forked from TrueCloudLab/lego
Add locking to JWS nonce store.
This commit is contained in:
parent
69bbae6026
commit
f6576e8815
1 changed files with 19 additions and 7 deletions
16
acme/jws.go
16
acme/jws.go
|
@ -6,6 +6,7 @@ import (
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"sync"
|
||||||
|
|
||||||
"github.com/letsencrypt/go-jose"
|
"github.com/letsencrypt/go-jose"
|
||||||
)
|
)
|
||||||
|
@ -13,6 +14,7 @@ import (
|
||||||
type jws struct {
|
type jws struct {
|
||||||
privKey *rsa.PrivateKey
|
privKey *rsa.PrivateKey
|
||||||
nonces []string
|
nonces []string
|
||||||
|
nonceMutex sync.Mutex
|
||||||
}
|
}
|
||||||
|
|
||||||
func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
|
func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
|
||||||
|
@ -24,12 +26,10 @@ func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
|
||||||
|
|
||||||
// Posts a JWS signed message to the specified URL
|
// Posts a JWS signed message to the specified URL
|
||||||
func (j *jws) post(url string, content []byte) (*http.Response, error) {
|
func (j *jws) post(url string, content []byte) (*http.Response, error) {
|
||||||
if len(j.nonces) == 0 {
|
|
||||||
err := j.getNonce(url)
|
err := j.getNonce(url)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Could not get a nonce for request: %s\n\t\tError: %v", url, err)
|
return nil, fmt.Errorf("Could not get a nonce for request: %s\n\t\tError: %v", url, err)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
signedContent, err := j.signContent(content)
|
signedContent, err := j.signContent(content)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -66,11 +66,20 @@ func (j *jws) getNonceFromResponse(resp *http.Response) error {
|
||||||
return fmt.Errorf("Server did not respond with a proper nonce header.")
|
return fmt.Errorf("Server did not respond with a proper nonce header.")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
j.nonceMutex.Lock()
|
||||||
j.nonces = append(j.nonces, nonce)
|
j.nonces = append(j.nonces, nonce)
|
||||||
|
j.nonceMutex.Unlock()
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (j *jws) getNonce(url string) error {
|
func (j *jws) getNonce(url string) error {
|
||||||
|
j.nonceMutex.Lock()
|
||||||
|
if len(j.nonces) > 0 {
|
||||||
|
j.nonceMutex.Unlock()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
j.nonceMutex.Unlock()
|
||||||
|
|
||||||
resp, err := http.Head(url)
|
resp, err := http.Head(url)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -80,6 +89,9 @@ func (j *jws) getNonce(url string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (j *jws) consumeNonce() string {
|
func (j *jws) consumeNonce() string {
|
||||||
|
j.nonceMutex.Lock()
|
||||||
|
defer j.nonceMutex.Unlock()
|
||||||
|
|
||||||
nonce := ""
|
nonce := ""
|
||||||
if len(j.nonces) == 0 {
|
if len(j.nonces) == 0 {
|
||||||
return nonce
|
return nonce
|
||||||
|
|
Loading…
Reference in a new issue