-
-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWK validation fails when x5ts256
value is missing from original JWK
#11
Comments
x5ts256
value is missing from original JWK
This is due to the updated JWK Set package being used. Are you able to provide the JWK Set you are working with? Ensure there is no private key material in it before passing it along. |
Thank you for making this issue. I think this feature branch commit will likely solve the problem. I'll make a test, then confirm that it matches your original problem. Could get a release out tonight. |
I think this program would reproduce the error experienced. The upcoming changes should fix that. package main
import (
"encoding/json"
"log/slog"
"os"
"github.com/MicahParks/jwkset"
)
const (
logErr = "error"
)
func main() {
l := slog.Default()
const rawJWKSet = `{"keys":[{"kty":"OKP","alg":"EdDSA","kid":"my-key-id","x5c":["MIIB8TCCAaOgAwIBAgIUa/7hf5yVjhXwYLaT38DE5+y06PkwBQYDK2VwMG4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhWaXJnaW5pYTERMA8GA1UEBwwIUmljaG1vbmQxFDASBgNVBAoMC01pY2FoIFBhcmtzMQ0wCwYDVQQLDARTZWxmMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0yNDAxMDQwMDE2MDVaFw0yNDAyMDMwMDE2MDVaMG4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhWaXJnaW5pYTERMA8GA1UEBwwIUmljaG1vbmQxFDASBgNVBAoMC01pY2FoIFBhcmtzMQ0wCwYDVQQLDARTZWxmMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAqMAUGAytlcAMhAKD0un1323TTlTlFUs5VWb+JvlToR5hMAWPfqLi4Wybpo1MwUTAdBgNVHQ4EFgQUOcvkrHIL2s+C+jq+y2V04rn1D3swHwYDVR0jBBgwFoAUOcvkrHIL2s+C+jq+y2V04rn1D3swDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAHgsrxSTTK/K4hOeEldhsXooONdLR49kM/TtBqJEScxskFo51MEBRzydjwkiI7isPRgyy838Mvv9VS+nij1EAI"],"x5t":"RTwmBuuqX7XB6UlVXVck9scuJSM","x5t#S256":"bRkXmcs_Kvo6nQrYE7ZWpvDtyoI5Hj_82ASr4eauTV8","crv":"Ed25519","x":"oPS6fXfbdNOVOUVSzlVZv4m-VOhHmEwBY9-ouLhbJuk"}]}`
var marshal jwkset.JWKSMarshal
err := json.Unmarshal([]byte(rawJWKSet), &marshal)
if err != nil {
l.Error("Failed to unmarshal JWK set.",
logErr, err,
)
os.Exit(1)
}
marshal.Keys[0].X5TS256 = ""
jwk, err := jwkset.NewJWKFromMarshal(marshal.Keys[0], jwkset.JWKMarshalOptions{}, jwkset.JWKValidateOptions{})
if err != nil {
l.Error("Failed to create JWK.",
logErr, err,
)
os.Exit(1)
}
println(jwk.Marshal().KID)
} |
I've fixed the identified bug in Thank you again for reporting this issue 🎉 |
Thanks for the fast turnaround! Yes, this addresses my issue. Much appreciated! |
When building a JWK from
NewJWKFromMarshal
, validation fails when the unmarshalled key (key from a remote host) does not contain anx5ts246
value and thex5c
is present. This appears to be due to building thex5ts256
in thekeyMarshal
logic, resulting in a mismatch whenDeepEqual
the structs:jwkset/marshal.go
Lines 195 to 206 in b7c3a1f
This is a behavioral difference between
keyfunc@2.1.0
andkeyfunc@3.0.0
. I'm curious if this would be expected behavior in the upgrade?The text was updated successfully, but these errors were encountered: