public
/
dotege
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Docker template generator
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
1 Branch
Tree: e65933e339
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e65933e339'
${ noResults }
dotege/certs/monitor.go

monitor.go 2.6KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. package certs

  2. 

  3. import (

  4. 	"github.com/csmith/dotege/model"

  5. 	"go.uber.org/zap"

  6. 	"io/ioutil"

  7. 	"path"

  8. 	"strings"

  9. )

  10. 

  11. // CertificateMonitor handles scanning for new/updated certificates

  12. type CertificateMonitor struct {

  13. 	logger      *zap.SugaredLogger

  14. 	channel     chan<- model.FoundCertificate

  15. 	directories []string

  16. 	certs       map[string]*model.FoundCertificate

  17. }

  18. 

  19. // NewCertificateManager creates a new CertificateMonitor.

  20. func NewCertificateManager(logger *zap.SugaredLogger, channel chan<- model.FoundCertificate) *CertificateMonitor {

  21. 	return &CertificateMonitor{

  22. 		logger:  logger,

  23. 		channel: channel,

  24. 	}

  25. }

  26. 

  27. // AddDirectory adds a new directory to monitor

  28. func (c *CertificateMonitor) AddDirectory(directory string) {

  29. 	c.directories = append(c.directories, directory)

  30. 	go c.scanForFolders(directory)

  31. }

  32. 

  33. func (c *CertificateMonitor) scanForFolders(dir string) {

  34. 	c.logger.Debugf("Scanning folder %s for certificates", dir)

  35. 	dirs, err := ioutil.ReadDir(dir)

  36. 	if err != nil {

  37. 		c.logger.Errorf("Unable to read directory %s - %s", dir, err.Error())

  38. 		return

  39. 	}

  40. 

  41. 	for _, d := range dirs {

  42. 		if d.IsDir() {

  43. 			c.scanForCerts(d.Name(), path.Join(dir, d.Name()))

  44. 		}

  45. 	}

  46. }

  47. 

  48. func (c *CertificateMonitor) scanForCerts(vhost string, dir string) {

  49. 	c.logger.Debugf("Scanning folder %s for certificates for %s", dir, vhost)

  50. 	files, err := ioutil.ReadDir(dir)

  51. 	if err != nil {

  52. 		c.logger.Errorf("Unable to read directory %s - %s", dir, err.Error())

  53. 		return

  54. 	}

  55. 

  56. 	cert := model.FoundCertificate{}

  57. 	for _, f := range files {

  58. 		ext := path.Ext(f.Name())

  59. 		base := path.Base(f.Name())

  60. 		if ext == "pem" {

  61. 			prefix := strings.Split(base, "-")[0]

  62. 			added := maybeAddPart(&cert, prefix, path.Join(dir, f.Name()))

  63. 			if added && f.ModTime().After(cert.ModTime) {

  64. 				cert.ModTime = f.ModTime()

  65. 			}

  66. 		}

  67. 	}

  68. 

  69. 	c.maybeAddCert(vhost, cert)

  70. }

  71. 

  72. func maybeAddPart(cert *model.FoundCertificate, part string, path string) bool {

  73. 	switch part {

  74. 	case "cert":

  75. 		cert.Cert = path

  76. 	case "chain":

  77. 		cert.Chain = path

  78. 	case "fullchain":

  79. 		cert.FullChain = path

  80. 	case "privkey":

  81. 		cert.PrivateKey = path

  82. 	default:

  83. 		return false

  84. 	}

  85. 	return true

  86. }

  87. 

  88. func (c *CertificateMonitor) maybeAddCert(vhost string, cert model.FoundCertificate) {

  89. 	if len(cert.Cert) > 0 && len(cert.Chain) > 0 && len(cert.FullChain) > 0 && len(cert.PrivateKey) > 0 {

  90. 		if existing, ok := c.certs[vhost]; ok {

  91. 			if cert.ModTime.After(existing.ModTime) {

  92. 				c.logger.Debugf("Found newer certificate files for %s in %s", vhost, path.Dir(cert.Cert))

  93. 				c.certs[vhost] = &cert

  94. 				c.channel <- cert

  95. 			}

  96. 		} else {

  97. 			c.logger.Debugf("Found new certificate files for %s in %s", vhost, path.Dir(cert.Cert))

  98. 			c.certs[vhost] = &cert

  99. 			c.channel <- cert

  100. 		}

  101. 	}

  102. }