const keyExtension … const certExtension … const pemExtension … const currentPair … const updatedPair … type fileStore … type FileStore … // NewFileStore returns a concrete implementation of a Store that is based on // storing the cert/key pairs in a single file per pair on disk in the // designated directory. When starting up it will look for the currently // selected cert/key pair in: // // 1. ${certDirectory}/${pairNamePrefix}-current.pem - both cert and key are in the same file. // 2. ${certFile}, ${keyFile} // 3. ${certDirectory}/${pairNamePrefix}.crt, ${keyDirectory}/${pairNamePrefix}.key // // The first one found will be used. If rotation is enabled, future cert/key // updates will be written to the ${certDirectory} directory and // ${certDirectory}/${pairNamePrefix}-current.pem will be created as a soft // link to the currently selected cert/key pair. func NewFileStore( pairNamePrefix string, certDirectory string, keyDirectory string, certFile string, keyFile string) (FileStore, error) { … } // CurrentPath returns the path to the current version of these certificates. func (s *fileStore) CurrentPath() string { … } // recover checks if there is a certificate rotation that was interrupted while // progress, and if so, attempts to recover to a good state. func (s *fileStore) recover() error { … } func (s *fileStore) Current() (*tls.Certificate, error) { … } func loadFile(pairFile string) (*tls.Certificate, error) { … } func (s *fileStore) Update(certData, keyData []byte) (*tls.Certificate, error) { … } // updateSymLink updates the current symlink to point to the file that is // passed it. It will fail if there is a non-symlink file exists where the // symlink is expected to be. func (s *fileStore) updateSymlink(filename string) error { … } func (s *fileStore) filename(qualifier string) string { … } func loadX509KeyPair(certFile, keyFile string) (*tls.Certificate, error) { … } // FileExists checks if specified file exists. func fileExists(filename string) (bool, error) { … }