forked from mystiq/dex
Merge pull request #235 from bobbyrullo/new_go_oidc
Godeps: update github.com/coreos/go-oidc
This commit is contained in:
commit
5192cac342
6 changed files with 64 additions and 35 deletions
10
Godeps/Godeps.json
generated
10
Godeps/Godeps.json
generated
|
@ -21,23 +21,23 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "github.com/coreos/go-oidc/http",
|
"ImportPath": "github.com/coreos/go-oidc/http",
|
||||||
"Rev": "48e2a9be3918af3299c4b390399346447eefea22"
|
"Rev": "145916abb78708694762ff359ab1e34c47c7947f"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "github.com/coreos/go-oidc/jose",
|
"ImportPath": "github.com/coreos/go-oidc/jose",
|
||||||
"Rev": "48e2a9be3918af3299c4b390399346447eefea22"
|
"Rev": "145916abb78708694762ff359ab1e34c47c7947f"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "github.com/coreos/go-oidc/key",
|
"ImportPath": "github.com/coreos/go-oidc/key",
|
||||||
"Rev": "48e2a9be3918af3299c4b390399346447eefea22"
|
"Rev": "145916abb78708694762ff359ab1e34c47c7947f"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "github.com/coreos/go-oidc/oauth2",
|
"ImportPath": "github.com/coreos/go-oidc/oauth2",
|
||||||
"Rev": "48e2a9be3918af3299c4b390399346447eefea22"
|
"Rev": "145916abb78708694762ff359ab1e34c47c7947f"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "github.com/coreos/go-oidc/oidc",
|
"ImportPath": "github.com/coreos/go-oidc/oidc",
|
||||||
"Rev": "48e2a9be3918af3299c4b390399346447eefea22"
|
"Rev": "145916abb78708694762ff359ab1e34c47c7947f"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "github.com/coreos/pkg/capnslog",
|
"ImportPath": "github.com/coreos/pkg/capnslog",
|
||||||
|
|
2
Godeps/_workspace/src/github.com/coreos/go-oidc/key/key.go
generated
vendored
2
Godeps/_workspace/src/github.com/coreos/go-oidc/key/key.go
generated
vendored
|
@ -135,7 +135,7 @@ func (s *PrivateKeySet) Active() *PrivateKey {
|
||||||
type GeneratePrivateKeyFunc func() (*PrivateKey, error)
|
type GeneratePrivateKeyFunc func() (*PrivateKey, error)
|
||||||
|
|
||||||
func GeneratePrivateKey() (*PrivateKey, error) {
|
func GeneratePrivateKey() (*PrivateKey, error) {
|
||||||
pk, err := rsa.GenerateKey(rand.Reader, 1024)
|
pk, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
12
Godeps/_workspace/src/github.com/coreos/go-oidc/key/repo.go
generated
vendored
12
Godeps/_workspace/src/github.com/coreos/go-oidc/key/repo.go
generated
vendored
|
@ -1,6 +1,9 @@
|
||||||
package key
|
package key
|
||||||
|
|
||||||
import "errors"
|
import (
|
||||||
|
"errors"
|
||||||
|
"sync"
|
||||||
|
)
|
||||||
|
|
||||||
var ErrorNoKeys = errors.New("no keys found")
|
var ErrorNoKeys = errors.New("no keys found")
|
||||||
|
|
||||||
|
@ -22,6 +25,7 @@ func NewPrivateKeySetRepo() PrivateKeySetRepo {
|
||||||
}
|
}
|
||||||
|
|
||||||
type memPrivateKeySetRepo struct {
|
type memPrivateKeySetRepo struct {
|
||||||
|
mu sync.RWMutex
|
||||||
pks PrivateKeySet
|
pks PrivateKeySet
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -33,11 +37,17 @@ func (r *memPrivateKeySetRepo) Set(ks KeySet) error {
|
||||||
return errors.New("nil KeySet")
|
return errors.New("nil KeySet")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
r.mu.Lock()
|
||||||
|
defer r.mu.Unlock()
|
||||||
|
|
||||||
r.pks = *pks
|
r.pks = *pks
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *memPrivateKeySetRepo) Get() (KeySet, error) {
|
func (r *memPrivateKeySetRepo) Get() (KeySet, error) {
|
||||||
|
r.mu.RLock()
|
||||||
|
defer r.mu.RUnlock()
|
||||||
|
|
||||||
if r.pks.keys == nil {
|
if r.pks.keys == nil {
|
||||||
return nil, ErrorNoKeys
|
return nil, ErrorNoKeys
|
||||||
}
|
}
|
||||||
|
|
8
Godeps/_workspace/src/github.com/coreos/go-oidc/key/sync.go
