The map defined here omits an entry for :ES384 . Is th

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

Is ES384 omitted purposefully? about buddy-sign HOT 6 CLOSED

funcool commented on July 24, 2024

Is ES384 omitted purposefully?

from buddy-sign.

Comments (6)

delitescere commented on July 24, 2024

👋

from buddy-sign.

tobytripp commented on July 24, 2024

Hi @delitescere !!

from buddy-sign.

tobytripp commented on July 24, 2024

I should also note that attempting to unsign an :es384 token throws an NPE.

(let [ec-public  (buddy.core.keys/str->public-key
                  (clojure.string/join
                   "\n"
                   ["-----BEGIN PUBLIC KEY-----"
                    "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEfiP8WH3QiHehqYXzm2h4baL54gYJjLH+"
                    "sC9BUGkEfjGW0LDKX7icnh/R4bnqCbScc3SJ8T1vBdLlYztRc/kbcA=="
                    "-----END PUBLIC KEY-----"
                    ]))
      ec-private (buddy.core.keys/str->private-key
                  (clojure.string/join
                   "\n"
                   ["-----BEGIN EC PRIVATE KEY-----"
                    "MHQCAQEEIK38KQmolKaD45OudmYpbxsdKqJMSr7wu/kUIO7OuF1soAcGBSuBBAAK"
                    "oUQDQgAEfiP8WH3QiHehqYXzm2h4baL54gYJjLH+sC9BUGkEfjGW0LDKX7icnh/R"
                    "4bnqCbScc3SJ8T1vBdLlYztRc/kbcA=="
                    "-----END EC PRIVATE KEY-----"]))
      token (jwt/sign {:fails false} ec-private {:alg :es256})]
  (jwt/unsign token ec-public {:alg :es256}))
  ;; => {:fails false}

(let [ec-public (buddy.core.keys/str->public-key
                 (clojure.string/join
                  "\n"
                  ["-----BEGIN PUBLIC KEY-----"
                   "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYU9499jQV8QTG+Md1mCdG7PYsxLa/xOV"
                   "MwPK4QoxDe0JQFR1nWRnXEzYRdH7+QMuv8reU8v9pY6HKDxh4w8lXarJfdy5IXDq"
                   "l73/T2495CsEPC96CdH6cmU3f8iohycg"
                   "-----END PUBLIC KEY-----"
                   ]))
      ec-private   (buddy.core.keys/str->private-key
                    (clojure.string/join
                     "\n"
                     ["-----BEGIN EC PRIVATE KEY-----"
                      "MIGkAgEBBDBPpbF89wj4nrvum1voWPU5cKJEh93efSjGjxbPQJYs1H9PcS1gm9YI"
                      "EW7WOnfLqzqgBwYFK4EEACKhZANiAARhT3j32NBXxBMb4x3WYJ0bs9izEtr/E5Uz"
                      "A8rhCjEN7QlAVHWdZGdcTNhF0fv5Ay6/yt5Ty/2ljocoPGHjDyVdqsl93LkhcOqX"
                      "vf9Pbj3kKwQ8L3oJ0fpyZTd/yKiHJyA="
                      "-----END EC PRIVATE KEY-----"
                      ])) 
      token     (jwt/sign {:fails true} ec-private {:alg :es384})]
  (jwt/unsign token ec-public {:alg :es384}))

Unhandled java.lang.NullPointerException
(No message)

              jws.clj:   83  buddy.sign.jws/calculate-signature
              jws.clj:   77  buddy.sign.jws/calculate-signature
              jws.clj:  121  buddy.sign.jws/sign
              jws.clj:  114  buddy.sign.jws/sign

from buddy-sign.

delitescere commented on July 24, 2024

This would apply to all the alg types (HS, RS, PS, ES). /me suggests a PR ;-)

from buddy-sign.

niwinz commented on July 24, 2024

es384 is optional in spec and this is not implemented because i did not needed it. Obviously a PR is welcome if you need it and you have time to implement that. :D

from buddy-sign.

tobytripp commented on July 24, 2024

Sounds good. Will get to work on it when I'm back from vacation!

from buddy-sign.

Recommend Projects