tls

type CertificateSource interface {
	// GetCertificate returns a Certificate based on the given
	// ClientHelloInfo. It will only be called if the client supplies SNI
	// information or if Certificates is empty.
	//
	// If GetCertificate is nil or returns nil, then the certificate is
	// retrieved from NameToCertificate. If NameToCertificate is nil, the
	// first element of Certificates will be used.
	GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)

	// Run will start the certificate source.
	// This may include setting up watches on certificate stores, or any other
	// kind of background operation.
	// The Run function should return when stopCh is closed, and may return an
	// error if an irrecoverable error occurs whilst running.
	Run(context.Context) error

	// Healthy can be used to check the status of the CertificateSource.
	// It will return true if the source has a certificate available.
	Healthy() bool
}

type DynamicSource struct {
	// DNSNames that will be set on certificates this source produces.
	DNSNames []string

	// The authority used to sign certificate templates.
	Authority *authority.DynamicAuthority
	// contains filtered or unexported fields
}

type FileCertificateSource struct {
	// CertPath is the path to the TLS certificate.
	// This file will be read periodically and will be used as the private key
	// for TLS connections.
	CertPath string

	// KeyPath is the path to the private key.
	// This file will be read periodically and will be used as the private key
	// for TLS connections.
	KeyPath string

	// UpdateInterval is how often the CertPath and KeyPath will be checked for
	// changes.
	// If not specified, a default of 10s will be used.
	UpdateInterval time.Duration

	// MaxFailures is the maximum number of times a failure to read data from
	// disk should be allowed before treating it as fatal.
	// If not specified, a default of 12 will be used.
	MaxFailures int
	// contains filtered or unexported fields
}