Skip to content
This repository has been archived by the owner on Oct 9, 2023. It is now read-only.

Commit

Permalink
Fixed the pointer overwrite issue in oauthServer metadata (#183)
Browse files Browse the repository at this point in the history
Signed-off-by: Prafulla Mahindrakar <prafulla.mahindrakar@gmail.com>

Co-authored-by: Prafulla Mahindrakar <prafulla.mahindrakar@gmail.com>
Signed-off-by: Haytham Abuelfutuh <haytham@afutuh.com>
  • Loading branch information
2 people authored and EngHabu committed Apr 26, 2021
1 parent 45a047f commit 473ea9c
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 2 deletions.
5 changes: 3 additions & 2 deletions pkg/auth/oauthserver/metadata.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,9 @@ func getJSONWebKeys(publicKeys []rsa.PublicKey) (jwk.Set, error) {
if err != nil {
return nil, fmt.Errorf("failed to write public key. Error: %w", err)
}

err = key.Set(KeyMetadataPublicCert, &publicKey)
var localPublicKey rsa.PublicKey
localPublicKey = publicKey
err = key.Set(KeyMetadataPublicCert, &localPublicKey)
if err != nil {
return nil, fmt.Errorf("failed to write public key. Error: %w", err)
}
Expand Down
38 changes: 38 additions & 0 deletions pkg/auth/oauthserver/metadata_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
package oauthserver

import (
"crypto/rand"
"crypto/rsa"
"github.com/stretchr/testify/assert"
"testing"
)

func TestGetJSONWebKeys(t *testing.T) {
newpriv, err := rsa.GenerateMultiPrimeKey(rand.Reader, 4, 128)
if err != nil {
t.Errorf("failed to generate key")
}
oldpriv, err := rsa.GenerateMultiPrimeKey(rand.Reader, 4, 128)
if err != nil {
t.Errorf("failed to generate key")
}
newKey := newpriv.PublicKey
oldKey := oldpriv.PublicKey
publicKeys := []rsa.PublicKey{newKey, oldKey}
keyset, err := getJSONWebKeys(publicKeys)
assert.Nil(t, err)
assert.NotNil(t, keyset)
oldJwkKey, exists := keyset.Get(1)
assert.True(t, exists)
oldpublicKey, exists := oldJwkKey.Get(KeyMetadataPublicCert)
op, ok := oldpublicKey.(*rsa.PublicKey)
assert.True(t, ok)
assert.Equal(t, &oldKey, op)
newJwkKey, exists := keyset.Get(0)
assert.True(t, exists)
newpublicKey, exists := newJwkKey.Get(KeyMetadataPublicCert)
np, ok := newpublicKey.(*rsa.PublicKey)
assert.True(t, ok)
assert.NotEqual(t, np, op)
assert.Equal(t, &newKey, np)
}

0 comments on commit 473ea9c

Please sign in to comment.