From e067892ffc4c787d75d3a0df570acc66c55b7923 Mon Sep 17 00:00:00 2001
From: Andrew Keesler <akeesler@vmware.com>
Date: Thu, 10 Dec 2020 13:54:02 -0800
Subject: [PATCH] Add secret.Cache to hold crypto inputs

---
 internal/secret/cache.go | 71 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 internal/secret/cache.go

diff --git a/internal/secret/cache.go b/internal/secret/cache.go
new file mode 100644
index 00000000..96ccae4a
--- /dev/null
+++ b/internal/secret/cache.go
@@ -0,0 +1,71 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package secret
+
+type Cache struct {
+	csrfCookieEncoderHashKey  []byte
+	csrfCookieEncoderBlockKey []byte
+	oidcProviderCacheMap      map[string]*OIDCProviderCache
+}
+
+func (c *Cache) GetCSRFCookieEncoderHashKey() []byte {
+	return c.csrfCookieEncoderHashKey
+}
+
+func (c *Cache) SetCSRFCookieEncoderHashKey(key []byte) {
+	c.csrfCookieEncoderHashKey = key
+}
+
+func (c *Cache) GetCSRFCookieEncoderBlockKey() []byte {
+	return c.csrfCookieEncoderBlockKey
+}
+
+func (c *Cache) SetCSRFCookieEncoderBlockKey(key []byte) {
+	c.csrfCookieEncoderBlockKey = key
+}
+
+func (c *Cache) GetOIDCProviderCacheFor(oidcIssuer string) *OIDCProviderCache {
+	return c.oidcProviderCaches()[oidcIssuer]
+}
+
+func (c *Cache) SetOIDCProviderCacheFor(oidcIssuer string, oidcProviderCache *OIDCProviderCache) {
+	c.oidcProviderCaches()[oidcIssuer] = oidcProviderCache
+}
+
+func (c *Cache) oidcProviderCaches() map[string]*OIDCProviderCache {
+	if c.oidcProviderCacheMap == nil {
+		c.oidcProviderCacheMap = map[string]*OIDCProviderCache{}
+	}
+	return c.oidcProviderCacheMap
+}
+
+type OIDCProviderCache struct {
+	tokenHMACKey         []byte
+	stateEncoderHashKey  []byte
+	stateEncoderBlockKey []byte
+}
+
+func (o *OIDCProviderCache) GetTokenHMACKey() []byte {
+	return o.tokenHMACKey
+}
+
+func (o *OIDCProviderCache) SetTokenHMACKey(key []byte) {
+	o.tokenHMACKey = key
+}
+
+func (o *OIDCProviderCache) GetStateEncoderHashKey() []byte {
+	return o.stateEncoderHashKey
+}
+
+func (o *OIDCProviderCache) SetStateEncoderHashKey(key []byte) {
+	o.stateEncoderHashKey = key
+}
+
+func (o *OIDCProviderCache) GetStateEncoderBlockKey() []byte {
+	return o.stateEncoderBlockKey
+}
+
+func (o *OIDCProviderCache) SetStateEncoderBlockKey(key []byte) {
+	o.stateEncoderBlockKey = key
+}