generated
vendored
8
Godeps/_workspace/src/github.com/coreos/go-oidc/key/sync.go
generated
vendored
|
@ -29,7 +29,7 @@ func (s *KeySetSyncer) Run() chan struct{} {
|
||||||
var failing bool
|
var failing bool
|
||||||
var next time.Duration
|
var next time.Duration
|
||||||
for {
|
for {
|
||||||
exp, err := sync(s.readable, s.writable, s.clock)
|
exp, err := syncKeySet(s.readable, s.writable, s.clock)
|
||||||
if err != nil || exp == 0 {
|
if err != nil || exp == 0 {
|
||||||
if !failing {
|
if !failing {
|
||||||
failing = true
|
failing = true
|
||||||
|
@ -62,12 +62,12 @@ func (s *KeySetSyncer) Run() chan struct{} {
|
||||||
}
|
}
|
||||||
|
|
||||||
func Sync(r ReadableKeySetRepo, w WritableKeySetRepo) (time.Duration, error) {
|
func Sync(r ReadableKeySetRepo, w WritableKeySetRepo) (time.Duration, error) {
|
||||||
return sync(r, w, clockwork.NewRealClock())
|
return syncKeySet(r, w, clockwork.NewRealClock())
|
||||||
}
|
}
|
||||||
|
|
||||||
// sync copies the keyset from r to the KeySet at w and returns the duration in which the KeySet will expire.
|
// syncKeySet copies the keyset from r to the KeySet at w and returns the duration in which the KeySet will expire.
|
||||||
// If keyset has already expired, returns a zero duration.
|
// If keyset has already expired, returns a zero duration.
|
||||||
func sync(r ReadableKeySetRepo, w WritableKeySetRepo, clock clockwork.Clock) (exp time.Duration, err error) {
|
func syncKeySet(r ReadableKeySetRepo, w WritableKeySetRepo, clock clockwork.Clock) (exp time.Duration, err error) {
|
||||||
var ks KeySet
|
var ks KeySet
|
||||||
ks, err = r.Get()
|
ks, err = r.Get()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
53
Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go
generated
vendored
53
Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go
generated
vendored
|
@ -101,34 +101,12 @@ type Client struct {
|
||||||
redirectURL string
|
redirectURL string
|
||||||
scope []string
|
scope []string
|
||||||
keySet key.PublicKeySet
|
keySet key.PublicKeySet
|
||||||
|
providerSyncer *ProviderConfigSyncer
|
||||||
|
|
||||||
keySetSyncMutex sync.RWMutex
|
keySetSyncMutex sync.RWMutex
|
||||||
lastKeySetSync time.Time
|
lastKeySetSync time.Time
|
||||||
}
|
}
|
||||||
|
|
||||||
type providerConfigRepo struct {
|
|
||||||
mu sync.RWMutex
|
|
||||||
config ProviderConfig // do not access directly, use Get()
|
|
||||||
}
|
|
||||||
|
|
||||||
func newProviderConfigRepo(pc ProviderConfig) *providerConfigRepo {
|
|
||||||
return &providerConfigRepo{sync.RWMutex{}, pc}
|
|
||||||
}
|
|
||||||
|
|
||||||
// returns an error to implement ProviderConfigSetter
|
|
||||||
func (r *providerConfigRepo) Set(cfg ProviderConfig) error {
|
|
||||||
r.mu.Lock()
|
|
||||||
defer r.mu.Unlock()
|
|
||||||
r.config = cfg
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *providerConfigRepo) Get() ProviderConfig {
|
|
||||||
r.mu.RLock()
|
|
||||||
defer r.mu.RUnlock()
|
|
||||||
return r.config
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *Client) Healthy() error {
|
func (c *Client) Healthy() error {
|
||||||
now := time.Now().UTC()
|
now := time.Now().UTC()
|
||||||
|
|
||||||
|
@ -178,9 +156,13 @@ func chooseAuthMethod(cfg ProviderConfig) (string, error) {
|
||||||
return "", errors.New("no supported auth methods")
|
return "", errors.New("no supported auth methods")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SyncProviderConfig starts the provider config syncer
|
||||||
func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{} {
|
func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{} {
|
||||||
r := NewHTTPProviderConfigGetter(c.httpClient, discoveryURL)
|
