TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-06-13 04:28:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: race condition in system jwt signature check (#8618)

Browse Source
This commit is contained in:
Livio Spring 2024-09-13 17:18:37 +02:00 committed by GitHub
parent 289378713e
commit 14383cfe8c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/api/authz/system_token.go
View File

@ -76,7 +76,7 @@ func (s *SystemTokenVerifierFromConfig) VerifySystemToken(ctx context.Context, t
type systemJWTStorage struct { type systemJWTStorage struct {
keys map[string]*SystemAPIUser keys map[string]*SystemAPIUser
mutex sync.Mutex mutex sync.RWMutex
cachedKeys map[string]*rsa.PublicKey cachedKeys map[string]*rsa.PublicKey
} }
@ -98,7 +98,9 @@ func (s *SystemAPIUser) readKey() (*rsa.PublicKey, error) {
} }
func (s *systemJWTStorage) GetKeyByIDAndClientID(_ context.Context, _, userID string) (*jose.JSONWebKey, error) { func (s *systemJWTStorage) GetKeyByIDAndClientID(_ context.Context, _, userID string) (*jose.JSONWebKey, error) {
s.mutex.RLock()
cachedKey, ok := s.cachedKeys[userID] cachedKey, ok := s.cachedKeys[userID]
s.mutex.RUnlock()
if ok { if ok {
return &jose.JSONWebKey{KeyID: userID, Key: cachedKey}, nil return &jose.JSONWebKey{KeyID: userID, Key: cachedKey}, nil
} }