You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/09/03 16:42:20 UTC
[couchdb] 02/02: return a clean error if pem_decode fails
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch improve_jwtf_keystore_error_handling
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 72a0488dd655493025b50f586e2106a8ab854f95
Author: Robert Newson <rn...@apache.org>
AuthorDate: Thu Sep 3 17:41:01 2020 +0100
return a clean error if pem_decode fails
---
src/jwtf/src/jwtf_keystore.erl | 17 +++++++++++------
src/jwtf/test/jwtf_keystore_tests.erl | 11 +++++++++--
2 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/src/jwtf/src/jwtf_keystore.erl b/src/jwtf/src/jwtf_keystore.erl
index c2d80b9..38551d9 100644
--- a/src/jwtf/src/jwtf_keystore.erl
+++ b/src/jwtf/src/jwtf_keystore.erl
@@ -141,12 +141,17 @@ get_from_config(Kty, KID) ->
pem_decode(PEM) ->
BinPEM = re:replace(PEM, "\\\\n", "\n", [global, {return, binary}]),
- case public_key:pem_decode(BinPEM) of
- [PEMEntry] ->
- public_key:pem_entry_decode(PEMEntry);
- [] ->
- throw({bad_request, <<"Not a valid key">>})
- end.
+ try
+ case public_key:pem_decode(BinPEM) of
+ [PEMEntry] ->
+ public_key:pem_entry_decode(PEMEntry);
+ [] ->
+ throw({bad_request, <<"Not a valid key">>})
+ end
+ catch
+ error:Reason ->
+ {error, Reason}
+ end.
kty(<<"HS", _/binary>>) ->
"hmac";
diff --git a/src/jwtf/test/jwtf_keystore_tests.erl b/src/jwtf/test/jwtf_keystore_tests.erl
index 9ec9436..26dbea3 100644
--- a/src/jwtf/test/jwtf_keystore_tests.erl
+++ b/src/jwtf/test/jwtf_keystore_tests.erl
@@ -17,6 +17,8 @@
-define(HMAC_SECRET, "aGVsbG8=").
-define(RSA_SECRET, "-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztanwQtIx0sms+x7m1SF\\nh7EHJHkM2biTJ41jR89FsDE2gd3MChpaqxemS5GpNvfFKRvuHa4PUZ3JtRCBG1KM\\n/7EWIVTy1JQDr2mb8couGlQNqz4uXN2vkNQ0XszgjU4Wn6ZpvYxmqPFbmkRe8QSn\\nAy2Wf8jQgjsbez8eaaX0G9S1hgFZUN3KFu7SVmUDQNvWpQdaJPP+ms5Z0CqF7JLa\\nvJmSdsU49nlYw9VH/XmwlUBMye6HgR4ZGCLQS85frqF0xLWvi7CsMdchcIjHudXH\\nQK1AumD/VVZVdi8Q5Qew7F6VXeXqnhbw9n6Px25cCuNuh6u5+E6GUzXRrMpqo9vO\\nqQIDAQAB\\n-----END PUBLIC KEY-----\\n").
+-define(BAD_RSA_SECRET,"-----BEGIN PUBLIC KEY-----\\nMIIDAzCCAeugAwIBAgIJAL5YnwkF5jT6MA0GCSqGSIb3DQEBBQUAMBgxFjAUBgNV\\nBAMMDWZvby5hdXRoMC5jb20wHhcNMTQwMzE4MjAwNzUwWhcNMjcxMTI1MjAwNzUw\\nWjAYMRYwFAYDVQQDDA1mb28uYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\\nAQ8AMIIBCgKCAQEAtP6w43ppU0nkqGNHASojFJl60+k3isNVzYTO06f2vm/5tc3l\\nRhEA6ykyIuO8tHY3Ziqowc4h8XGaeDKqHw/BSS/b54F2rUVb/wACWyJICkM3bGtC\\ntWmM7kU8XZRCqXV04qIgQte+9GFSOax/TFyotS+FGFyFPUY+b57H7/6wNQ8ywGLi\\nWCbrWEx4wOJbGhnVNV+STmZXJgToLgz0R2kws [...]
+
-define(EC_SECRET, "-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDsr0lz/Dg3luarb+Kua0Wcj9WrfR23os\\nwHzakglb8GhWRDn+oZT0Bt/26sX8uB4/ij9PEOLHPo+IHBtX4ELFFVr5GTzlqcJe\\nyctaTDd1OOAPXYuc67EWtGZ3pDAzztRs\\n-----END PUBLIC KEY-----\\n").
setup() ->
@@ -31,7 +33,10 @@ setup() ->
config:set("jwt_keys", "hmac:ec", ?EC_SECRET),
config:set("jwt_keys", "rsa:ec", ?EC_SECRET),
- config:set("jwt_keys", "ec:ec", ?EC_SECRET).
+ config:set("jwt_keys", "ec:ec", ?EC_SECRET),
+
+ config:set("jwt_keys", "rsa:badrsa", ?BAD_RSA_SECRET).
+
teardown(_) ->
test_util:stop_applications([config, jwtf]).
@@ -52,6 +57,8 @@ jwtf_keystore_test_() ->
?_assertThrow({bad_request, _}, jwtf_keystore:get(<<"HS256">>, <<"ec">>)),
?_assertThrow({bad_request, _}, jwtf_keystore:get(<<"RS256">>, <<"ec">>)),
- ?_assertMatch({#'ECPoint'{}, _}, jwtf_keystore:get(<<"ES256">>, <<"ec">>))
+ ?_assertMatch({#'ECPoint'{}, _}, jwtf_keystore:get(<<"ES256">>, <<"ec">>)),
+
+ ?_assertThrow({bad_request, <<"not an RSA public key">>}, jwtf_keystore:get(<<"RS256">>, <<"badrsa">>))
]
}.