fix: remove signing key creation (when not found)

livio-a · livio-a · commit 06dcac4c2f8b · 2020-10-19T15:26:34.000+02:00
diff --git a/example/internal/mock/storage.go b/example/internal/mock/storage.go
@@ -157,15 +157,12 @@ func (s *AuthStorage) CreateToken(_ context.Context, authReq op.TokenRequest) (s
 func (s *AuthStorage) TerminateSession(_ context.Context, userID, clientID string) error {
 	return nil
 }
-func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey, _ chan<- error, _ <-chan time.Time) {
+func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey) {
 	keyCh <- jose.SigningKey{Algorithm: jose.RS256, Key: s.key}
 }
 func (s *AuthStorage) GetKey(_ context.Context) (*rsa.PrivateKey, error) {
 	return s.key, nil
 }
-func (s *AuthStorage) SaveNewKeyPair(ctx context.Context) error {
-	return nil
-}
 func (s *AuthStorage) GetKeySet(_ context.Context) (*jose.JSONWebKeySet, error) {
 	pubkey := s.key.Public()
 	return &jose.JSONWebKeySet{
diff --git a/pkg/op/mock/storage.mock.go b/pkg/op/mock/storage.mock.go
diff --git a/pkg/op/op.go b/pkg/op/op.go
@@ -6,7 +6,6 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/caos/logging"
 	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/schema"
@@ -132,7 +131,7 @@ func NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opO
 
 	keyCh := make(chan jose.SigningKey)
 	o.signer = NewSigner(ctx, storage, keyCh)
-	go EnsureKey(ctx, storage, keyCh, o.timer, o.retry)
+	go storage.GetSigningKey(ctx, keyCh)
 
 	o.httpHandler = CreateRouter(o, o.interceptors...)
 
@@ -282,36 +281,6 @@ func (o *openIDKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSig
 	return payload, err
 }
 
-func EnsureKey(ctx context.Context, storage Storage, keyCh chan<- jose.SigningKey, timer <-chan time.Time, retry func(int) (bool, int)) {
-	count := 0
-	timer = time.After(0)
-	errCh := make(chan error)
-	go storage.GetSigningKey(ctx, keyCh, errCh, timer)
-	for {
-		select {
-		case <-ctx.Done():
-			return
-		case err := <-errCh:
-			if err == nil {
-				continue
-			}
-			_, ok := err.(StorageNotFoundError)
-			if ok {
-				err := storage.SaveNewKeyPair(ctx)
-				if err == nil {
-					continue
-				}
-			}
-			ok, count = retry(count)
-			if ok {
-				timer = time.After(0)
-				continue
-			}
-			logging.Log("OP-n6ynVE").WithError(err).Panic("error in key signer")
-		}
-	}
-}
-
 type Option func(o *openidProvider) error
 
 func WithCustomAuthEndpoint(endpoint Endpoint) Option {
@@ -382,27 +351,6 @@ func WithHttpInterceptors(interceptors ...HttpInterceptor) Option {
 	}
 }
 
-func WithRetry(max int, sleep time.Duration) Option {
-	return func(o *openidProvider) error {
-		o.retry = func(count int) (bool, int) {
-			count++
-			if count == max {
-				return false, count
-			}
-			time.Sleep(sleep)
-			return true, count
-		}
-		return nil
-	}
-}
-
-func WithTimer(timer <-chan time.Time) Option {
-	return func(o *openidProvider) error {
-		o.timer = timer
-		return nil
-	}
-}
-
 func buildInterceptor(interceptors ...HttpInterceptor) func(http.HandlerFunc) http.Handler {
 	return func(handlerFunc http.HandlerFunc) http.Handler {
 		handler := handlerFuncToHandler(handlerFunc)
diff --git a/pkg/op/signer.go b/pkg/op/signer.go
@@ -34,6 +34,9 @@ func (s *tokenSigner) Health(_ context.Context) error {
 	if s.signer == nil {
 		return errors.New("no signer")
 	}
+	if string(s.alg) == "" {
+		return errors.New("no signing algorithm")
+	}
 	return nil
 }
 
diff --git a/pkg/op/storage.go b/pkg/op/storage.go
@@ -20,9 +20,8 @@ type AuthStorage interface {
 
