Add locking to JWS nonce store.

This commit is contained in:
xenolf 2015-11-11 01:00:20 +01:00
parent 69bbae6026
commit f6576e8815

View file

@ -6,6 +6,7 @@ import (
"crypto/rsa" "crypto/rsa"
"fmt" "fmt"
"net/http" "net/http"
"sync"
"github.com/letsencrypt/go-jose" "github.com/letsencrypt/go-jose"
) )
@ -13,6 +14,7 @@ import (
type jws struct { type jws struct {
privKey *rsa.PrivateKey privKey *rsa.PrivateKey
nonces []string nonces []string
nonceMutex sync.Mutex
} }
func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey { func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
@ -24,12 +26,10 @@ func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
// Posts a JWS signed message to the specified URL // Posts a JWS signed message to the specified URL
func (j *jws) post(url string, content []byte) (*http.Response, error) { func (j *jws) post(url string, content []byte) (*http.Response, error) {
if len(j.nonces) == 0 {
err := j.getNonce(url) err := j.getNonce(url)
if err != nil { if err != nil {
return nil, fmt.Errorf("Could not get a nonce for request: %s\n\t\tError: %v", url, err) return nil, fmt.Errorf("Could not get a nonce for request: %s\n\t\tError: %v", url, err)
} }
}
signedContent, err := j.signContent(content) signedContent, err := j.signContent(content)
if err != nil { if err != nil {
@ -66,11 +66,20 @@ func (j *jws) getNonceFromResponse(resp *http.Response) error {
return fmt.Errorf("Server did not respond with a proper nonce header.") return fmt.Errorf("Server did not respond with a proper nonce header.")
} }
j.nonceMutex.Lock()
j.nonces = append(j.nonces, nonce) j.nonces = append(j.nonces, nonce)
j.nonceMutex.Unlock()
return nil return nil
} }
func (j *jws) getNonce(url string) error { func (j *jws) getNonce(url string) error {
j.nonceMutex.Lock()
if len(j.nonces) > 0 {
j.nonceMutex.Unlock()
return nil
}
j.nonceMutex.Unlock()
resp, err := http.Head(url) resp, err := http.Head(url)
if err != nil { if err != nil {
return err return err
@ -80,6 +89,9 @@ func (j *jws) getNonce(url string) error {
} }
func (j *jws) consumeNonce() string { func (j *jws) consumeNonce() string {
j.nonceMutex.Lock()
defer j.nonceMutex.Unlock()
nonce := "" nonce := ""
if len(j.nonces) == 0 { if len(j.nonces) == 0 {
return nonce return nonce