Add locking to JWS nonce store.

This commit is contained in:
xenolf 2015-11-11 01:00:20 +01:00
parent 69bbae6026
commit f6576e8815

View file

@ -6,13 +6,15 @@ import (
"crypto/rsa"
"fmt"
"net/http"
"sync"
"github.com/letsencrypt/go-jose"
)
type jws struct {
privKey *rsa.PrivateKey
nonces []string
privKey *rsa.PrivateKey
nonces []string
nonceMutex sync.Mutex
}
func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
@ -24,11 +26,9 @@ func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
// Posts a JWS signed message to the specified URL
func (j *jws) post(url string, content []byte) (*http.Response, error) {
if len(j.nonces) == 0 {
err := j.getNonce(url)
if err != nil {
return nil, fmt.Errorf("Could not get a nonce for request: %s\n\t\tError: %v", url, err)
}
err := j.getNonce(url)
if err != nil {
return nil, fmt.Errorf("Could not get a nonce for request: %s\n\t\tError: %v", url, err)
}
signedContent, err := j.signContent(content)
@ -66,11 +66,20 @@ func (j *jws) getNonceFromResponse(resp *http.Response) error {
return fmt.Errorf("Server did not respond with a proper nonce header.")
}
j.nonceMutex.Lock()
j.nonces = append(j.nonces, nonce)
j.nonceMutex.Unlock()
return nil
}
func (j *jws) getNonce(url string) error {
j.nonceMutex.Lock()
if len(j.nonces) > 0 {
j.nonceMutex.Unlock()
return nil
}
j.nonceMutex.Unlock()
resp, err := http.Head(url)
if err != nil {
return err
@ -80,6 +89,9 @@ func (j *jws) getNonce(url string) error {
}
func (j *jws) consumeNonce() string {
j.nonceMutex.Lock()
defer j.nonceMutex.Unlock()
nonce := ""
if len(j.nonces) == 0 {
return nonce