From 3f0c9b55047d10e3ebcdf7fc6968ad7ce670cea6 Mon Sep 17 00:00:00 2001
From: haoxingxing <mr.haoxx@gmail.com>
Date: Fri, 5 Jan 2024 11:25:14 +0800
Subject: [PATCH] Refactor TLS certificate management

---
 tls/api.go         |  9 ++++++++-
 tls/certificate.go | 45 ++++++++++++++++++++++++++++++++++++++-------
 tls/mgr.go         | 35 -----------------------------------
 udp/controller.go  |  2 --
 4 files changed, 46 insertions(+), 45 deletions(-)
 delete mode 100644 tls/mgr.go

diff --git a/tls/api.go b/tls/api.go
index dd597c0..a1f1a6a 100644
--- a/tls/api.go
+++ b/tls/api.go
@@ -1,4 +1,11 @@
 package tls
 
-func (mgr *tlsMgr) GetCerts() {
+func (mgr *tlsMgr) GetCerts() []Cert {
+	mgr.muCerts.RLock()
+	defer mgr.muCerts.RUnlock()
+	var certs []Cert
+	for _, v := range mgr.certs {
+		certs = append(certs, v)
+	}
+	return certs
 }
diff --git a/tls/certificate.go b/tls/certificate.go
index ff1ec87..d5d48e7 100644
--- a/tls/certificate.go
+++ b/tls/certificate.go
@@ -4,18 +4,48 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"strings"
+	"sync"
 
 	utils "github.com/mrhaoxx/OpenNG/utils"
 )
 
 // var GlobalCer = []tls.Certificate{}
-type certificate struct {
+type Cert struct {
 	*tls.Certificate
 	dnsnames utils.GroupRegexp
+	certfile string
+}
+
+type tlsMgr struct {
+	certs  map[string]Cert
+	lookup *utils.BufferedLookup
+
+	muCerts sync.RWMutex
+}
+
+func NewTlsMgr() *tlsMgr {
+
+	var mgr = tlsMgr{
+		certs: make(map[string]Cert),
+	}
+
+	mgr.lookup = utils.NewBufferedLookup(func(s string) interface{} {
+		mgr.muCerts.RLock()
+		defer mgr.muCerts.RUnlock()
+
+		for _, v := range mgr.certs {
+			if v.dnsnames.MatchString(s) {
+				return v.Certificate
+			}
+		}
+		return nil
+	})
+
+	return &mgr
 }
 
 func (m *tlsMgr) getCertificate(dnsname string) *tls.Certificate {
-	return m.certs[m.lookup.Lookup(dnsname).(string)].Certificate
+	return m.lookup.Lookup(dnsname).(*tls.Certificate)
 }
 
 func (m *tlsMgr) LoadCertificate(certfile, keyfile string) error {
@@ -23,16 +53,17 @@ func (m *tlsMgr) LoadCertificate(certfile, keyfile string) error {
 	if e != nil {
 		return e
 	} else {
-		// if watch {
-		// 	certwatchlist[certfile] = keyfile
-		// 	watcher.Add(certfile)
-		// }
+
 		c.Leaf, _ = x509.ParseCertificate(c.Certificate[0])
 
-		m.certs[certfile] = certificate{
+		m.muCerts.Lock()
+		m.certs[certfile] = Cert{
 			Certificate: &c,
 			dnsnames:    utils.MustCompileRegexp(Dnsname2Regexp(c.Leaf.DNSNames)),
+			certfile:    certfile,
 		}
+		m.muCerts.Unlock()
+
 		return nil
 	}
 }
diff --git a/tls/mgr.go b/tls/mgr.go
deleted file mode 100644
index c5d08c4..0000000
--- a/tls/mgr.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package tls
-
-import (
-	"sync"
-
-	utils "github.com/mrhaoxx/OpenNG/utils"
-)
-
-type tlsMgr struct {
-	certs  map[string]certificate
-	lookup *utils.BufferedLookup
-
-	muCerts sync.RWMutex
-}
-
-func NewTlsMgr() *tlsMgr {
-
-	var mgr = tlsMgr{
-		certs: make(map[string]certificate),
-	}
-
-	mgr.lookup = utils.NewBufferedLookup(func(s string) interface{} {
-		mgr.muCerts.RLock()
-		defer mgr.muCerts.RUnlock()
-
-		for k, v := range mgr.certs {
-			if v.dnsnames.MatchString(s) {
-				return k
-			}
-		}
-		return "unmatched"
-	})
-
-	return &mgr
-}
diff --git a/udp/controller.go b/udp/controller.go
index dc04f60..4fae9ba 100644
--- a/udp/controller.go
+++ b/udp/controller.go
@@ -1,6 +1,4 @@
 package udp
 
 type udpMgr struct {
-	
 }
-