 	TerminateSession(context.Context, string, string) error
 
-	GetSigningKey(context.Context, chan<- jose.SigningKey, chan<- error, <-chan time.Time)
+	GetSigningKey(context.Context, chan<- jose.SigningKey)
 	GetKeySet(context.Context) (*jose.JSONWebKeySet, error)
-	SaveNewKeyPair(context.Context) error
 }
 
 type OPStorage interface {
diff --git a/pkg/utils/sign.go b/pkg/utils/sign.go
@@ -2,6 +2,7 @@ package utils
 
 import (
 	"encoding/json"
+	"errors"
 
 	"gopkg.in/square/go-jose.v2"
 )
@@ -15,6 +16,9 @@ func Sign(object interface{}, signer jose.Signer) (string, error) {
 }
 
 func SignPayload(payload []byte, signer jose.Signer) (string, error) {
+	if signer == nil {
+		return "", errors.New("missing signer")
+	}
 	result, err := signer.Sign(payload)
 	if err != nil {
 		return "", err

Original file line number	Diff line number	Diff line change
`@@ -157,15 +157,12 @@ func (s *AuthStorage) CreateToken(_ context.Context, authReq op.TokenRequest) (s`
`157`	`157`	`func (s *AuthStorage) TerminateSession(_ context.Context, userID, clientID string) error {`
`158`	`158`	`return nil`
`159`	`159`	`}`
`160`		`-func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey, _ chan<- error, _ <-chan time.Time) {`
	`160`	`+func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey) {`
`161`	`161`	`keyCh <- jose.SigningKey{Algorithm: jose.RS256, Key: s.key}`
`162`	`162`	`}`
`163`	`163`	`func (s AuthStorage) GetKey(_ context.Context) (rsa.PrivateKey, error) {`
`164`	`164`	`return s.key, nil`
`165`	`165`	`}`
`166`		`-func (s *AuthStorage) SaveNewKeyPair(ctx context.Context) error {`
`167`		`- return nil`
`168`		`-}`
`169`	`166`	`func (s AuthStorage) GetKeySet(_ context.Context) (jose.JSONWebKeySet, error) {`
`170`	`167`	`pubkey := s.key.Public()`
`171`	`168`	`return &jose.JSONWebKeySet{`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,9 @@ func (s *tokenSigner) Health(_ context.Context) error {`
`34`	`34`	`if s.signer == nil {`
`35`	`35`	`return errors.New("no signer")`
`36`	`36`	`}`
	`37`	`+ if string(s.alg) == "" {`
	`38`	`+ return errors.New("no signing algorithm")`
	`39`	`+ }`
`37`	`40`	`return nil`
`38`	`41`	`}`
`39`	`42`
Original file line number	Diff line number	Diff line change
`@@ -20,9 +20,8 @@ type AuthStorage interface {`
`20`	`20`
`21`	`21`	`TerminateSession(context.Context, string, string) error`
`22`	`22`
`23`		`- GetSigningKey(context.Context, chan<- jose.SigningKey, chan<- error, <-chan time.Time)`
	`23`	`+ GetSigningKey(context.Context, chan<- jose.SigningKey)`
`24`	`24`	`GetKeySet(context.Context) (*jose.JSONWebKeySet, error)`
`25`		`- SaveNewKeyPair(context.Context) error`
`26`	`25`	`}`
`27`	`26`
`28`	`27`	`type OPStorage interface {`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ package utils`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"encoding/json"`
	`5`	`+ "errors"`
`5`	`6`
`6`	`7`	`"gopkg.in/square/go-jose.v2"`
`7`	`8`	`)`
`@@ -15,6 +16,9 @@ func Sign(object interface{}, signer jose.Signer) (string, error) {`
`15`	`16`	`}`
`16`	`17`
`17`	`18`	`func SignPayload(payload []byte, signer jose.Signer) (string, error) {`
	`19`	`+ if signer == nil {`
	`20`	`+ return "", errors.New("missing signer")`
	`21`	`+ }`
`18`	`22`	`result, err := signer.Sign(payload)`
`19`	`23`	`if err != nil {`
`20`	`24`	`return "", err`