Calling JOSE.JWK.block_encrypt with an invalid JWK never resolve

Question

Calling JOSE.JWK.block_encrypt with an invalid JWK never resolve

Opened this issue 3 years ago · 2 comments

arnaudmorisset commented 3 years ago

Expected Behavior

Either:

Calling JOSE.JWK.block_encrypt/3 with an invalid value for the third argument (jwk) should send back a relevant error.
Calling JOSE.JWK.from_pem/1 with an invalid key as an argument should send back an error instead of [].

Current Behavior

Calling JOSE.JWK.block_encrypt/3 with an invalid value for the third argument (jwk) hangs and never resolve.

Steps to Reproduce

Open an interactive shell in a Mix project using erlang-jose
Parse an invalid Public Key using JOSE.JWK.from_pem/1; you should get []
Use [] as the third argument when calling JOSE.JWK.block_encrypt/3
The process will hang, and you will be forced to interrupt it

Context (Environment)

After a configuration error, we got an invalid Public Key in our database, and we tried to use it to generate a JWK, then we try to use this invalid result to encrypt a token. As the function call was never resolved, our HTTP endpoint produced a timeout error.

Answer 1 · 2021-12-13T11:35:34.000Z

Did you find a workaround?

Answer 2 · 2021-12-14T19:17:04.000Z

@1st8 Adding defensive code around the function call to be sure that we never call it with an invalid value. 🤷‍♂️