From f150a4f850e08dc50cbfffcdb59e733262bd8309 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 17 Jan 2024 12:35:16 +0100 Subject: [PATCH] Remove `sync.Once` for Wire configuration validation --- authority/provisioner/wire/dpop_options.go | 2 +- authority/provisioner/wire/oidc_options.go | 6 ++++-- authority/provisioner/wire/wire_options.go | 17 +++-------------- 3 files changed, 8 insertions(+), 17 deletions(-) diff --git a/authority/provisioner/wire/dpop_options.go b/authority/provisioner/wire/dpop_options.go index c4172a65..721eab01 100644 --- a/authority/provisioner/wire/dpop_options.go +++ b/authority/provisioner/wire/dpop_options.go @@ -10,7 +10,7 @@ import ( ) type DPOPOptions struct { - // Public part of the signing key for DPoP access token + // Public part of the signing key for DPoP access token in PEM format SigningKey []byte `json:"key"` // URI template for the URI the ACME client must call to fetch the DPoP challenge proof (an access token from wire-server) Target string `json:"target"` diff --git a/authority/provisioner/wire/oidc_options.go b/authority/provisioner/wire/oidc_options.go index 67ead41c..5040fa07 100644 --- a/authority/provisioner/wire/oidc_options.go +++ b/authority/provisioner/wire/oidc_options.go @@ -24,8 +24,10 @@ type Provider struct { } type Config struct { - ClientID string `json:"clientId,omitempty"` - SignatureAlgorithms []string `json:"signatureAlgorithms,omitempty"` + ClientID string `json:"clientId,omitempty"` + SignatureAlgorithms []string `json:"signatureAlgorithms,omitempty"` + + // the properties below are only used for testing SkipClientIDCheck bool `json:"-"` SkipExpiryCheck bool `json:"-"` SkipIssuerCheck bool `json:"-"` diff --git a/authority/provisioner/wire/wire_options.go b/authority/provisioner/wire/wire_options.go index f143c287..2ae5543f 100644 --- a/authority/provisioner/wire/wire_options.go +++ b/authority/provisioner/wire/wire_options.go @@ -3,16 +3,12 @@ package wire import ( "errors" "fmt" - "sync" ) // Options holds the Wire ACME extension options type Options struct { OIDC *OIDCOptions `json:"oidc,omitempty"` DPOP *DPOPOptions `json:"dpop,omitempty"` - - validateOnce sync.Once - validationErr error } // GetOIDCOptions returns the OIDC options. @@ -31,17 +27,10 @@ func (o *Options) GetDPOPOptions() *DPOPOptions { return o.DPOP } +// Validate validates and initializes the Wire OIDC and DPoP options. +// +// TODO(hs): find a good way to perform this only once. func (o *Options) Validate() error { - o.validateOnce.Do( - func() { - o.validationErr = validate(o) - }, - ) - - return o.validationErr -} - -func validate(o *Options) error { if oidc := o.GetOIDCOptions(); oidc != nil { if err := oidc.validateAndInitialize(); err != nil { return fmt.Errorf("failed initializing OIDC options: %w", err)