From ca5f154ef6db349eaa05c9cf60b0e8ed064370b3 Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@kirei.se>
Date: Wed, 7 Apr 2021 10:24:42 +0200
Subject: [PATCH 1/2] add thread lock while updating the key bundle (or the
 bundle will be corrupt)

---
 src/cryptojwt/key_bundle.py | 54 +++++++++++++++++++------------------
 1 file changed, 28 insertions(+), 26 deletions(-)

diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
index 34b44205..425d5e0a 100755
--- a/src/cryptojwt/key_bundle.py
+++ b/src/cryptojwt/key_bundle.py
@@ -8,6 +8,7 @@
 from functools import cmp_to_key
 from typing import List
 from typing import Optional
+import threading
 
 import requests
 
@@ -507,34 +508,35 @@ def update(self):
         :return: True if update was ok or False if we encountered an error during update.
         """
         if self.source:
-            _old_keys = self._keys  # just in case
+            with threading.Lock():
+                _old_keys = self._keys  # just in case
 
-            # reread everything
-            self._keys = []
-            updated = None
+                # reread everything
+                self._keys = []
+                updated = None
 
-            try:
-                if self.local:
-                    if self.fileformat in ["jwks", "jwk"]:
-                        updated = self.do_local_jwk(self.source)
-                    elif self.fileformat == "der":
-                        updated = self.do_local_der(self.source, self.keytype, self.keyusage)
-                elif self.remote:
-                    updated = self.do_remote()
-            except Exception as err:
-                LOGGER.error("Key bundle update failed: %s", err)
-                self._keys = _old_keys  # restore
-                return False
-
-            if updated:
-                now = time.time()
-                for _key in _old_keys:
-                    if _key not in self._keys:
-                        if not _key.inactive_since:  # If already marked don't mess
-                            _key.inactive_since = now
-                        self._keys.append(_key)
-            else:
-                self._keys = _old_keys
+                try:
+                    if self.local:
+                        if self.fileformat in ["jwks", "jwk"]:
+                            updated = self.do_local_jwk(self.source)
+                        elif self.fileformat == "der":
+                            updated = self.do_local_der(self.source, self.keytype, self.keyusage)
+                    elif self.remote:
+                        updated = self.do_remote()
+                except Exception as err:
+                    LOGGER.error("Key bundle update failed: %s", err)
+                    self._keys = _old_keys  # restore
+                    return False
+
+                if updated:
+                    now = time.time()
+                    for _key in _old_keys:
+                        if _key not in self._keys:
+                            if not _key.inactive_since:  # If already marked don't mess
+                                _key.inactive_since = now
+                            self._keys.append(_key)
+                else:
+                    self._keys = _old_keys
 
         return True
 

From ed139d1d1705da412601a09b899abbaac8e971de Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@kirei.se>
Date: Wed, 7 Apr 2021 10:27:30 +0200
Subject: [PATCH 2/2] isort

---
 src/cryptojwt/key_bundle.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
index 425d5e0a..2527e162 100755
--- a/src/cryptojwt/key_bundle.py
+++ b/src/cryptojwt/key_bundle.py
@@ -3,12 +3,12 @@
 import json
 import logging
 import os
+import threading
 import time
 from datetime import datetime
 from functools import cmp_to_key
 from typing import List
 from typing import Optional
-import threading
 
 import requests