diff --git a/jwk/helper.go b/jwk/helper.go index 50f3a28b2d..3257475492 100644 --- a/jwk/helper.go +++ b/jwk/helper.go @@ -26,14 +26,14 @@ import ( "github.com/pkg/errors" ) -var mapLock sync.RWMutex -var locks = map[string]*sync.RWMutex{} +var mapLock sync.Mutex +var locks = map[string]*sync.Mutex{} -func getLock(set string) *sync.RWMutex { +func getLock(set string) *sync.Mutex { mapLock.Lock() defer mapLock.Unlock() if _, ok := locks[set]; !ok { - locks[set] = new(sync.RWMutex) + locks[set] = new(sync.Mutex) } return locks[set] } @@ -44,12 +44,14 @@ func EnsureAsymmetricKeypairExists(ctx context.Context, r InternalRegistry, alg, } func GetOrGenerateKeys(ctx context.Context, r InternalRegistry, m Manager, set, kid, alg string) (private *jose.JSONWebKey, err error) { - getLock(set).Lock() - defer getLock(set).Unlock() - keys, err := m.GetKeySet(ctx, set) + if errors.Is(err, x.ErrNotFound) || keys != nil && len(keys.Keys) == 0 { r.Logger().Warnf("JSON Web Key Set \"%s\" does not exist yet, generating new key pair...", set) + + l := getLock(set) + defer l.Lock() + keys, err = m.GenerateAndPersistKeySet(ctx, set, kid, alg, "sig") if err != nil { return nil, err @@ -64,6 +66,9 @@ func GetOrGenerateKeys(ctx context.Context, r InternalRegistry, m Manager, set, } else { r.Logger().WithField("jwks", set).Warnf("JSON Web Key not found in JSON Web Key Set %s, generating new key pair...", set) + l := getLock(set) + defer l.Lock() + keys, err = m.GenerateAndPersistKeySet(ctx, set, kid, alg, "sig") if err != nil { return nil, err diff --git a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json index 215fa01821..5bc92ec79a 100644 --- a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json +++ b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json @@ -63,7 +63,8 @@ "require_request_uri_registration": true, "response_modes_supported": [ "query", - "fragment" + "fragment", + "form_post" ], "response_types_supported": [ "code", diff --git a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=true.json b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=true.json index 215fa01821..5bc92ec79a 100644 --- a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=true.json +++ b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=true.json @@ -63,7 +63,8 @@ "require_request_uri_registration": true, "response_modes_supported": [ "query", - "fragment" + "fragment", + "form_post" ], "response_types_supported": [ "code",