Fixed RSA failed type assertion bug and made compatible with go 1.13
Closed this issue · 2 comments
MicahParks commented
I noticed I forgot to implement this check for the RSA implementation. It's been active for ECDSA. A client that knew a kid in the given JWKS would be able to self sign a token with the same kid and cause a failed type assertion, a program crash.
// Check if the key has already been computed.
if j.precomputed != nil {
var ok bool
publicKey, ok = j.precomputed.(*rsa.PublicKey)
if ok {
return publicKey, nil
}
}Also I noticed this repository was forked and made compatible with Go 1.13. Since one of the tests was already writing to a temporary directory, I took out the embed directive, wrote to a temporary directive for the other tests, and changed this project to be 1.13 compatible.
Some fork maintainers may be interested in v0.3.2: @dsafanyuk @chrisUsick
dsafanyuk commented
Sweet! Thanks Micah, embed was the only reason i forked.
chrisUsick commented
Same here! Thanks for notifying us!
…On Sun, Mar 28, 2021 at 9:44 AM Dave Safanyuk ***@***.***> wrote:
Sweet! Thanks Micah, embed was the only reason i forked.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABSIXNK5RFV6KYK66JGPNNLTF46ELANCNFSM4Z6CUYNQ>
.