Merge pull request #620 from ericchiang/dev-fix-rotation-polling

server: fix key rotation polling
2016-10-17 11:13:00 -07:00 · 2016-10-17 11:13:00 -07:00 · 688d798ff4
parent 3e94e65b68 892fa3fe35
commit 688d798ff4
1 changed files with 9 additions and 9 deletions
--- a/server/rotation.go
+++ b/server/rotation.go
@ -20,7 +20,7 @@ import (
 // often to rotate them, and how long they can validate signatures after rotation.
 type rotationStrategy struct {
 	// Time between rotations.
-	period time.Duration
+	rotationFrequency time.Duration

 	// After being rotated how long can a key validate signatues?
 	verifyFor time.Duration
@ -34,18 +34,18 @@ type rotationStrategy struct {
 func staticRotationStrategy(key *rsa.PrivateKey) rotationStrategy {
 	return rotationStrategy{
 		// Setting these values to 100 years is easier than having a flag indicating no rotation.
-		period:    time.Hour * 8760 * 100,
-		verifyFor: time.Hour * 8760 * 100,
-		key:       func() (*rsa.PrivateKey, error) { return key, nil },
+		rotationFrequency: time.Hour * 8760 * 100,
+		verifyFor:         time.Hour * 8760 * 100,
+		key:               func() (*rsa.PrivateKey, error) { return key, nil },
 	}
 }

 // defaultRotationStrategy returns a strategy which rotates keys every provided period,
 // holding onto the public parts for some specified amount of time.
-func defaultRotationStrategy(rotationPeriod, verifyFor time.Duration) rotationStrategy {
+func defaultRotationStrategy(rotationFrequency, verifyFor time.Duration) rotationStrategy {
 	return rotationStrategy{
-		period:    rotationPeriod,
-		verifyFor: verifyFor,
+		rotationFrequency: rotationFrequency,
+		verifyFor:         verifyFor,
 		key: func() (*rsa.PrivateKey, error) {
 			return rsa.GenerateKey(rand.Reader, 2048)
 		},
@ -76,7 +76,7 @@ func startKeyRotation(ctx context.Context, s storage.Storage, strategy rotationS
 			select {
 			case <-ctx.Done():
 				return
-			case <-time.After(strategy.period):
+			case <-time.After(time.Second * 30):
 				if err := rotater.rotate(); err != nil {
 					log.Printf("failed to rotate keys: %v", err)
 				}
@ -145,7 +145,7 @@ func (k keyRotater) rotate() error {
 			keys.VerificationKeys = append(keys.VerificationKeys, verificationKey)
 		}

-		nextRotation = k.now().Add(k.strategy.period)
+		nextRotation = k.now().Add(k.strategy.rotationFrequency)
 		keys.SigningKey = priv
 		keys.SigningKeyPub = pub
 		keys.NextRotation = nextRotation