Better auto renewal

5 years ago · 8268f4d241
parent 6c10602af6
commit 8268f4d241
3 changed files with 26 additions and 19 deletions
--- a/src/dnscrypt_certs.rs
+++ b/src/dnscrypt_certs.rs
@ -13,10 +13,7 @@ pub const DNSCRYPT_CERTS_TTL: u32 = 86400;
 pub const DNSCRYPT_CERTS_RENEWAL: u32 = 28800;

 fn now() -> u32 {
-    SystemTime::now()
-        .duration_since(SystemTime::UNIX_EPOCH)
-        .unwrap()
-        .as_secs() as u32
+    Clock::now_since_epoch().as_secs() as u32
 }

 #[derive(Debug, Default, Clone)]
@ -86,8 +83,8 @@ impl DNSCryptCert {
        &self.inner.client_magic
    }

-    pub fn ts_end(&self) -> Duration {
-        Duration::from_secs(u64::from(BigEndian::read_u32(&self.inner.ts_end)))
+    pub fn ts_end(&self) -> u32 {
+        BigEndian::read_u32(&self.inner.ts_end)
    }
 }

@ -129,20 +126,30 @@ impl DNSCryptEncryptionParamsUpdater {
        DNSCryptEncryptionParamsUpdater { globals }
    }

+    fn update(&self) {
+        let now = now();
+        let mut new_params_set = vec![];
+        {
+            let params_set = self.globals.dnscrypt_encryption_params_set.read();
+            for params in &**params_set {
+                if params.dnscrypt_cert().ts_end() >= now {
+                    new_params_set.push(params.clone());
+                }
+            }
+        }
+        let new_params = DNSCryptEncryptionParams::new(&self.globals.provider_kp);
+        new_params_set.push(Arc::new(new_params));
+        *self.globals.dnscrypt_encryption_params_set.write() = Arc::new(new_params_set);
+    }
+
    pub async fn run(self) {
        let mut fut_interval = tokio::timer::Interval::new_interval(
            std::time::Duration::from_secs(u64::from(DNSCRYPT_CERTS_RENEWAL)),
        );
-        let fut = async {
-            loop {
-                fut_interval.next().await;
-                let new_params = DNSCryptEncryptionParams::new(&self.globals.provider_kp);
+        let fut = async move {
+            while fut_interval.next().await.is_some() {
+                self.update();
                debug!("New cert issued");
-                let mut params_set = self.globals.dnscrypt_encryption_params_set.write();
-                if params_set.len() >= (DNSCRYPT_CERTS_TTL / DNSCRYPT_CERTS_RENEWAL) as usize {
-                    params_set.swap_remove(0);
-                }
-                params_set.push(Arc::new(new_params));
            }
        };
        fut.await
--- a/src/globals.rs
+++ b/src/globals.rs
@ -13,7 +13,7 @@ use tokio::sync::oneshot;
 #[derive(Debug)]
 pub struct Globals {
    pub runtime: Arc<Runtime>,
-    pub dnscrypt_encryption_params_set: Arc<RwLock<Vec<Arc<DNSCryptEncryptionParams>>>>,
+    pub dnscrypt_encryption_params_set: Arc<RwLock<Arc<Vec<Arc<DNSCryptEncryptionParams>>>>>,
    pub provider_name: String,
    pub provider_kp: SignKeyPair,
    pub listen_addrs: Vec<SocketAddr>,
--- a/src/main.rs
+++ b/src/main.rs
@ -150,7 +150,7 @@ async fn handle_client_query(
 ) -> Result<(), Error> {
    let original_packet_size = encrypted_packet.len();
    let mut dnscrypt_encryption_params_set = vec![];
-    for params in &*globals.dnscrypt_encryption_params_set.read() {
+    for params in &**globals.dnscrypt_encryption_params_set.read() {
        dnscrypt_encryption_params_set.push((*params).clone())
    }
    let (shared_key, nonce, mut packet) =
@ -468,9 +468,9 @@ fn main() -> Result<(), Error> {
    }
    let globals = Arc::new(Globals {
        runtime: runtime.clone(),
-        dnscrypt_encryption_params_set: Arc::new(RwLock::new(vec![Arc::new(
+        dnscrypt_encryption_params_set: Arc::new(RwLock::new(Arc::new(vec![Arc::new(
            dnscrypt_encryption_params,
-        )])),
+        )]))),
        provider_name,
        provider_kp,
        listen_addrs: config.listen_addrs,