cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: change channel for GetSigningKey to time

Browse source
This commit is contained in:
Livio Amstutz 2020-02-14 12:54:26 +01:00
parent 913eec6a8c
commit a2e2f064a2
4 changed files with 21 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
example/internal/mock/storage.go
View file

@ -140,7 +140,7 @@ func (s *AuthStorage) AuthRequestByID(_ context.Context, id string) (op.AuthRequ
} }
return a, nil return a, nil
} }
func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey, _ chan<- error, _ <-chan bool) { func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey, _ chan<- error, _ <-chan time.Time) {
keyCh <- jose.SigningKey{Algorithm: jose.RS256, Key: s.key} keyCh <- jose.SigningKey{Algorithm: jose.RS256, Key: s.key}
} }
func (s *AuthStorage) GetKey(_ context.Context) (*rsa.PrivateKey, error) { func (s *AuthStorage) GetKey(_ context.Context) (*rsa.PrivateKey, error) {

26
pkg/op/default_op.go
View file

@ -45,6 +45,7 @@ type DefaultOP struct {
encoder *schema.Encoder encoder *schema.Encoder
interceptor HttpInterceptor interceptor HttpInterceptor
retry func(int) (bool, int) retry func(int) (bool, int)
timer <-chan time.Time
} }
type Config struct { type Config struct {
@ -123,6 +124,13 @@ func WithRetry(max int, sleep time.Duration) DefaultOPOpts {
} }
} }
func WithTimer(timer <-chan time.Time) DefaultOPOpts {
return func(o *DefaultOP) error {
o.timer = timer
return nil
}
}
func NewDefaultOP(ctx context.Context, config *Config, storage Storage, opOpts ...DefaultOPOpts) (OpenIDProvider, error) { func NewDefaultOP(ctx context.Context, config *Config, storage Storage, opOpts ...DefaultOPOpts) (OpenIDProvider, error) {
err := ValidateIssuer(config.Issuer) err := ValidateIssuer(config.Issuer)
if err != nil { if err != nil {
@ -133,18 +141,19 @@ func NewDefaultOP(ctx context.Context, config *Config, storage Storage, opOpts .
config: config, config: config,
storage: storage, storage: storage,
endpoints: DefaultEndpoints, endpoints: DefaultEndpoints,
timer: make(<-chan time.Time),
} }
keyCh := make(chan jose.SigningKey)
p.signer = NewDefaultSigner(ctx, storage, keyCh)
go p.ensureKey(ctx, storage, keyCh)
for _, optFunc := range opOpts { for _, optFunc := range opOpts {
if err := optFunc(p); err != nil { if err := optFunc(p); err != nil {
return nil, err return nil, err
} }
} }
keyCh := make(chan jose.SigningKey)
p.signer = NewDefaultSigner(ctx, storage, keyCh)
go p.ensureKey(ctx, storage, keyCh, p.timer)
router := CreateRouter(p, p.interceptor) router := CreateRouter(p, p.interceptor)
p.http = &http.Server{ p.http = &http.Server{
Addr: ":" + config.Port, Addr: ":" + config.Port,
@ -252,12 +261,11 @@ func (p *DefaultOP) HandleUserinfo(w http.ResponseWriter, r *http.Request) {
Userinfo(w, r, p) Userinfo(w, r, p)
} }
func (p *DefaultOP) ensureKey(ctx context.Context, storage Storage, keyCh chan<- jose.SigningKey) { func (p *DefaultOP) ensureKey(ctx context.Context, storage Storage, keyCh chan<- jose.SigningKey, timer <-chan time.Time) {
count := 0 count := 0
explicit := make(chan bool) timer = time.After(0)
errCh := make(chan error) errCh := make(chan error)
go storage.GetSigningKey(ctx, keyCh, errCh, explicit) go storage.GetSigningKey(ctx, keyCh, errCh, timer)
explicit <- true
for { for {
select { select {
case <-ctx.Done(): case <-ctx.Done():
@ -275,7 +283,7 @@ func (p *DefaultOP) ensureKey(ctx context.Context, storage Storage, keyCh chan<-
} }
ok, count = p.retry(count) ok, count = p.retry(count)
if ok { if ok {
explicit <- true timer = time.After(0)
continue continue
} }
logging.Log("OP-n6ynVE").WithError(err).Panic("error in key signer") logging.Log("OP-n6ynVE").WithError(err).Panic("error in key signer")

3
pkg/op/mock/storage.mock.go
View file

@ -11,6 +11,7 @@ import (
gomock "github.com/golang/mock/gomock" gomock "github.com/golang/mock/gomock"
go_jose_v2 "gopkg.in/square/go-jose.v2" go_jose_v2 "gopkg.in/square/go-jose.v2"
reflect "reflect" reflect "reflect"
time "time"
) )
// MockStorage is a mock of Storage interface // MockStorage is a mock of Storage interface
@ -125,7 +126,7 @@ func (mr *MockStorageMockRecorder) GetKeySet(arg0 interface{}) *gomock.Call {
} }
// GetSigningKey mocks base method // GetSigningKey mocks base method
func (m *MockStorage) GetSigningKey(arg0 context.Context, arg1 chan<- go_jose_v2.SigningKey, arg2 chan<- error, arg3 <-chan bool) { func (m *MockStorage) GetSigningKey(arg0 context.Context, arg1 chan<- go_jose_v2.SigningKey, arg2 chan<- error, arg3 <-chan time.Time) {
m.ctrl.T.Helper() m.ctrl.T.Helper()
m.ctrl.Call(m, "GetSigningKey", arg0, arg1, arg2, arg3) m.ctrl.Call(m, "GetSigningKey", arg0, arg1, arg2, arg3)
} }

2
pkg/op/storage.go
View file

@ -14,7 +14,7 @@ type AuthStorage interface {
AuthRequestByID(context.Context, string) (AuthRequest, error) AuthRequestByID(context.Context, string) (AuthRequest, error)
DeleteAuthRequest(context.Context, string) error DeleteAuthRequest(context.Context, string) error
GetSigningKey(context.Context, chan<- jose.SigningKey, chan<- error, <-chan bool) GetSigningKey(context.Context, chan<- jose.SigningKey, chan<- error, <-chan time.Time)
GetKeySet(context.Context) (*jose.JSONWebKeySet, error) GetKeySet(context.Context) (*jose.JSONWebKeySet, error)
SaveNewKeyPair(context.Context) error SaveNewKeyPair(context.Context) error
} }