From 7f7f2726b47de2a4456b23f419e91bec9883334c Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie+git@gmail.com>
Date: Sun, 25 Sep 2016 15:51:58 -0400
Subject: [PATCH 1/2] jwt: add updateKeys method and call in constructor

Fixes #225.
---
 middleware/jwt/jwt.go | 55 +++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 25 deletions(-)

diff --git a/middleware/jwt/jwt.go b/middleware/jwt/jwt.go
index c97a567..9d89a17 100644
--- a/middleware/jwt/jwt.go
+++ b/middleware/jwt/jwt.go
@@ -57,37 +57,14 @@ func NewHook(cfg Config) middleware.Hook {
 		closing:    make(chan struct{}),
 	}
 
+	h.updateKeys()
 	go func() {
 		for {
 			select {
 			case <-h.closing:
 				return
 			case <-time.After(cfg.JWKUpdateInterval):
-				resp, err := http.Get(cfg.JWKSetURL)
-				if err != nil {
-					log.Errorln("failed to fetch JWK Set: " + err.Error())
-					continue
-				}
-
-				parsedJWKs := map[string]gojwk.Key{}
-				err = json.NewDecoder(resp.Body).Decode(&parsedJWKs)
-				if err != nil {
-					resp.Body.Close()
-					log.Errorln("failed to decode JWK JSON: " + err.Error())
-					continue
-				}
-				resp.Body.Close()
-
-				keys := map[string]crypto.PublicKey{}
-				for kid, parsedJWK := range parsedJWKs {
-					publicKey, err := parsedJWK.DecodePublicKey()
-					if err != nil {
-						log.Errorln("failed to decode JWK into public key: " + err.Error())
-						continue
-					}
-					keys[kid] = publicKey
-				}
-				h.publicKeys = keys
+				h.updateKeys()
 			}
 		}
 	}()
@@ -95,6 +72,34 @@ func NewHook(cfg Config) middleware.Hook {
 	return h
 }
 
+func (h *hook) updateKeys() {
+	resp, err := http.Get(h.cfg.JWKSetURL)
+	if err != nil {
+		log.Errorln("failed to fetch JWK Set: " + err.Error())
+		return
+	}
+
+	parsedJWKs := map[string]gojwk.Key{}
+	err = json.NewDecoder(resp.Body).Decode(&parsedJWKs)
+	if err != nil {
+		resp.Body.Close()
+		log.Errorln("failed to decode JWK JSON: " + err.Error())
+		return
+	}
+	resp.Body.Close()
+
+	keys := map[string]crypto.PublicKey{}
+	for kid, parsedJWK := range parsedJWKs {
+		publicKey, err := parsedJWK.DecodePublicKey()
+		if err != nil {
+			log.Errorln("failed to decode JWK into public key: " + err.Error())
+			return
+		}
+		keys[kid] = publicKey
+	}
+	h.publicKeys = keys
+}
+
 func (h *hook) Stop() <-chan error {
 	select {
 	case <-h.closing:

From 46bd349a23df79d06b9c347e99ee86de0b708b65 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie+git@gmail.com>
Date: Mon, 26 Sep 2016 12:00:28 -0400
Subject: [PATCH 2/2] jwt: add initial jwt update

This also changes the signature of the constructor to return an error.
---
 cmd/chihaya/config.go |  6 +++++-
 middleware/jwt/jwt.go | 20 +++++++++++++-------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/cmd/chihaya/config.go b/cmd/chihaya/config.go
index 12f3d71..5c7c896 100644
--- a/cmd/chihaya/config.go
+++ b/cmd/chihaya/config.go
@@ -78,7 +78,11 @@ func (cfg ConfigFile) CreateHooks() (preHooks, postHooks []middleware.Hook, err
 			if err != nil {
 				return nil, nil, errors.New("invalid JWT middleware config: " + err.Error())
 			}
-			preHooks = append(preHooks, jwt.NewHook(jwtCfg))
+			hook, err := jwt.NewHook(jwtCfg)
+			if err != nil {
+				return nil, nil, errors.New("invalid JWT middleware config: " + err.Error())
+			}
+			preHooks = append(preHooks, hook)
 		case "client approval":
 			var caCfg clientapproval.Config
 			err := yaml.Unmarshal(cfgBytes, &caCfg)
diff --git a/middleware/jwt/jwt.go b/middleware/jwt/jwt.go
index 9d89a17..47b6eec 100644
--- a/middleware/jwt/jwt.go
+++ b/middleware/jwt/jwt.go
@@ -50,14 +50,18 @@ type hook struct {
 }
 
 // NewHook returns an instance of the JWT middleware.
-func NewHook(cfg Config) middleware.Hook {
+func NewHook(cfg Config) (middleware.Hook, error) {
 	h := &hook{
 		cfg:        cfg,
 		publicKeys: map[string]crypto.PublicKey{},
 		closing:    make(chan struct{}),
 	}
 
-	h.updateKeys()
+	err := h.updateKeys()
+	if err != nil {
+		return nil, errors.New("failed to update initial JWK Set: " + err.Error())
+	}
+
 	go func() {
 		for {
 			select {
@@ -69,14 +73,14 @@ func NewHook(cfg Config) middleware.Hook {
 		}
 	}()
 
-	return h
+	return h, nil
 }
 
-func (h *hook) updateKeys() {
+func (h *hook) updateKeys() error {
 	resp, err := http.Get(h.cfg.JWKSetURL)
 	if err != nil {
 		log.Errorln("failed to fetch JWK Set: " + err.Error())
-		return
+		return err
 	}
 
 	parsedJWKs := map[string]gojwk.Key{}
@@ -84,7 +88,7 @@ func (h *hook) updateKeys() {
 	if err != nil {
 		resp.Body.Close()
 		log.Errorln("failed to decode JWK JSON: " + err.Error())
-		return
+		return err
 	}
 	resp.Body.Close()
 
@@ -93,11 +97,13 @@ func (h *hook) updateKeys() {
 		publicKey, err := parsedJWK.DecodePublicKey()
 		if err != nil {
 			log.Errorln("failed to decode JWK into public key: " + err.Error())
-			return
+			return err
 		}
 		keys[kid] = publicKey
 	}
 	h.publicKeys = keys
+
+	return nil
 }
 
 func (h *hook) Stop() <-chan error {