // 3 // Copyright (c) 2020 Temporal Technologies Inc. All rights reserved. 4 // 5 // Copyright (c) 2020 Uber Technologies, Inc. 6 // 7 // Permission is hereby granted, free of charge, to any person obtaining a copy 8 // of this software and associated documentation files (the "Software"), to deal 9 // in the Software without restriction, including without limitation the rights 10 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 // copies of the Software, and to permit persons to whom the Software is 12 // furnished to do so, subject to the following conditions: 13 // 14 // The above copyright notice and this permission notice shall be included in 15 // all copies or substantial portions of the Software. 16 // 17 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 // THE SOFTWARE. 24 25 package encryption 26 27 import ( 28 "strings" 29 "time" 30 31 "go.temporal.io/server/common/config" 32 "go.temporal.io/server/common/log" 33 ) 34 35 var _ PerHostCertProviderMap = (*localStorePerHostCertProviderMap)(nil) 36 var _ CertExpirationChecker = (*localStorePerHostCertProviderMap)(nil) 37 38 type localStorePerHostCertProviderMap struct { 39 certProviderCache map[string]CertProvider 40 clientAuthCache map[string]bool 41 } 42 43 func newLocalStorePerHostCertProviderMap( 44 overrides map[string]config.ServerTLS, 45 certProviderFactory CertProviderFactory, 46 refreshInterval time.Duration, 47 logger log.Logger, 48 ) *localStorePerHostCertProviderMap { 49 50 providerMap := &localStorePerHostCertProviderMap{} 51 if overrides == nil { 52 return providerMap 53 } 54 55 providerMap.certProviderCache = make(map[string]CertProvider, len(overrides)) 56 providerMap.clientAuthCache = make(map[string]bool, len(overrides)) 57 58 for host, settings := range overrides { 59 lcHost := strings.ToLower(host) 60 61 provider := certProviderFactory(&config.GroupTLS{Server: settings}, nil, nil, refreshInterval, logger) 62 providerMap.certProviderCache[lcHost] = provider 63 providerMap.clientAuthCache[lcHost] = settings.RequireClientAuth 64 } 65 66 return providerMap 67 } 68 69 // GetCertProvider for a given host name returns a cert provider (nil if not found) and if client authentication is required 70 func (f *localStorePerHostCertProviderMap) GetCertProvider(hostName string) (CertProvider, bool, error) { 71 72 lcHostName := strings.ToLower(hostName) 73 74 if f.certProviderCache == nil { 75 return nil, true, nil 76 } 77 cachedCertProvider, ok := f.certProviderCache[lcHostName] 78 if !ok { 79 return nil, true, nil 80 } 81 clientAuthRequired := f.clientAuthCache[lcHostName] 82 return cachedCertProvider, clientAuthRequired, nil 83 } 84 85 func (f *localStorePerHostCertProviderMap) GetExpiringCerts(timeWindow time.Duration, 86 ) (expiring CertExpirationMap, expired CertExpirationMap, err error) { 87 88 expiring = make(CertExpirationMap) 89 expired = make(CertExpirationMap) 90 91 for _, provider := range f.certProviderCache { 92 93 providerExpiring, providerExpired, providerError := provider.GetExpiringCerts(timeWindow) 94 mergeMaps(expiring, providerExpiring) 95 mergeMaps(expired, providerExpired) 96 if providerError != nil { 97 err = appendError(err, providerError) 98 } 99 } 100 return expiring, expired, err 101 } 102 103 func (f *localStorePerHostCertProviderMap) NumberOfHosts() int { 104 105 if f.certProviderCache != nil { 106 return len(f.certProviderCache) 107 } 108 return 0 109 }