Skip to content

Commit

Permalink
Ensure key is not nil
Browse files Browse the repository at this point in the history 
If the public key is nil, the key validation function from
ParseWithClaims should NOT return the issuer public Key.

The code snippet checks if the EcdsaPublic field of the issuer
(an instance of TokenIssuer) is nil. The EcdsaPublic field
holds the public key used to verify the token's signature.
If this field is nil, it means that the public key is not available,
and the method cannot proceed with the token verification.

If the EcdsaPublic field is indeed nil, the method now
returns nil and an error. This ensures that the caller
of the VerifyToken method is informed about the missing public key,
which is crucial for debugging and handling the error appropriately.

This check is essential to prevent the method from attempting to
verify the token without a valid public key,
which would result in a runtime error or incorrect verification results.
  • Loading branch information
@evrardjp-cagip
evrardjp-cagip committed Jan 10, 2025
1 parent 0d08bb7 commit 87989dd
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 2 deletions.
10 changes: 9 additions & 1 deletion cmd/api/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,15 @@ func main() {
utils.Log.Fatal().Msgf("Unable to read ECDSA public key: %v", err)
}

tokenIssuer, err := services.NewTokenIssuer(ecdsaPem, ecdsaPubPem, utils.Config.TokenLifeTime, utils.Config.ExtraTokenLifeTime, utils.Config.Locator, utils.Config.PublicApiServerURL, utils.Config.Tenant)
tokenIssuer, err := services.NewTokenIssuer(
ecdsaPem,
ecdsaPubPem,
config.TokenLifeTime,
config.ExtraTokenLifeTime,
config.Locator,
config.PublicApiServerURL,
config.Tenant,
)
if err != nil {
utils.Log.Fatal().Msgf("Unable to create token issuer: %v", err)
}
Expand Down
5 changes: 4 additions & 1 deletion internal/services/token-provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,10 @@ func generateKubeConfig(serverURL string, CA string, user types.User, token *str
func (issuer *TokenIssuer) VerifyToken(usertoken string) (*types.AuthJWTClaims, error) {

// this verifies the token and its signature
token, err := jwt.ParseWithClaims(usertoken, &types.AuthJWTClaims{}, func(token *jwt.Token) (interface{}, error) {
token, err := jwt.ParseWithClaims(usertoken, types.AuthJWTClaims{}, func(token *jwt.Token) (interface{}, error) {
if issuer.EcdsaPublic == nil {
return nil, fmt.Errorf("the public key is nil")
}
return issuer.EcdsaPublic, nil
})
if err != nil {
Expand Down

0 comments on commit 87989dd

Please sign in to comment.