MCPcopy
hub / github.com/smallstep/cli / nextRenewDuration

Function nextRenewDuration

command/ca/renew.go:354–380  ·  view source on GitHub ↗
(leaf *x509.Certificate, expiresIn, renewPeriod time.Duration)

Source from the content-addressed store, hash-verified

352}
353
354func nextRenewDuration(leaf *x509.Certificate, expiresIn, renewPeriod time.Duration) time.Duration {
355 if renewPeriod > 0 {
356 // Renew now if it will be expired in renewPeriod
357 if (time.Until(leaf.NotAfter) - renewPeriod) <= 0 {
358 return 0
359 }
360 return renewPeriod
361 }
362
363 period := leaf.NotAfter.Sub(leaf.NotBefore)
364 if expiresIn == 0 {
365 expiresIn = period / 3
366 }
367
368 switch d := time.Until(leaf.NotAfter) - expiresIn; {
369 case d <= 0:
370 return 0
371 case d < period/20:
372 //nolint:gosec // The random number below is not being used for crypto.
373 return time.Duration(rand.Int63n(int64(d)))
374 default:
375 //nolint:gosec // The random number below is not being used for crypto.
376 n := rand.Int63n(int64(period / 20))
377 d -= time.Duration(n)
378 return d
379 }
380}
381
382func getAfterRenewFunc(pid, signum int, execCmd string) func() error {
383 return func() error {

Callers 3

rekeyCertificateActionFunction · 0.85
renewCertificateActionFunction · 0.85
RenewAndPrepareNextMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…