Merge pull request #151 from caos/sign-concurrency

pkg/op/op.go

@@ -125,8 +125,8 @@ func NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opO
 	}
 
 	keyCh := make(chan jose.SigningKey)
-	o.signer = NewSigner(ctx, storage, keyCh)
 	go storage.GetSigningKey(ctx, keyCh)
+	o.signer = NewSigner(ctx, storage, keyCh)
 
 	o.httpHandler = CreateRouter(o, o.interceptors...)
 

pkg/op/signer.go

@@ -25,6 +25,12 @@ func NewSigner(ctx context.Context, storage AuthStorage, keyCh <-chan jose.Signi
 		storage: storage,
 	}
 
+	select {
+	case <-ctx.Done():
+		return nil
+	case key := <-keyCh:
+		s.exchangeSigningKey(key)
+	}
 	go s.refreshSigningKey(ctx, keyCh)
 
 	return s
@@ -50,23 +56,27 @@ func (s *tokenSigner) refreshSigningKey(ctx context.Context, keyCh <-chan jose.S
 		case <-ctx.Done():
 			return
 		case key := <-keyCh:
-			s.alg = key.Algorithm
-			if key.Algorithm == "" || key.Key == nil {
-				s.signer = nil
-				logging.Log("OP-DAvt4").Warn("signer has no key")
-				continue
-			}
-			var err error
-			s.signer, err = jose.NewSigner(key, &jose.SignerOptions{})
-			if err != nil {
-				logging.Log("OP-pf32aw").WithError(err).Error("error creating signer")
-				continue
-			}
-			logging.Log("OP-agRf2").Info("signer exchanged signing key")
+			s.exchangeSigningKey(key)
 		}
 	}
 }
 
+func (s *tokenSigner) exchangeSigningKey(key jose.SigningKey) {
+	s.alg = key.Algorithm
+	if key.Algorithm == "" || key.Key == nil {
+		s.signer = nil
+		logging.Log("OP-DAvt4").Warn("signer has no key")
+		return
+	}
+	var err error
+	s.signer, err = jose.NewSigner(key, &jose.SignerOptions{})
+	if err != nil {
+		logging.Log("OP-pf32aw").WithError(err).Error("error creating signer")
+		return
+	}
+	logging.Log("OP-agRf2").Info("signer exchanged signing key")
+}
+
 func (s *tokenSigner) SignatureAlgorithm() jose.SignatureAlgorithm {
 	return s.alg
 }