forked from TrueCloudLab/lego
Add locking to JWS nonce store.
This commit is contained in:
parent
69bbae6026
commit
f6576e8815
1 changed files with 19 additions and 7 deletions
16
acme/jws.go
16
acme/jws.go
|
@ -6,6 +6,7 @@ import (
|
|||
"crypto/rsa"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"sync"
|
||||
|
||||
"github.com/letsencrypt/go-jose"
|
||||
)
|
||||
|
@ -13,6 +14,7 @@ import (
|
|||
type jws struct {
|
||||
privKey *rsa.PrivateKey
|
||||
nonces []string
|
||||
nonceMutex sync.Mutex
|
||||
}
|
||||
|
||||
func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
|
||||
|
@ -24,12 +26,10 @@ func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
|
|||
|
||||
// Posts a JWS signed message to the specified URL
|
||||
func (j *jws) post(url string, content []byte) (*http.Response, error) {
|
||||
if len(j.nonces) == 0 {
|
||||
err := j.getNonce(url)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Could not get a nonce for request: %s\n\t\tError: %v", url, err)
|
||||
}
|
||||
}
|
||||
|
||||
signedContent, err := j.signContent(content)
|
||||
if err != nil {
|
||||
|
@ -66,11 +66,20 @@ func (j *jws) getNonceFromResponse(resp *http.Response) error {
|
|||
return fmt.Errorf("Server did not respond with a proper nonce header.")
|
||||
}
|
||||
|
||||
j.nonceMutex.Lock()
|
||||
j.nonces = append(j.nonces, nonce)
|
||||
j.nonceMutex.Unlock()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (j *jws) getNonce(url string) error {
|
||||
j.nonceMutex.Lock()
|
||||
if len(j.nonces) > 0 {
|
||||
j.nonceMutex.Unlock()
|
||||
return nil
|
||||
}
|
||||
j.nonceMutex.Unlock()
|
||||
|
||||
resp, err := http.Head(url)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -80,6 +89,9 @@ func (j *jws) getNonce(url string) error {
|
|||
}
|
||||
|
||||
func (j *jws) consumeNonce() string {
|
||||
j.nonceMutex.Lock()
|
||||
defer j.nonceMutex.Unlock()
|
||||
|
||||
nonce := ""
|
||||
if len(j.nonces) == 0 {
|
||||
return nonce
|
||||
|
|
Loading…
Reference in a new issue