diff --git a/pkg/op/op.go b/pkg/op/op.go index 8a5be26..1c233ea 100644 --- a/pkg/op/op.go +++ b/pkg/op/op.go @@ -125,8 +125,8 @@ func NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opO } keyCh := make(chan jose.SigningKey) - o.signer = NewSigner(ctx, storage, keyCh) go storage.GetSigningKey(ctx, keyCh) + o.signer = NewSigner(ctx, storage, keyCh) o.httpHandler = CreateRouter(o, o.interceptors...) diff --git a/pkg/op/signer.go b/pkg/op/signer.go index d59ea8e..aaa24d0 100644 --- a/pkg/op/signer.go +++ b/pkg/op/signer.go @@ -25,6 +25,12 @@ func NewSigner(ctx context.Context, storage AuthStorage, keyCh <-chan jose.Signi storage: storage, } + select { + case <-ctx.Done(): + return nil + case key := <-keyCh: + s.exchangeSigningKey(key) + } go s.refreshSigningKey(ctx, keyCh) return s @@ -50,23 +56,27 @@ func (s *tokenSigner) refreshSigningKey(ctx context.Context, keyCh <-chan jose.S case <-ctx.Done(): return case key := <-keyCh: - s.alg = key.Algorithm - if key.Algorithm == "" || key.Key == nil { - s.signer = nil - logging.Log("OP-DAvt4").Warn("signer has no key") - continue - } - var err error - s.signer, err = jose.NewSigner(key, &jose.SignerOptions{}) - if err != nil { - logging.Log("OP-pf32aw").WithError(err).Error("error creating signer") - continue - } - logging.Log("OP-agRf2").Info("signer exchanged signing key") + s.exchangeSigningKey(key) } } } +func (s *tokenSigner) exchangeSigningKey(key jose.SigningKey) { + s.alg = key.Algorithm + if key.Algorithm == "" || key.Key == nil { + s.signer = nil + logging.Log("OP-DAvt4").Warn("signer has no key") + return + } + var err error + s.signer, err = jose.NewSigner(key, &jose.SignerOptions{}) + if err != nil { + logging.Log("OP-pf32aw").WithError(err).Error("error creating signer") + return + } + logging.Log("OP-agRf2").Info("signer exchanged signing key") +} + func (s *tokenSigner) SignatureAlgorithm() jose.SignatureAlgorithm { return s.alg }