Start starts the PKI app.
()
| 89 | |
| 90 | // Start starts the PKI app. |
| 91 | func (p *PKI) Start() error { |
| 92 | // install roots to trust store, if not disabled |
| 93 | for _, ca := range p.CAs { |
| 94 | if ca.InstallTrust != nil && !*ca.InstallTrust { |
| 95 | ca.log.Info("root certificate trust store installation disabled; unconfigured clients may show warnings", |
| 96 | zap.String("path", ca.rootCertPath)) |
| 97 | continue |
| 98 | } |
| 99 | |
| 100 | if err := ca.installRoot(); err != nil { |
| 101 | // could be some system dependencies that are missing; |
| 102 | // shouldn't totally prevent startup, but we should log it |
| 103 | ca.log.Error("failed to install root certificate", |
| 104 | zap.Error(err), |
| 105 | zap.String("certificate_file", ca.rootCertPath)) |
| 106 | } |
| 107 | } |
| 108 | |
| 109 | // see if root/intermediates need renewal... |
| 110 | p.renewCerts() |
| 111 | |
| 112 | // ...and keep them renewed (one goroutine per CA with its own interval) |
| 113 | for _, ca := range p.CAs { |
| 114 | go p.maintenanceForCA(ca) |
| 115 | } |
| 116 | |
| 117 | return nil |
| 118 | } |
| 119 | |
| 120 | // Stop stops the PKI app. |
| 121 | func (p *PKI) Stop() error { |
nothing calls this directly
no test coverage detected