public
/
dotege
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Docker template generator
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13 Commits
1 Branch
Tree: 5b86f8e545
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5b86f8e545'
${ noResults }
dotege/certs/monitor.go

monitor.go 2.5KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. package certs

  2. 

  3. import (

  4. 	"github.com/csmith/dotege/model"

  5. 	"go.uber.org/zap"

  6. 	"io/ioutil"

  7. 	"path"

  8. 	"strings"

  9. )

  10. 

  11. // CertificateMonitor handles scanning for new/updated certificates

  12. type CertificateMonitor struct {

  13. 	logger      *zap.SugaredLogger

  14. 	channel     chan<- model.FoundCertificate

  15. 	directories []string

  16. 	certs       map[string]*model.FoundCertificate

  17. }

  18. 

  19. // NewCertificateManager creates a new CertificateMonitor.

  20. func NewCertificateManager(logger *zap.SugaredLogger, channel chan<- model.FoundCertificate) *CertificateMonitor {

  21. 	return &CertificateMonitor{

  22. 		logger:  logger,

  23. 		channel: channel,

  24. 	}

  25. }

  26. 

  27. // AddDirectory adds a new directory to monitor

  28. func (c *CertificateMonitor) AddDirectory(directory string) {

  29. 	c.directories = append(c.directories, directory)

  30. 	go c.scanForFolders(directory)

  31. }

  32. 

  33. func (c *CertificateMonitor) scanForFolders(dir string) {

  34. 	dirs, err := ioutil.ReadDir(dir)

  35. 	if err != nil {

  36. 		c.logger.Errorf("Unable to read directory %s - %s", dir, err.Error())

  37. 		return

  38. 	}

  39. 

  40. 	for _, d := range dirs {

  41. 		if d.IsDir() {

  42. 			c.scanForCerts(d.Name(), path.Join(dir, d.Name()))

  43. 		}

  44. 	}

  45. }

  46. 

  47. func (c *CertificateMonitor) scanForCerts(vhost string, dir string) {

  48. 	files, err := ioutil.ReadDir(dir)

  49. 	if err != nil {

  50. 		c.logger.Errorf("Unable to read directory %s - %s", dir, err.Error())

  51. 		return

  52. 	}

  53. 

  54. 	cert := model.FoundCertificate{}

  55. 	for _, f := range files {

  56. 		ext := path.Ext(f.Name())

  57. 		base := path.Base(f.Name())

  58. 		if ext == "pem" {

  59. 			prefix := strings.Split(base, "-")[0]

  60. 			added := maybeAddPart(&cert, prefix, path.Join(dir, f.Name()))

  61. 			if added && f.ModTime().After(cert.ModTime) {

  62. 				cert.ModTime = f.ModTime()

  63. 			}

  64. 		}

  65. 	}

  66. 

  67. 	c.maybeAddCert(vhost, cert)

  68. }

  69. 

  70. func maybeAddPart(cert *model.FoundCertificate, part string, path string) bool {

  71. 	switch part {

  72. 	case "cert":

  73. 		cert.Cert = path

  74. 	case "chain":

  75. 		cert.Chain = path

  76. 	case "fullchain":

  77. 		cert.FullChain = path

  78. 	case "privkey":

  79. 		cert.PrivateKey = path

  80. 	default:

  81. 		return false

  82. 	}

  83. 	return true

  84. }

  85. 

  86. func (c *CertificateMonitor) maybeAddCert(vhost string, cert model.FoundCertificate) {

  87. 	if len(cert.Cert) > 0 && len(cert.Chain) > 0 && len(cert.FullChain) > 0 && len(cert.PrivateKey) > 0 {

  88. 		if existing, ok := c.certs[vhost]; ok {

  89. 			if cert.ModTime.After(existing.ModTime) {

  90. 				c.logger.Debugf("Found newer certificate files for %s in %s", vhost, path.Dir(cert.Cert))

  91. 				c.certs[vhost] = &cert

  92. 				c.channel <- cert

  93. 			}

  94. 		} else {

  95. 			c.logger.Debugf("Found new certificate files for %s in %s", vhost, path.Dir(cert.Cert))

  96. 			c.certs[vhost] = &cert

  97. 			c.channel <- cert

  98. 		}

  99. 	}

  100. }