Merge pull request #620 from ericchiang/dev-fix-rotation-polling
server: fix key rotation polling
This commit is contained in:
commit
688d798ff4
1 changed files with 9 additions and 9 deletions
|
@ -20,7 +20,7 @@ import (
|
|||
// often to rotate them, and how long they can validate signatures after rotation.
|
||||
type rotationStrategy struct {
|
||||
// Time between rotations.
|
||||
period time.Duration
|
||||
rotationFrequency time.Duration
|
||||
|
||||
// After being rotated how long can a key validate signatues?
|
||||
verifyFor time.Duration
|
||||
|
@ -34,18 +34,18 @@ type rotationStrategy struct {
|
|||
func staticRotationStrategy(key *rsa.PrivateKey) rotationStrategy {
|
||||
return rotationStrategy{
|
||||
// Setting these values to 100 years is easier than having a flag indicating no rotation.
|
||||
period: time.Hour * 8760 * 100,
|
||||
verifyFor: time.Hour * 8760 * 100,
|
||||
key: func() (*rsa.PrivateKey, error) { return key, nil },
|
||||
rotationFrequency: time.Hour * 8760 * 100,
|
||||
verifyFor: time.Hour * 8760 * 100,
|
||||
key: func() (*rsa.PrivateKey, error) { return key, nil },
|
||||
}
|
||||
}
|
||||
|
||||
// defaultRotationStrategy returns a strategy which rotates keys every provided period,
|
||||
// holding onto the public parts for some specified amount of time.
|
||||
func defaultRotationStrategy(rotationPeriod, verifyFor time.Duration) rotationStrategy {
|
||||
func defaultRotationStrategy(rotationFrequency, verifyFor time.Duration) rotationStrategy {
|
||||
return rotationStrategy{
|
||||
period: rotationPeriod,
|
||||
verifyFor: verifyFor,
|
||||
rotationFrequency: rotationFrequency,
|
||||
verifyFor: verifyFor,
|
||||
key: func() (*rsa.PrivateKey, error) {
|
||||
return rsa.GenerateKey(rand.Reader, 2048)
|
||||
},
|
||||
|
@ -76,7 +76,7 @@ func startKeyRotation(ctx context.Context, s storage.Storage, strategy rotationS
|
|||
select {
|
||||
case <-ctx.Done():
|
||||
return
|
||||
case <-time.After(strategy.period):
|
||||
case <-time.After(time.Second * 30):
|
||||
if err := rotater.rotate(); err != nil {
|
||||
log.Printf("failed to rotate keys: %v", err)
|
||||
}
|
||||
|
@ -145,7 +145,7 @@ func (k keyRotater) rotate() error {
|
|||
keys.VerificationKeys = append(keys.VerificationKeys, verificationKey)
|
||||
}
|
||||
|
||||
nextRotation = k.now().Add(k.strategy.period)
|
||||
nextRotation = k.now().Add(k.strategy.rotationFrequency)
|
||||
keys.SigningKey = priv
|
||||
keys.SigningKeyPub = pub
|
||||
keys.NextRotation = nextRotation
|
||||
|
|
Reference in a new issue