Comments (6)
👋
from buddy-sign.
Hi @delitescere !!
from buddy-sign.
I should also note that attempting to unsign an :es384
token throws an NPE.
(let [ec-public (buddy.core.keys/str->public-key
(clojure.string/join
"\n"
["-----BEGIN PUBLIC KEY-----"
"MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEfiP8WH3QiHehqYXzm2h4baL54gYJjLH+"
"sC9BUGkEfjGW0LDKX7icnh/R4bnqCbScc3SJ8T1vBdLlYztRc/kbcA=="
"-----END PUBLIC KEY-----"
]))
ec-private (buddy.core.keys/str->private-key
(clojure.string/join
"\n"
["-----BEGIN EC PRIVATE KEY-----"
"MHQCAQEEIK38KQmolKaD45OudmYpbxsdKqJMSr7wu/kUIO7OuF1soAcGBSuBBAAK"
"oUQDQgAEfiP8WH3QiHehqYXzm2h4baL54gYJjLH+sC9BUGkEfjGW0LDKX7icnh/R"
"4bnqCbScc3SJ8T1vBdLlYztRc/kbcA=="
"-----END EC PRIVATE KEY-----"]))
token (jwt/sign {:fails false} ec-private {:alg :es256})]
(jwt/unsign token ec-public {:alg :es256}))
;; => {:fails false}
(let [ec-public (buddy.core.keys/str->public-key
(clojure.string/join
"\n"
["-----BEGIN PUBLIC KEY-----"
"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYU9499jQV8QTG+Md1mCdG7PYsxLa/xOV"
"MwPK4QoxDe0JQFR1nWRnXEzYRdH7+QMuv8reU8v9pY6HKDxh4w8lXarJfdy5IXDq"
"l73/T2495CsEPC96CdH6cmU3f8iohycg"
"-----END PUBLIC KEY-----"
]))
ec-private (buddy.core.keys/str->private-key
(clojure.string/join
"\n"
["-----BEGIN EC PRIVATE KEY-----"
"MIGkAgEBBDBPpbF89wj4nrvum1voWPU5cKJEh93efSjGjxbPQJYs1H9PcS1gm9YI"
"EW7WOnfLqzqgBwYFK4EEACKhZANiAARhT3j32NBXxBMb4x3WYJ0bs9izEtr/E5Uz"
"A8rhCjEN7QlAVHWdZGdcTNhF0fv5Ay6/yt5Ty/2ljocoPGHjDyVdqsl93LkhcOqX"
"vf9Pbj3kKwQ8L3oJ0fpyZTd/yKiHJyA="
"-----END EC PRIVATE KEY-----"
]))
token (jwt/sign {:fails true} ec-private {:alg :es384})]
(jwt/unsign token ec-public {:alg :es384}))
Unhandled java.lang.NullPointerException
(No message)jws.clj: 83 buddy.sign.jws/calculate-signature jws.clj: 77 buddy.sign.jws/calculate-signature jws.clj: 121 buddy.sign.jws/sign jws.clj: 114 buddy.sign.jws/sign
from buddy-sign.
This would apply to all the alg types (HS, RS, PS, ES). /me suggests a PR ;-)
from buddy-sign.
es384 is optional in spec and this is not implemented because i did not needed it. Obviously a PR is welcome if you need it and you have time to implement that. :D
from buddy-sign.
Sounds good. Will get to work on it when I'm back from vacation!
from buddy-sign.
Related Issues (20)
- Cannot get "kid" of JWT token from decode-header HOT 2
- Supporting custom headers HOT 3
- `iss` validation should be against a collection ("whitelist") HOT 2
- Support for looking up public keys via OIDC discovery HOT 19
- Handle java.security.SignatureException for JWS applications HOT 1
- Where is jws/to-timestamp? HOT 1
- EdDSA JWS support HOT 1
- JWS ECDSA Signatures are generated in incorrect format HOT 2
- New release? HOT 1
- JWT signatures invalid according to jwt.io website HOT 2
- 2.* -> 3.*: what's the upgrade path? What are the breaking changes? HOT 1
- Problem upgrading Buddy-sign from 0.3.0 to 2.2.0 HOT 1
- Suggestion: Allow audience validation against collection of valid audiences HOT 4
- JWS unsigned alg should be read out of the JOSE header if available HOT 3
- Errors in using :eddsa algo for claims signing HOT 1
- [PERFORMANCE] - avoid reflective calls HOT 6
- buddy.sign.jwt/unsign fails when hs256 is not used and alg is unspecified HOT 4
- Buddy JWT doesn't support the NONE algorithm HOT 1
- Tag and Changelog Version 3.4.351 Wrong HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from buddy-sign.