mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #620 from ericchiang/dev-fix-rotation-polling 

server: fix key rotation polling
pull/623/head
Eric Chiang 10 years ago committed by GitHub
parent
3e94e65b68 892fa3fe35
commit
688d798ff4
1 changed files with 9 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      server/rotation.go

18
server/rotation.go
Unescape View File

@ -20,7 +20,7 @@ import (
// often to rotate them, and how long they can validate signatures after rotation.
type rotationStrategy struct {
// Time between rotations.
period time.Duration
rotationFrequency time.Duration
// After being rotated how long can a key validate signatues?
verifyFor time.Duration
@ -34,18 +34,18 @@ type rotationStrategy struct {
func staticRotationStrategy(key *rsa.PrivateKey) rotationStrategy {
return rotationStrategy{
// Setting these values to 100 years is easier than having a flag indicating no rotation.
period: time.Hour * 8760 * 100,
verifyFor: time.Hour * 8760 * 100,
key: func() (*rsa.PrivateKey, error) { return key, nil },
rotationFrequency: time.Hour * 8760 * 100,
verifyFor: time.Hour * 8760 * 100,
key: func() (*rsa.PrivateKey, error) { return key, nil },
}
}
// defaultRotationStrategy returns a strategy which rotates keys every provided period,
// holding onto the public parts for some specified amount of time.
func defaultRotationStrategy(rotationPeriod, verifyFor time.Duration) rotationStrategy {
func defaultRotationStrategy(rotationFrequency, verifyFor time.Duration) rotationStrategy {
return rotationStrategy{
period: rotationPeriod,
verifyFor: verifyFor,
rotationFrequency: rotationFrequency,
verifyFor: verifyFor,
key: func() (*rsa.PrivateKey, error) {
return rsa.GenerateKey(rand.Reader, 2048)
},
@ -76,7 +76,7 @@ func startKeyRotation(ctx context.Context, s storage.Storage, strategy rotationS
select {
case <-ctx.Done():
return
case <-time.After(strategy.period):
case <-time.After(time.Second * 30):
if err := rotater.rotate(); err != nil {
log.Printf("failed to rotate keys: %v", err)
}
@ -145,7 +145,7 @@ func (k keyRotater) rotate() error {
keys.VerificationKeys = append(keys.VerificationKeys, verificationKey)
}
nextRotation = k.now().Add(k.strategy.period)
nextRotation = k.now().Add(k.strategy.rotationFrequency)
keys.SigningKey = priv
keys.SigningKeyPub = pub
keys.NextRotation = nextRotation

Write Preview
Loading…
Cancel
Save