Skip to content

Commit

Permalink
Improve pubkey not found error handling (#4)
Browse files Browse the repository at this point in the history
* Improve pubkey not found error handling

When the public key identified by the {Alg, KID} tuple is not found on
the IAM keystore server, it's possible to see errors like:

(node1@127.0.0.1)140> epep:jwt_decode(SampleJWT).
** exception error: no function clause matching
                    public_key:do_verify(<<"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjIwMTcwNTIwLTAwOjAwOjAwIn0.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjEyMzIx"...>>,
                                         sha256,
                                         <<229,188,162,247,201,233,118,32,115,206,156,
                                           169,17,221,78,157,161,147,46,179,42,219,66,
                                           15,139,91,...>>,
                                         {error,not_found}) (public_key.erl, line 782)
     in function  jwtf:public_key_verify/4 (src/jwtf.erl, line 212)
     in call from jwtf:decode/3 (src/jwtf.erl, line 30)

Modify key/1 and public_key_not_found_test/0 to account for keystore
changing from returning an error tuple to throwing one.
  • Loading branch information
jaydoane authored and rnewson committed May 24, 2017
1 parent ceeb019 commit 5b31b0d
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions src/jwtf.erl
Original file line number Diff line number Diff line change
@@ -360,6 +360,15 @@ missing_kid_test() ->
?assertEqual({error, missing_kid}, decode(Encoded, [kid], nil)).


public_key_not_found_test() ->
Encoded = encode(
{[{<<"alg">>, <<"RS256">>}, {<<"kid">>, <<"1">>}]},
{[]}),
KS = fun(_, _) -> throw({error, not_found}) end,
Expected = {error, not_found},
?assertEqual(Expected, decode(Encoded, [], KS)).


bad_rs256_sig_test() ->
Encoded = encode(
{[{<<"typ">>, <<"JWT">>}, {<<"alg">>, <<"RS256">>}]},

0 comments on commit 5b31b0d

Please sign in to comment.