Try to reload certificates every 2 hours

2024-11-21 10:51:40 +00:00 · 2024-01-14 14:00:54 +00:00 · 2024-01-14 14:00:54 +00:00 · f8dde8eebe
commit f8dde8eebe
parent 822c7b570a
2 changed files with 27 additions and 4 deletions
--- a/certs/certs.go
+++ b/certs/certs.go
@ -27,6 +27,8 @@ type Certs struct {
 	ca   *certgen.CertGen
 	sn   atomic.Int64
 	r    *rescheduler.Rescheduler
+	t    *time.Ticker
+	ts   chan struct{}
 }

 // New creates a new cert list
@ -37,15 +39,26 @@ func New(certDir fs.FS, keyDir fs.FS, selfCert bool) *Certs {
 		ss:   selfCert,
 		s:    &sync.RWMutex{},
 		m:    make(map[string]*tls.Certificate),
+		ts:   make(chan struct{}, 1),
 	}

-	// the rescheduler isn't even used in self cert mode so why initialise it
 	if !selfCert {
+		// the rescheduler isn't even used in self cert mode so why initialise it
 		c.r = rescheduler.NewRescheduler(c.threadCompile)
-	}

-	// in self-signed mode generate a CA certificate to sign other certificates
-	if c.ss {
+		c.t = time.NewTicker(2 * time.Hour)
+		go func() {
+			for {
+				select {
+				case <-c.t.C:
+					c.Compile()
+				case <-c.ts:
+					return
+				}
+			}
+		}()
+	} else {
+		// in self-signed mode generate a CA certificate to sign other certificates
 		ca, err := certgen.MakeCaTls(4096, pkix.Name{
 			Country:            []string{"GB"},
 			Organization:       []string{"Violet"},
@ -118,6 +131,13 @@ func (c *Certs) Compile() {
 	c.r.Run()
 }

+func (c *Certs) Stop() {
+	if c.t != nil {
+		c.t.Stop()
+	}
+	close(c.ts)
+}
+
 func (c *Certs) threadCompile() {
 	// new map
 	certMap := make(map[string]*tls.Certificate)
--- a/cmd/violet/serve.go
+++ b/cmd/violet/serve.go
@ -183,6 +183,9 @@ func normalLoad(startUp startUpConfig, wd string) {
 	exit_reload.ExitReload("Violet", func() {
 		allCompilables.Compile()
 	}, func() {
+		// stop updating certificates
+		allowedCerts.Stop()
+
 		// close websockets first
 		ws.Shutdown()