From 2569c53efe1a945e5492aba7f28a968effa0a7c3 Mon Sep 17 00:00:00 2001
From: Kate Jefferson <barbedbella@gmail.com>
Date: Thu, 18 Aug 2016 16:35:03 -0400
Subject: [PATCH] Add sync.Mutex to lock and unlock j.nonces

---
 acme/jws.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/acme/jws.go b/acme/jws.go
index e000bc64..f70513e3 100644
--- a/acme/jws.go
+++ b/acme/jws.go
@@ -8,6 +8,7 @@ import (
 	"crypto/rsa"
 	"fmt"
 	"net/http"
+	"sync"
 
 	"gopkg.in/square/go-jose.v1"
 )
@@ -16,6 +17,7 @@ type jws struct {
 	directoryURL string
 	privKey      crypto.PrivateKey
 	nonces       []string
+	sync.Mutex
 }
 
 func keyAsJWK(key interface{}) *jose.JsonWebKey {
@@ -75,6 +77,8 @@ func (j *jws) signContent(content []byte) (*jose.JsonWebSignature, error) {
 }
 
 func (j *jws) getNonceFromResponse(resp *http.Response) error {
+	j.Lock()
+	defer j.Unlock()
 	nonce := resp.Header.Get("Replay-Nonce")
 	if nonce == "" {
 		return fmt.Errorf("Server did not respond with a proper nonce header.")
@@ -104,6 +108,8 @@ func (j *jws) Nonce() (string, error) {
 	if len(j.nonces) == 0 {
 		return "", fmt.Errorf("Can't get nonce")
 	}
+	j.Lock()
+	defer j.Unlock()
 	nonce, j.nonces = j.nonces[len(j.nonces)-1], j.nonces[:len(j.nonces)-1]
 	return nonce, nil
 }