fix coverage (#1741)

* fix coverage * fix data races
2025-05-31 18:07:17 +02:00 · 2021-01-06 08:30:38 -07:00 · 2021-01-06 08:30:38 -07:00 · 4f0ce4bc82
commit 4f0ce4bc82
parent 6ea8d34b8f
5 changed files with 18 additions and 21 deletions
--- a/authorize/evaluator/evaluator.go
+++ b/authorize/evaluator/evaluator.go
@ -224,27 +224,30 @@ func (e *Evaluator) JWTPayload(req *Request) map[string]interface{} {
 }

 func newSigner(options *config.Options) (jose.Signer, *jose.JSONWebKey, error) {
+	var decodedCert []byte
 	// if we don't have a signing key, generate one
 	if options.SigningKey == "" {
 		key, err := cryptutil.NewSigningKey()
 		if err != nil {
 			return nil, nil, fmt.Errorf("couldn't generate signing key: %w", err)
 		}
-		generatedKey, err := cryptutil.EncodePrivateKey(key)
+		decodedCert, err = cryptutil.EncodePrivateKey(key)
+		if err != nil {
+			return nil, nil, fmt.Errorf("bad signing key: %w", err)
+		}
+	} else {
+		var err error
+		decodedCert, err = base64.StdEncoding.DecodeString(options.SigningKey)
 		if err != nil {
 			return nil, nil, fmt.Errorf("bad signing key: %w", err)
 		}
-		options.SigningKey = base64.StdEncoding.EncodeToString(generatedKey)
 	}
-	if options.SigningKeyAlgorithm == "" {
-		options.SigningKeyAlgorithm = string(jose.ES256)
+	signingKeyAlgorithm := options.SigningKeyAlgorithm
+	if signingKeyAlgorithm == "" {
+		signingKeyAlgorithm = string(jose.ES256)
 	}

-	decodedCert, err := base64.StdEncoding.DecodeString(options.SigningKey)
-	if err != nil {
-		return nil, nil, fmt.Errorf("bad signing key: %w", err)
-	}
-	jwk, err := cryptutil.PrivateJWKFromBytes(decodedCert, jose.SignatureAlgorithm(options.SigningKeyAlgorithm))
+	jwk, err := cryptutil.PrivateJWKFromBytes(decodedCert, jose.SignatureAlgorithm(signingKeyAlgorithm))
 	if err != nil {
 		return nil, nil, fmt.Errorf("couldn't generate signing key: %w", err)
 	}