r := NewHTTPProviderConfigGetter(c.httpClient, discoveryURL)
|
||||||
return NewProviderConfigSyncer(r, c.providerConfig).Run()
|
s := NewProviderConfigSyncer(r, c.providerConfig)
|
||||||
|
stop := s.Run()
|
||||||
|
s.WaitUntilInitialSync()
|
||||||
|
return stop
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) maybeSyncKeys() error {
|
func (c *Client) maybeSyncKeys() error {
|
||||||
|
@ -340,3 +322,26 @@ func (c *Client) keysFuncAll() func() []key.PublicKey {
|
||||||
return c.keySet.Keys()
|
return c.keySet.Keys()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type providerConfigRepo struct {
|
||||||
|
mu sync.RWMutex
|
||||||
|
config ProviderConfig // do not access directly, use Get()
|
||||||
|
}
|
||||||
|
|
||||||
|
func newProviderConfigRepo(pc ProviderConfig) *providerConfigRepo {
|
||||||
|
return &providerConfigRepo{sync.RWMutex{}, pc}
|
||||||
|
}
|
||||||
|
|
||||||
|
// returns an error to implement ProviderConfigSetter
|
||||||
|
func (r *providerConfigRepo) Set(cfg ProviderConfig) error {
|
||||||
|
r.mu.Lock()
|
||||||
|
defer r.mu.Unlock()
|
||||||
|
r.config = cfg
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *providerConfigRepo) Get() ProviderConfig {
|
||||||
|
r.mu.RLock()
|
||||||
|
defer r.mu.RUnlock()
|
||||||
|
return r.config
|
||||||
|
}
|
||||||
|
|
14
Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go
generated
vendored
14
Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go
generated
vendored
|
@ -4,6 +4,7 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/coreos/pkg/capnslog"
|
"github.com/coreos/pkg/capnslog"
|
||||||
|
@ -75,6 +76,9 @@ type ProviderConfigSyncer struct {
|
||||||
from ProviderConfigGetter
|
from ProviderConfigGetter
|
||||||
to ProviderConfigSetter
|
to ProviderConfigSetter
|
||||||
clock clockwork.Clock
|
clock clockwork.Clock
|
||||||
|
|
||||||
|
initialSyncDone bool
|
||||||
|
initialSyncWait sync.WaitGroup
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewProviderConfigSyncer(from ProviderConfigGetter, to ProviderConfigSetter) *ProviderConfigSyncer {
|
func NewProviderConfigSyncer(from ProviderConfigGetter, to ProviderConfigSetter) *ProviderConfigSyncer {
|
||||||
|
@ -91,6 +95,7 @@ func (s *ProviderConfigSyncer) Run() chan struct{} {
|
||||||
var next pcsStepper
|
var next pcsStepper
|
||||||
next = &pcsStepNext{aft: time.Duration(0)}
|
next = &pcsStepNext{aft: time.Duration(0)}
|
||||||
|
|
||||||
|
s.initialSyncWait.Add(1)
|
||||||
go func() {
|
go func() {
|
||||||
for {
|
for {
|
||||||
select {
|
select {
|
||||||
|
@ -105,6 +110,10 @@ func (s *ProviderConfigSyncer) Run() chan struct{} {
|
||||||
return stop
|
return stop
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *ProviderConfigSyncer) WaitUntilInitialSync() {
|
||||||
|
s.initialSyncWait.Wait()
|
||||||
|
}
|
||||||
|
|
||||||
func (s *ProviderConfigSyncer) sync() (time.Duration, error) {
|
func (s *ProviderConfigSyncer) sync() (time.Duration, error) {
|
||||||
cfg, err := s.from.Get()
|
cfg, err := s.from.Get()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -115,6 +124,11 @@ func (s *ProviderConfigSyncer) sync() (time.Duration, error) {
|
||||||
return 0, fmt.Errorf("error setting provider config: %v", err)
|
return 0, fmt.Errorf("error setting provider config: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !s.initialSyncDone {
|
||||||
|
s.initialSyncWait.Done()
|
||||||
|
s.initialSyncDone = true
|
||||||
|
}
|
||||||
|
|
||||||
log.Infof("Updating provider config: config=%#v", cfg)
|
log.Infof("Updating provider config: config=%#v", cfg)
|
||||||
|
|
||||||
return nextSyncAfter(cfg.ExpiresAt, s.clock), nil
|
return nextSyncAfter(cfg.ExpiresAt, s.clock), nil
|
||||||
|
|
Loading…
Reference in a new issue