(leaf *x509.Certificate, expiresIn, renewPeriod time.Duration)
| 352 | } |
| 353 | |
| 354 | func nextRenewDuration(leaf *x509.Certificate, expiresIn, renewPeriod time.Duration) time.Duration { |
| 355 | if renewPeriod > 0 { |
| 356 | // Renew now if it will be expired in renewPeriod |
| 357 | if (time.Until(leaf.NotAfter) - renewPeriod) <= 0 { |
| 358 | return 0 |
| 359 | } |
| 360 | return renewPeriod |
| 361 | } |
| 362 | |
| 363 | period := leaf.NotAfter.Sub(leaf.NotBefore) |
| 364 | if expiresIn == 0 { |
| 365 | expiresIn = period / 3 |
| 366 | } |
| 367 | |
| 368 | switch d := time.Until(leaf.NotAfter) - expiresIn; { |
| 369 | case d <= 0: |
| 370 | return 0 |
| 371 | case d < period/20: |
| 372 | //nolint:gosec // The random number below is not being used for crypto. |
| 373 | return time.Duration(rand.Int63n(int64(d))) |
| 374 | default: |
| 375 | //nolint:gosec // The random number below is not being used for crypto. |
| 376 | n := rand.Int63n(int64(period / 20)) |
| 377 | d -= time.Duration(n) |
| 378 | return d |
| 379 | } |
| 380 | } |
| 381 | |
| 382 | func getAfterRenewFunc(pid, signum int, execCmd string) func() error { |
| 383 | return func() error { |
no outgoing calls
no test coverage detected
searching dependent graphs…