needsRenewal reports whether the certificate is within its renewal window (i.e. the fraction of lifetime remaining is less than or equal to RenewalWindowRatio).
(cert *x509.Certificate)
| 104 | // needsRenewal reports whether the certificate is within its renewal window |
| 105 | // (i.e. the fraction of lifetime remaining is less than or equal to RenewalWindowRatio). |
| 106 | func (ca *CA) needsRenewal(cert *x509.Certificate) bool { |
| 107 | ratio := ca.RenewalWindowRatio |
| 108 | if ratio <= 0 { |
| 109 | ratio = defaultRenewalWindowRatio |
| 110 | } |
| 111 | lifetime := cert.NotAfter.Sub(cert.NotBefore) |
| 112 | renewalWindow := time.Duration(float64(lifetime) * ratio) |
| 113 | renewalWindowStart := cert.NotAfter.Add(-renewalWindow) |
| 114 | return time.Now().After(renewalWindowStart) |
| 115 | } |