fix: remove signing key creation (when not found)

2020-10-19 15:26:34 +02:00 · 2020-10-19 15:26:34 +02:00 · 06dcac4c2f
commit 06dcac4c2f
parent 4390119d1d
6 changed files with 14 additions and 77 deletions
--- a/pkg/op/mock/storage.mock.go
+++ b/pkg/op/mock/storage.mock.go
@ -187,15 +187,15 @@ func (mr *MockStorageMockRecorder) GetPrivateClaimsFromScopes(arg0, arg1, arg2,
 }

 // GetSigningKey mocks base method
-func (m *MockStorage) GetSigningKey(arg0 context.Context, arg1 chan<- jose.SigningKey, arg2 chan<- error, arg3 <-chan time.Time) {
+func (m *MockStorage) GetSigningKey(arg0 context.Context, arg1 chan<- jose.SigningKey) {
 	m.ctrl.T.Helper()
-	m.ctrl.Call(m, "GetSigningKey", arg0, arg1, arg2, arg3)
+	m.ctrl.Call(m, "GetSigningKey", arg0, arg1)
 }

 // GetSigningKey indicates an expected call of GetSigningKey
-func (mr *MockStorageMockRecorder) GetSigningKey(arg0, arg1, arg2, arg3 interface{}) *gomock.Call {
+func (mr *MockStorageMockRecorder) GetSigningKey(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSigningKey", reflect.TypeOf((*MockStorage)(nil).GetSigningKey), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSigningKey", reflect.TypeOf((*MockStorage)(nil).GetSigningKey), arg0, arg1)
 }

 // GetUserinfoFromScopes mocks base method
@ -256,20 +256,6 @@ func (mr *MockStorageMockRecorder) SaveAuthCode(arg0, arg1, arg2 interface{}) *g
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SaveAuthCode", reflect.TypeOf((*MockStorage)(nil).SaveAuthCode), arg0, arg1, arg2)
 }

-// SaveNewKeyPair mocks base method
-func (m *MockStorage) SaveNewKeyPair(arg0 context.Context) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SaveNewKeyPair", arg0)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// SaveNewKeyPair indicates an expected call of SaveNewKeyPair
-func (mr *MockStorageMockRecorder) SaveNewKeyPair(arg0 interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SaveNewKeyPair", reflect.TypeOf((*MockStorage)(nil).SaveNewKeyPair), arg0)
-}
-
 // TerminateSession mocks base method
 func (m *MockStorage) TerminateSession(arg0 context.Context, arg1, arg2 string) error {
 	m.ctrl.T.Helper()
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -6,7 +6,6 @@ import (
 	"net/http"
 	"time"

-	"github.com/caos/logging"
 	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/schema"
@ -132,7 +131,7 @@ func NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opO

 	keyCh := make(chan jose.SigningKey)
 	o.signer = NewSigner(ctx, storage, keyCh)
-	go EnsureKey(ctx, storage, keyCh, o.timer, o.retry)
+	go storage.GetSigningKey(ctx, keyCh)

 	o.httpHandler = CreateRouter(o, o.interceptors...)

@ -282,36 +281,6 @@ func (o *openIDKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSig
 	return payload, err
 }

-func EnsureKey(ctx context.Context, storage Storage, keyCh chan<- jose.SigningKey, timer <-chan time.Time, retry func(int) (bool, int)) {
-	count := 0
-	timer = time.After(0)
-	errCh := make(chan error)
-	go storage.GetSigningKey(ctx, keyCh, errCh, timer)
-	for {
-		select {
-		case <-ctx.Done():
-			return
-		case err := <-errCh:
-			if err == nil {
-				continue
-			}
-			_, ok := err.(StorageNotFoundError)
-			if ok {
-				err := storage.SaveNewKeyPair(ctx)
-				if err == nil {
-					continue
-				}
-			}
-			ok, count = retry(count)
-			if ok {
-				timer = time.After(0)
-				continue
-			}
-			logging.Log("OP-n6ynVE").WithError(err).Panic("error in key signer")
-		}
-	}
-}
-
 type Option func(o *openidProvider) error

 func WithCustomAuthEndpoint(endpoint Endpoint) Option {
@ -382,27 +351,6 @@ func WithHttpInterceptors(interceptors ...HttpInterceptor) Option {
 	}
 }

-func WithRetry(max int, sleep time.Duration) Option {
-	return func(o *openidProvider) error {
-		o.retry = func(count int) (bool, int) {
-			count++
-			if count == max {
-				return false, count
-			}
-			time.Sleep(sleep)
-			return true, count
-		}
-		return nil
-	}
-}
-
-func WithTimer(timer <-chan time.Time) Option {
-	return func(o *openidProvider) error {
-		o.timer = timer
-		return nil
-	}
-}
-
 func buildInterceptor(interceptors ...HttpInterceptor) func(http.HandlerFunc) http.Handler {
 	return func(handlerFunc http.HandlerFunc) http.Handler {
 		handler := handlerFuncToHandler(handlerFunc)
--- a/pkg/op/signer.go
+++ b/pkg/op/signer.go
@ -34,6 +34,9 @@ func (s *tokenSigner) Health(_ context.Context) error {
 	if s.signer == nil {
 		return errors.New("no signer")
 	}
+	if string(s.alg) == "" {
+		return errors.New("no signing algorithm")
+	}
 	return nil
 }

--- a/pkg/op/storage.go
+++ b/pkg/op/storage.go
@ -20,9 +20,8 @@ type AuthStorage interface {

 	TerminateSession(context.Context, string, string) error

-	GetSigningKey(context.Context, chan<- jose.SigningKey, chan<- error, <-chan time.Time)
+	GetSigningKey(context.Context, chan<- jose.SigningKey)
 	GetKeySet(context.Context) (*jose.JSONWebKeySet, error)
-	SaveNewKeyPair(context.Context) error
 }

 type OPStorage interface {
--- a/pkg/utils/sign.go
+++ b/pkg/utils/sign.go
@ -2,6 +2,7 @@ package utils

 import (
 	"encoding/json"
+	"errors"

 	"gopkg.in/square/go-jose.v2"
 )
@ -15,6 +16,9 @@ func Sign(object interface{}, signer jose.Signer) (string, error) {
 }

 func SignPayload(payload []byte, signer jose.Signer) (string, error) {
+	if signer == nil {
+		return "", errors.New("missing signer")
+	}
 	result, err := signer.Sign(payload)
 	if err != nil {
 		return "", err