x509util

package
v1.53.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2026 License: Apache-2.0 Imports: 13 Imported by: 2

Documentation

Overview

Package x509util contains helper functions to deal with certificates.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ReadTotal = prometheus.NewCounter(prometheus.CounterOpts{
		Name: "certwatcher_read_certificate_total",
		Help: "Total number of certificate reads",
	})

	ReadErrors = prometheus.NewCounter(prometheus.CounterOpts{
		Name: "certwatcher_read_certificate_errors_total",
		Help: "Total number of certificate read errors",
	})
)

Functions

func CustomCertPool 

func CustomCertPool(caPath string) (*x509.CertPool, error)

CustomCertPool creates a x509.CertPool from a filepath string.

If the path is a directory, it walks the directory and adds all files to the pool.

Types

type CertWatcher added in v1.52.0 

type CertWatcher struct {

	// metrics
	ReadCertificateTotal  prometheus.Counter
	ReadCertificateErrors prometheus.Counter
	// contains filtered or unexported fields
}

CertWatcher watches certificate and key files for changes. It always returns the cached version, but periodically reads and parses certificate and key for changes and calls an optional callback with the new certificate.

func NewTLSCertWatcher added in v1.52.0 

func NewTLSCertWatcher(certPath, keyPath string) (*CertWatcher, error)

NewTLSCertWatcher returns a new CertWatcher watching the given certificate and key. It registers prometheus metrics for certificate read counts and errors. The metrics are unregistered when Start returns.

func (*CertWatcher) GetCertificate added in v1.52.0 

func (cw *CertWatcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate fetches the currently loaded certificate, which may be nil.

func (*CertWatcher) ReadCertificate added in v1.52.0 

func (cw *CertWatcher) ReadCertificate() error

ReadCertificate reads the certificate and key files from disk, parses them, and updates the current certificate on the watcher if updated. If a callback is set, it is invoked with the new certificate.

func (*CertWatcher) RegisterCallback added in v1.52.0 

func (cw *CertWatcher) RegisterCallback(callback func(tls.Certificate))

RegisterCallback registers a callback to be invoked when the certificate changes.

func (*CertWatcher) Start added in v1.52.0 

func (cw *CertWatcher) Start(ctx context.Context)

Start starts the watch on the certificate and key files. Any startup errors will be sent through the Started() channel. When Start returns, it unregisters the prometheus metrics that were registered in NewTLSCertWatcher.

func (*CertWatcher) Started added in v1.53.0 

func (cw *CertWatcher) Started() <-chan error

Started returns a channel that is closed when Start() has finished registering the fsnotify watches for the certificate and key files. Callers that need to mutate the watched files should block on this channel after calling Start() in a goroutine to avoid races.

func (*CertWatcher) Watch added in v1.52.0 

func (cw *CertWatcher) Watch()

Watch reads events from the watcher's channel and reacts to changes.

func (*CertWatcher) WithWatchInterval added in v1.52.0 

func (cw *CertWatcher) WithWatchInterval(interval time.Duration) *CertWatcher

WithWatchInterval sets the watch interval and returns the CertWatcher pointer

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.