Synchronize user.certificate access

server/irc.go

@@ -22,9 +22,9 @@ func reconnectIRC() {
 			i.Password = server.Password
 			i.Realname = server.Realname
 
-			if user.Certificate != nil {
+			if cert := user.GetCertificate(); cert != nil {
 				i.TLSConfig = &tls.Config{
-					Certificates: []tls.Certificate{*user.Certificate},
+					Certificates: []tls.Certificate{*cert},
 				}
 			}
 

server/websocket_handler.go

@@ -105,9 +105,9 @@ func (h *wsHandler) connect(b []byte) {
 		i.Password = data.Password
 		i.Realname = data.Realname
 
-		if h.session.user.Certificate != nil {
+		if cert := h.session.user.GetCertificate(); cert != nil {
 			i.TLSConfig = &tls.Config{
-				Certificates: []tls.Certificate{*h.session.user.Certificate},
+				Certificates: []tls.Certificate{*cert},
 			}
 		}
 

storage/user.go

@@ -41,11 +41,11 @@ type Message struct {
 }
 
 type User struct {
-	UUID        string
+	UUID string
-	Certificate *tls.Certificate `json:"-"`
 
 	messageLog   *bolt.DB
 	messageIndex bleve.Index
+	certificate  *tls.Certificate
 	lock         sync.Mutex
 }
 

storage/user_cert.go

@@ -12,13 +12,21 @@ var (
 	ErrCouldNotSaveCert = errors.New("Could not save certificate")
 )
 
+func (u *User) GetCertificate() *tls.Certificate {
+	u.lock.Lock()
+	cert := u.certificate
+	u.lock.Unlock()
+
+	return cert
+}
+
 func (u *User) SetCertificate(certPEM, keyPEM []byte) error {
 	cert, err := tls.X509KeyPair(certPEM, keyPEM)
 	if err != nil {
 		return ErrInvalidCert
 	}
 	u.lock.Lock()
-	u.Certificate = &cert
+	u.certificate = &cert
 	u.lock.Unlock()
 
 	err = os.MkdirAll(Path.User(u.UUID), 0700)
@@ -55,6 +63,6 @@ func (u *User) loadCertificate() error {
 		return err
 	}
 
-	u.Certificate = &cert
+	u.certificate = &cert
 	return nil
 }