Skip to content

Commit

Permalink
Make verifier thread-safe.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Gh0u1L5
Gh0u1L5 committed Aug 28, 2023
1 parent 4ab45f5 commit 395021c
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 26 deletions.
11 changes: 5 additions & 6 deletions httpsig.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,20 +96,19 @@ type VerifyingKeyResolver interface {
}

type Verifier struct {
verifier
*verifier
}

func NewVerifier(opts ...verifyOption) *Verifier {
v := verifier{
keys: make(map[string]verHolder),
nowFunc: time.Now,
}

for _, o := range opts {
o.configureVerify(&v)
}

return &Verifier{v}
return &Verifier{&v}
}

func (v *Verifier) Verify(r *http.Request) (keyID string, err error) {
Expand Down Expand Up @@ -246,7 +245,7 @@ func WithSignRsaPssSha512(keyID string, pk *rsa.PrivateKey) signOption {
// given public key using the given key id.
func WithVerifyRsaPssSha512(keyID string, pk *rsa.PublicKey) verifyOption {
return &optImpl{
v: func(v *verifier) { v.keys[keyID] = verifyRsaPssSha512(pk) },
v: func(v *verifier) { v.keys.Store(keyID, verifyRsaPssSha512(pk)) },
}
}

Expand All @@ -262,7 +261,7 @@ func WithSignEcdsaP256Sha256(keyID string, pk *ecdsa.PrivateKey) signOption {
// given public key using the given key id.
func WithVerifyEcdsaP256Sha256(keyID string, pk *ecdsa.PublicKey) verifyOption {
return &optImpl{
v: func(v *verifier) { v.keys[keyID] = verifyEccP256(pk) },
v: func(v *verifier) { v.keys.Store(keyID, verifyEccP256(pk)) },
}
}

Expand All @@ -271,6 +270,6 @@ func WithVerifyEcdsaP256Sha256(keyID string, pk *ecdsa.PublicKey) verifyOption {
func WithHmacSha256(keyID string, secret []byte) signOrVerifyOption {
return &optImpl{
s: func(s *signer) { s.keys[keyID] = signHmacSha256(secret) },
v: func(v *verifier) { v.keys[keyID] = verifyHmacSha256(secret) },
v: func(v *verifier) { v.keys.Store(keyID, verifyHmacSha256(secret)) },
}
}
20 changes: 4 additions & 16 deletions standard_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,12 +85,9 @@ func TestVerify_B_2_1(t *testing.T) {
pk := pki.(*rsa.PublicKey)

v := &verifier{
keys: map[string]verHolder{
"test-key-rsa-pss": verifyRsaPssSha512(pk),
},

nowFunc: func() time.Time { return time.Unix(1618884475, 0) },
}
v.keys.Store("test-key-rsa-pss", verifyRsaPssSha512(pk))

req := testReq()
req.Header.Set("Signature-Input", `sig1=();created=1618884475;keyid="test-key-rsa-pss";alg="rsa-pss-sha512"`)
Expand All @@ -117,12 +114,9 @@ func TestVerify_B_2_2(t *testing.T) {
pk := pki.(*rsa.PublicKey)

v := &verifier{
keys: map[string]verHolder{
"test-key-rsa-pss": verifyRsaPssSha512(pk),
},

nowFunc: func() time.Time { return time.Unix(1618884475, 0) },
}
v.keys.Store("test-key-rsa-pss", verifyRsaPssSha512(pk))

req := testReq()
req.Header.Set("Signature-Input", `sig1=("@authority" content-type");created=1618884475;keyid="test-key-rsa-pss"`)
Expand Down Expand Up @@ -150,12 +144,9 @@ func TestVerify_B_2_3(t *testing.T) {
pk := pki.(*rsa.PublicKey)

v := &verifier{
keys: map[string]verHolder{
"test-key-rsa-pss": verifyRsaPssSha512(pk),
},

nowFunc: func() time.Time { return time.Unix(1618884475, 0) },
}
v.keys.Store("test-key-rsa-pss", verifyRsaPssSha512(pk))

req := testReq()
req.Header.Set("Signature-Input", `sig1=("date" "@method" "@path" "@query" "@authority" "content-type" "digest" "content-length");created=1618884475;keyid="test-key-rsa-pss"`)
Expand Down Expand Up @@ -204,12 +195,9 @@ func TestVerify_B_2_5(t *testing.T) {
}

v := &verifier{
keys: map[string]verHolder{
"test-shared-secret": verifyHmacSha256(k),
},

nowFunc: func() time.Time { return time.Unix(1618884475, 0) },
}
v.keys.Store("test-shared-secret", verifyHmacSha256(k))

req := testReq()
req.Header.Set("Signature-Input", `sig1=("@authority" "date" "content-type");created=1618884475;keyid="test-shared-secret"`)
Expand Down
9 changes: 5 additions & 4 deletions verify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"fmt"
"io"
"strings"
"sync"
"time"
)

Expand All @@ -31,7 +32,7 @@ type verHolder struct {
}

type verifier struct {
keys map[string]verHolder
keys sync.Map // map[string]verHolder
resolver VerifyingKeyResolver

// For testing
Expand Down Expand Up @@ -164,8 +165,8 @@ func (v *verifier) Verify(msg *message) (keyID string, err error) {
}

func (v *verifier) ResolveKey(keyID string) (verHolder, bool) {
if holder, ok := v.keys[keyID]; ok {
return holder, true
if holder, ok := v.keys.Load(keyID); ok {
return holder.(verHolder), true
}

if v.resolver != nil {
Expand All @@ -182,7 +183,7 @@ func (v *verifier) ResolveKey(keyID string) (verHolder, bool) {
}
},
}
v.keys[keyID] = holder
v.keys.Store(keyID, holder)
return holder, true
}
}
Expand Down

0 comments on commit 395021c

Please sign in to comment.