Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove signer instance upon call to jws.UnregisterSigner #1017

Merged
merged 2 commits into from
Nov 18, 2023
Merged

Remove signer instance upon call to jws.UnregisterSigner #1017

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
12ae40f
Delete signer instance upon call to jws.UnregisterSigner
lestrrat Nov 18, 2023
e6e205c
Update Changes
lestrrat Nov 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions Changes
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ v2 has many incompatibilities with v1. To see the full list of differences betwe
v1 and v2, please read the Changes-v2.md file (https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes-v2.md)

v2.0.17 UNRELEASED
[Bug Fixes]
* [jws] Previously, `jws.UnregisterSigner` did not remove the previous signer instance when
the signer was registered and unregistered multiple times. This has been fixed.

[New Features]
* [jwe] (EXPERIMENTAL) `jwe.WithCEK` has been added to extract the content encryption key (CEK) from the Decrypt operation.
* [jwe] (EXPERIMENTAL) `jwe.EncryptStatic` has been added to encrypt content using a static CEK.
Expand Down
6 changes: 6 additions & 0 deletions jws/jws.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,12 @@ func (s *payloadSigner) PublicHeader() Headers {
var signers = make(map[jwa.SignatureAlgorithm]Signer)
var muSigner = &sync.Mutex{}

func removeSigner(alg jwa.SignatureAlgorithm) {
muSigner.Lock()
defer muSigner.Unlock()
delete(signers, alg)
}

func makeSigner(alg jwa.SignatureAlgorithm, key interface{}, public, protected Headers) (*payloadSigner, error) {
muSigner.Lock()
signer, ok := signers[alg]
Expand Down
13 changes: 13 additions & 0 deletions jws/jws_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2044,6 +2044,19 @@ func TestGH910(t *testing.T) {
require.NoError(t, err, `jws.Verify should succeed`)

require.Equal(t, src, string(verified), `verified payload should match`)

jws.UnregisterSigner(sha256Algo)

// Now try after unregistering the signer for the algorithm
_, err = jws.Sign([]byte(src), jws.WithKey(sha256Algo, nil))
require.Error(t, err, `jws.Sign should succeed`)

jws.RegisterSigner(sha256Algo, jws.SignerFactoryFn(func() (jws.Signer, error) {
return s256SignerVerifier{}, nil
}))

_, err = jws.Sign([]byte(src), jws.WithKey(sha256Algo, nil))
require.NoError(t, err, `jws.Sign should succeed`)
}

func TestUnpaddedSignatureR(t *testing.T) {
Expand Down
5 changes: 5 additions & 0 deletions jws/signer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ func RegisterSigner(alg jwa.SignatureAlgorithm, f SignerFactory) {
muSignerDB.Lock()
signerDB[alg] = f
muSignerDB.Unlock()

// Remove previous signer, if there was one
removeSigner(alg)
}

// UnregisterSigner removes the signer factory associated with
Expand All @@ -49,6 +52,8 @@ func UnregisterSigner(alg jwa.SignatureAlgorithm) {
muSignerDB.Lock()
delete(signerDB, alg)
muSignerDB.Unlock()
// Remove previous signer
removeSigner(alg)
}

func init() {
Expand Down