rotate rotates keys on a regular basis, sending each updated set of keys down keysChan, until doneChan is closed.
(doneChan <-chan struct{}, keysChan chan<- [][32]byte)
| 82 | // rotate rotates keys on a regular basis, sending each updated set of |
| 83 | // keys down keysChan, until doneChan is closed. |
| 84 | func (s *standardSTEKProvider) rotate(doneChan <-chan struct{}, keysChan chan<- [][32]byte) { |
| 85 | defer func() { |
| 86 | if err := recover(); err != nil { |
| 87 | log.Printf("[PANIC] standard STEK rotation: %v\n%s", err, debug.Stack()) |
| 88 | } |
| 89 | }() |
| 90 | for { |
| 91 | select { |
| 92 | case now := <-s.timer.C: |
| 93 | // copy the slice header to avoid races |
| 94 | mutex.RLock() |
| 95 | keysCopy := keys |
| 96 | mutex.RUnlock() |
| 97 | |
| 98 | // generate a new key, rotating old ones |
| 99 | var err error |
| 100 | keysCopy, err = s.stekConfig.RotateSTEKs(keysCopy) |
| 101 | if err != nil { |
| 102 | // TODO: improve this handling |
| 103 | log.Printf("[ERROR] Generating STEK: %v", err) |
| 104 | continue |
| 105 | } |
| 106 | |
| 107 | // replace keys slice with updated value and |
| 108 | // record the timestamp of rotation |
| 109 | mutex.Lock() |
| 110 | keys = keysCopy |
| 111 | lastRotation = now |
| 112 | mutex.Unlock() |
| 113 | |
| 114 | // send the updated keys to the service |
| 115 | keysChan <- keysCopy |
| 116 | |
| 117 | // timer channel is already drained, so reset directly (see godoc) |
| 118 | s.timer.Reset(time.Duration(s.stekConfig.RotationInterval)) |
| 119 | |
| 120 | case <-doneChan: |
| 121 | // again, see godocs for why timer is stopped this way |
| 122 | if !s.timer.Stop() { |
| 123 | <-s.timer.C |
| 124 | } |
| 125 | return |
| 126 | } |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | var ( |
| 131 | lastRotation time.Time |
no test coverage detected