From d7cfa638a74584db2b6219d6fdffd31c1eb11097 Mon Sep 17 00:00:00 2001
From: "Zed A. Shaw" <zed.shaw@gmail.com>
Date: Wed, 18 Feb 2026 14:04:51 -0500
Subject: [PATCH] Does the copy now.

---
 main.go           | 69 ++++++++++++++++++++++++++++++++++++++++-------
 test/fakepriv.pem |  2 +-
 2 files changed, 60 insertions(+), 11 deletions(-)

diff --git a/main.go b/main.go
index 0ebff87..c0d0bfc 100644
--- a/main.go
+++ b/main.go
@@ -5,8 +5,10 @@ import (
   "flag"
   "log"
   "os"
+  "io"
   "encoding/json"
   "time"
+  "path"
   "path/filepath"
 )
 
@@ -25,12 +27,29 @@ type Config struct {
   delay_time time.Duration
 }
 
-func LoadConfig(path string) Config {
+func MustExist(p string) {
+  _, err := os.Stat(p)
+  if os.IsNotExist(err) {
+    log.Fatalf("path %s does not exist: %v", p, err)
+  }
+}
+
+
+func AbsPath(p string) string {
+  p, err := filepath.Abs(p)
+  if err != nil {
+    log.Fatalf("can't convert %s to absolute p: %v", p, err)
+  }
+
+  return p
+}
+
+func LoadConfig(config_path string) Config {
   var config Config
 
-  config_data, err := os.ReadFile(path)
+  config_data, err := os.ReadFile(config_path)
   if err != nil {
-    log.Fatal("invalid config path %s: %v", path, err)
+    log.Fatal("invalid config path %s: %v", config_path, err)
   }
 
   err = json.Unmarshal(config_data, &config)
@@ -43,6 +62,18 @@ func LoadConfig(path string) Config {
     log.Fatalf("can't parse watch_delay setting %s: %v", config.WatchDelay, err)
   }
 
+  config.Source.PrivateKey = AbsPath(config.Source.PrivateKey)
+  MustExist(config.Source.PrivateKey)
+
+  config.Source.PublicKey = AbsPath(config.Source.PublicKey)
+  MustExist(config.Source.PublicKey)
+
+  config.Target.PrivateKey = AbsPath(config.Target.PrivateKey)
+  MustExist(path.Dir(config.Target.PrivateKey))
+
+  config.Target.PublicKey = AbsPath(config.Target.PublicKey)
+  MustExist(path.Dir(config.Target.PublicKey))
+
   return config
 }
 
@@ -55,8 +86,32 @@ func ParseOpts() Config {
   return LoadConfig(config_file)
 }
 
+func Copy(from string, to string) {
+  log.Println("copying from=", from, "to=", to)
+
+  src, err := os.Open(from)
+  if err != nil { log.Fatalf("%s: %v", from, err) }
+  defer src.Close()
+
+  dst, err := os.OpenFile(to, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0700)
+  if err != nil { log.Fatalf("%s: %v", to, err) }
+  defer dst.Close()
+
+  _, err = io.Copy(dst, src)
+
+  if err != nil {
+    log.Fatalf("failed to copy: %v", err)
+  }
+}
+
 func (cfg *Config) SyncCerts() {
-  log.Println("SYNC CERTS CALLED");
+  log.Println("SYNC CERTS CALLED")
+  // copy the files
+  Copy(cfg.Source.PrivateKey, cfg.Target.PrivateKey)
+  Copy(cfg.Source.PublicKey, cfg.Target.PublicKey)
+
+  // change the ownership
+  // restart the service
 }
 
 func (cfg *Config) HandleEvents() {
@@ -98,12 +153,6 @@ func (cfg *Config) WatchFiles() {
 
   go cfg.HandleEvents()
 
-  cfg.Source.PrivateKey, err = filepath.Abs(cfg.Source.PrivateKey)
-  if err != nil {
-    log.Fatalf("can't convert %s to absolut path: %v",
-      cfg.Source.PrivateKey, err)
-  }
-
   err = cfg.watcher.Add(cfg.Source.PrivateKey)
   if err != nil {
     log.Fatalf("can't watch %s: %v", err, cfg.Source.PrivateKey)
diff --git a/test/fakepriv.pem b/test/fakepriv.pem
index e836190..6279dbc 100644
--- a/test/fakepriv.pem
+++ b/test/fakepriv.pem
@@ -1 +1 @@
-Wed Feb 18 12:57:08 EST 2026
+Wed Feb 18 13:53:57 EST 2026