Remove signer instance

jws/jws.go

@@ -74,6 +74,12 @@ func (s *payloadSigner) PublicHeader() Headers {
 var signers = make(map[jwa.SignatureAlgorithm]Signer)
 var muSigner = &sync.Mutex{}
 
+func removeSigner(alg jwa.SignatureAlgorithm) {
+	muSigner.Lock()
+	defer muSigner.Unlock()
+	delete(signers, alg)
+}
+
 func makeSigner(alg jwa.SignatureAlgorithm, key interface{}, public, protected Headers) (*payloadSigner, error) {
 	muSigner.Lock()
 	signer, ok := signers[alg]

jws/jws_test.go

@@ -2103,6 +2103,19 @@ func TestGH910(t *testing.T) {
 	require.NoError(t, err, `jws.Verify should succeed`)
 
 	require.Equal(t, src, string(verified), `verified payload should match`)
+
+	jws.UnregisterSigner(sha256Algo)
+
+	// Now try after unregistering the signer for the algorithm
+	_, err = jws.Sign([]byte(src), jws.WithKey(sha256Algo, nil))
+	require.Error(t, err, `jws.Sign should succeed`)
+
+	jws.RegisterSigner(sha256Algo, jws.SignerFactoryFn(func() (jws.Signer, error) {
+		return s256SignerVerifier{}, nil
+	}))
+
+	_, err = jws.Sign([]byte(src), jws.WithKey(sha256Algo, nil))
+	require.NoError(t, err, `jws.Sign should succeed`)
 }
 
 func TestUnpaddedSignatureR(t *testing.T) {

jws/signer.go

@@ -34,6 +34,9 @@ func RegisterSigner(alg jwa.SignatureAlgorithm, f SignerFactory) {
 	muSignerDB.Lock()
 	signerDB[alg] = f
 	muSignerDB.Unlock()
+
+	// Remove previous signer, if there was one
+	removeSigner(alg)
 }
 
 // UnregisterSigner removes the signer factory associated with
@@ -49,6 +52,8 @@ func UnregisterSigner(alg jwa.SignatureAlgorithm) {
 	muSignerDB.Lock()
 	delete(signerDB, alg)
 	muSignerDB.Unlock()
+	// Remove previous signer
+	removeSigner(alg)
 }
 
 func init() {