Calling JOSE.JWK.block_encrypt with an invalid JWK never resolve
Opened this issue · 2 comments
arnaudmorisset commented
Expected Behavior
Either:
- Calling
JOSE.JWK.block_encrypt/3
with an invalid value for the third argument (jwk
) should send back a relevant error. - Calling
JOSE.JWK.from_pem/1
with an invalid key as an argument should send back an error instead of[]
.
Current Behavior
Calling JOSE.JWK.block_encrypt/3
with an invalid value for the third argument (jwk
) hangs and never resolve.
Steps to Reproduce
- Open an interactive shell in a Mix project using
erlang-jose
- Parse an invalid Public Key using
JOSE.JWK.from_pem/1
; you should get[]
- Use
[]
as the third argument when callingJOSE.JWK.block_encrypt/3
- The process will hang, and you will be forced to interrupt it
Context (Environment)
After a configuration error, we got an invalid Public Key in our database, and we tried to use it to generate a JWK, then we try to use this invalid result to encrypt a token. As the function call was never resolved, our HTTP endpoint produced a timeout error.
1st8 commented
Did you find a workaround?
arnaudmorisset commented
@1st8 Adding defensive code around the function call to be sure that we never call it with an invalid value. 🤷♂️