diff --git a/example/internal/mock/storage.go b/example/internal/mock/storage.go index 8ce59de..d00d7a5 100644 --- a/example/internal/mock/storage.go +++ b/example/internal/mock/storage.go @@ -157,15 +157,12 @@ func (s *AuthStorage) CreateToken(_ context.Context, authReq op.TokenRequest) (s func (s *AuthStorage) TerminateSession(_ context.Context, userID, clientID string) error { return nil } -func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey, _ chan<- error, _ <-chan time.Time) { +func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey) { keyCh <- jose.SigningKey{Algorithm: jose.RS256, Key: s.key} } func (s *AuthStorage) GetKey(_ context.Context) (*rsa.PrivateKey, error) { return s.key, nil } -func (s *AuthStorage) SaveNewKeyPair(ctx context.Context) error { - return nil -} func (s *AuthStorage) GetKeySet(_ context.Context) (*jose.JSONWebKeySet, error) { pubkey := s.key.Public() return &jose.JSONWebKeySet{ diff --git a/pkg/op/mock/storage.mock.go b/pkg/op/mock/storage.mock.go index e589413..280e8e6 100644 --- a/pkg/op/mock/storage.mock.go +++ b/pkg/op/mock/storage.mock.go @@ -187,15 +187,15 @@ func (mr *MockStorageMockRecorder) GetPrivateClaimsFromScopes(arg0, arg1, arg2, } // GetSigningKey mocks base method -func (m *MockStorage) GetSigningKey(arg0 context.Context, arg1 chan<- jose.SigningKey, arg2 chan<- error, arg3 <-chan time.Time) { +func (m *MockStorage) GetSigningKey(arg0 context.Context, arg1 chan<- jose.SigningKey) { m.ctrl.T.Helper() - m.ctrl.Call(m, "GetSigningKey", arg0, arg1, arg2, arg3) + m.ctrl.Call(m, "GetSigningKey", arg0, arg1) } // GetSigningKey indicates an expected call of GetSigningKey -func (mr *MockStorageMockRecorder) GetSigningKey(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { +func (mr *MockStorageMockRecorder) GetSigningKey(arg0, arg1 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSigningKey", reflect.TypeOf((*MockStorage)(nil).GetSigningKey), arg0, arg1, arg2, arg3) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSigningKey", reflect.TypeOf((*MockStorage)(nil).GetSigningKey), arg0, arg1) } // Health mocks base method @@ -226,20 +226,6 @@ func (mr *MockStorageMockRecorder) SaveAuthCode(arg0, arg1, arg2 interface{}) *g return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SaveAuthCode", reflect.TypeOf((*MockStorage)(nil).SaveAuthCode), arg0, arg1, arg2) } -// SaveNewKeyPair mocks base method -func (m *MockStorage) SaveNewKeyPair(arg0 context.Context) error { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "SaveNewKeyPair", arg0) - ret0, _ := ret[0].(error) - return ret0 -} - -// SaveNewKeyPair indicates an expected call of SaveNewKeyPair -func (mr *MockStorageMockRecorder) SaveNewKeyPair(arg0 interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SaveNewKeyPair", reflect.TypeOf((*MockStorage)(nil).SaveNewKeyPair), arg0) -} - // SetIntrospectionFromToken mocks base method func (m *MockStorage) SetIntrospectionFromToken(arg0 context.Context, arg1 oidc.IntrospectionResponse, arg2, arg3, arg4 string) error { m.ctrl.T.Helper() diff --git a/pkg/op/mock/storage.mock.impl.go b/pkg/op/mock/storage.mock.impl.go index 2788c39..da04fc9 100644 --- a/pkg/op/mock/storage.mock.impl.go +++ b/pkg/op/mock/storage.mock.impl.go @@ -38,12 +38,6 @@ func NewMockStorageAny(t *testing.T) op.Storage { return m } -func NewMockStorageSigningKeyError(t *testing.T) op.Storage { - m := NewStorage(t) - ExpectSigningKeyError(m) - return m -} - func NewMockStorageSigningKeyInvalid(t *testing.T) op.Storage { m := NewStorage(t) ExpectSigningKeyInvalid(m) @@ -89,19 +83,10 @@ func ExpectValidClientID(s op.Storage) { }) } -func ExpectSigningKeyError(s op.Storage) { - mockS := s.(*MockStorage) - mockS.EXPECT().GetSigningKey(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn( - func(_ context.Context, keyCh chan<- jose.SigningKey, errCh chan<- error, _ <-chan bool) { - errCh <- errors.New("error") - }, - ) -} - func ExpectSigningKeyInvalid(s op.Storage) { mockS := s.