diff --git a/rpxy-certs/src/error.rs b/rpxy-certs/src/error.rs index b5135a8..34bd227 100644 --- a/rpxy-certs/src/error.rs +++ b/rpxy-certs/src/error.rs @@ -12,4 +12,7 @@ pub enum RpxyCertError { /// Error when parsing client CA certificates: No client certificate found #[error("No client certificate found")] NoClientCert, + /// Error for hot reload certificate reloader + #[error("Certificate reload error: {0}")] + CertificateReloadError(#[from] hot_reload::ReloaderError), } diff --git a/rpxy-certs/src/lib.rs b/rpxy-certs/src/lib.rs index ebb4789..2c616a2 100644 --- a/rpxy-certs/src/lib.rs +++ b/rpxy-certs/src/lib.rs @@ -8,9 +8,37 @@ mod server_crypto; mod log { pub(crate) use tracing::{debug, error, info, warn}; } - +/* ------------------------------------------------ */ pub use crate::{ certs::SingleServerCertsKeys, crypto_source::{CryptoFileSource, CryptoFileSourceBuilder, CryptoFileSourceBuilderError, CryptoSource}, server_crypto::{ServerCrypto, ServerNameBytes, ServerNameCryptoMap}, }; + +use crate::{error::*, reloader_service::CryptoReloader, server_crypto::ServerCryptoBase}; +use hot_reload::{ReloaderReceiver, ReloaderService}; + +/* ------------------------------------------------ */ +/// Constants TODO: define from outside +const CERTS_WATCH_DELAY_SECS: u32 = 60; +const LOAD_CERTS_ONLY_WHEN_UPDATED: bool = true; + +/* ------------------------------------------------ */ +/// Result type inner of certificate reloader service +type ReloaderServiceResultInner = ( + ReloaderService, + ReloaderReceiver, +); +/// Build certificate reloader service +pub async fn build_cert_reloader() -> Result +// where +// T: CryptoSource + Clone + Send + Sync + 'static, +{ + // TODO: fix later + let source = rustc_hash::FxHashMap::default(); + + let (cert_reloader_service, cert_reloader_rx) = + ReloaderService::::new(&source, CERTS_WATCH_DELAY_SECS, !LOAD_CERTS_ONLY_WHEN_UPDATED) + .await?; + Ok((cert_reloader_service, cert_reloader_rx)) +} diff --git a/rpxy-certs/src/reloader_service.rs b/rpxy-certs/src/reloader_service.rs index 06f5ad6..8427f3a 100644 --- a/rpxy-certs/src/reloader_service.rs +++ b/rpxy-certs/src/reloader_service.rs @@ -14,6 +14,7 @@ use std::sync::Arc; /// TODO: support for not only `CryptoFileSource` but also other type of sources type DynCryptoSource = dyn CryptoSource + Send + Sync + 'static; +#[derive(Clone)] /// Reloader service for certificates and keys for TLS pub struct CryptoReloader { inner: HashMap>>,