`sha1gen` variable unused in `tools.js`

Question

`sha1gen` variable unused in `tools.js`

cullylarson opened this issue 6 years ago · 3 comments

In the tools.js::createJWKS function there's a variable named sha1gen:

const sha1gen = forge.md.sha1.create()
sha1gen.update(certPem)

It's never used. Should it be used in some way, or just removed?

Answer 1 · 2019-08-07T12:25:36.000Z

Good catch. How on earth did you find this?
Question: Do you know permalinks?
https://github.com/Levino/mock-jwks/blob/796b0a4e7cdfb0006acdd1b4631dfb6070527714/tools.ts#L119-L120

Answer 2 · 2019-08-07T20:36:49.000Z

I don't remember, but I probably just found it in Google search results. It's one of the only jwks examples I came across in JS.

Answer 3 · 2019-08-08T04:04:35.000Z

Hm... Maybe I should add a warning in the code that I don't know anything about the security of my implementation. Basically I just played around with the values until the tests passed...