(*MockStorage) - mockS.EXPECT().GetSigningKey(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn( - func(_ context.Context, keyCh chan<- jose.SigningKey, errCh chan<- error, _ <-chan bool) { + mockS.EXPECT().GetSigningKey(gomock.Any(), gomock.Any()).DoAndReturn( + func(_ context.Context, keyCh chan<- jose.SigningKey) { keyCh <- jose.SigningKey{} }, ) @@ -109,8 +94,8 @@ func ExpectSigningKeyInvalid(s op.Storage) { func ExpectSigningKey(s op.Storage) { mockS := s.(*MockStorage) - mockS.EXPECT().GetSigningKey(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn( - func(_ context.Context, keyCh chan<- jose.SigningKey, errCh chan<- error, _ <-chan bool) { + mockS.EXPECT().GetSigningKey(gomock.Any(), gomock.Any()).DoAndReturn( + func(_ context.Context, keyCh chan<- jose.SigningKey) { keyCh <- jose.SigningKey{Algorithm: jose.HS256, Key: []byte("key")} }, ) diff --git a/pkg/op/op.go b/pkg/op/op.go index 26445c5..c91865d 100644 --- a/pkg/op/op.go +++ b/pkg/op/op.go @@ -6,7 +6,6 @@ import ( "net/http" "time" - "github.com/caos/logging" "github.com/gorilla/handlers" "github.com/gorilla/mux" "github.com/gorilla/schema" @@ -118,7 +117,7 @@ func NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opO keyCh := make(chan jose.SigningKey) o.signer = NewSigner(ctx, storage, keyCh) - go EnsureKey(ctx, storage, keyCh, o.timer, o.retry) + go storage.GetSigningKey(ctx, keyCh) o.httpHandler = CreateRouter(o, o.interceptors...) @@ -284,36 +283,6 @@ func (o *openIDKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSig return payload, err } -func EnsureKey(ctx context.Context, storage Storage, keyCh chan<- jose.SigningKey, timer <-chan time.Time, retry func(int) (bool, int)) { - count := 0 - timer = time.After(0) - errCh := make(chan error) - go storage.GetSigningKey(ctx, keyCh, errCh, timer) - for { - select { - case <-ctx.Done(): - return - case err := <-errCh: - if err == nil { - continue - } - _, ok := err.(StorageNotFoundError) - if ok { - err := storage.SaveNewKeyPair(ctx) - if err == nil { - continue - } - } - ok, count = retry(count) - if ok { - timer = time.After(0) - continue - } - logging.Log("OP-n6ynVE").WithError(err).Panic("error in key signer") - } - } -} - type Option func(o *openidProvider) error func WithCustomAuthEndpoint(endpoint Endpoint) Option { @@ -394,27 +363,6 @@ func WithHttpInterceptors(interceptors ...HttpInterceptor) Option { } } -func WithRetry(max int, sleep time.Duration) Option { - return func(o *openidProvider) error { - o.retry = func(count int) (bool, int) { - count++ - if count == max { - return false, count - } - time.Sleep(sleep) - return true, count - } - return nil - } -} - -func WithTimer(timer <-chan time.Time) Option { - return func(o *openidProvider) error { - o.timer = timer - return nil - } -} - func buildInterceptor(interceptors ...HttpInterceptor) func(http.HandlerFunc) http.Handler { return func(handlerFunc http.HandlerFunc) http.Handler { handler := handlerFuncToHandler(handlerFunc) diff --git a/pkg/op/signer.go b/pkg/op/signer.go index 76bb9c7..939fe13 100644 --- a/pkg/op/signer.go +++ b/pkg/op/signer.go @@ -34,6 +34,9 @@ func (s *tokenSigner) Health(_ context.Context) error { if s.signer == nil { return errors.New("no signer") } + if string(s.alg) == "" { + return errors.New("no signing algorithm") + } return nil } diff --git a/pkg/op/storage.go b/pkg/op/storage.go index 33ed6ce..277f244 100644 --- a/pkg/op/storage.go +++ b/pkg/op/storage.go @@ -20,9 +20,8 @@ type AuthStorage interface { TerminateSession(context.Context, string, string) error - GetSigningKey(context.Context, chan<- jose.SigningKey, chan<- error, <-chan time.Time) + GetSigningKey(context.Context, chan<- jose.SigningKey) GetKeySet(context.Context) (*jose.JSONWebKeySet, error) - SaveNewKeyPair(context.Context) error } type OPStorage interface { diff --git a/pkg/utils/sign.go b/pkg/utils/sign.go index e1efe61..5ebac43 100644 --- a/pkg/utils/sign.go +++ b/pkg/utils/sign.go @@ -2,6 +2,7 @@ package utils import ( "encoding/json" + "errors" "gopkg.in/square/go-jose.v2" ) @@ -15,6 +16,9 @@ func Sign(object interface{}, signer jose.Signer) (string, error) { } func SignPayload(payload []byte, signer jose.Signer) (string, error) { + if signer == nil { + return "", errors.New("missing signer") + } result, err := signer.Sign(payload) if err != nil { return "", err