Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove duplicated key handlers #318

Merged
merged 19 commits into from
Dec 12, 2023

Conversation

prince-chrismc
Copy link
Collaborator

LoadPublicKeyFromStringReferenceWithEcCert

Trying to test #186 to see if it's easy

@prince-chrismc prince-chrismc marked this pull request as draft December 10, 2023 22:35
@prince-chrismc
Copy link
Collaborator Author

in 5fd1ad9 I noticed EdDSA is using a mixture of RSA and ECDSA error codes 😦

https://github.com/Thalhammer/jwt-cpp/actions/runs/7161143039/job/19496334109?pr=318#step:8:248

```
[ RUN      ] OpenSSLErrorTest.ECDSACertificate
/home/runner/work/jwt-cpp/jwt-cpp/tests/OpenSSLErrorTest.cpp:487: Failure
Expected equality of these values:
  ec
    Which is: ecdsa_error:19
  e.expected_ec
    Which is: rsa_error:12
```
@prince-chrismc prince-chrismc marked this pull request as ready for review December 11, 2023 00:43
@prince-chrismc prince-chrismc changed the title add a quick test to see if rsa helpers handle ec certs Remove duplicated key handlers Dec 11, 2023
@prince-chrismc prince-chrismc linked an issue Dec 11, 2023 that may be closed by this pull request
Comment on lines +793 to +797
{&fail_BIO_new, 2, jwt::error::ecdsa_error::create_mem_bio_failed},
{&fail_PEM_read_bio_X509, 1, jwt::error::ecdsa_error::cert_load_failed},
{&fail_X509_get_pubkey, 1, jwt::error::ecdsa_error::get_key_failed},
{&fail_PEM_write_bio_PUBKEY, 1, jwt::error::ecdsa_error::write_key_failed}, {
&fail_BIO_ctrl, 1, jwt::error::ecdsa_error::convert_to_pem_failed
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure how I feel about this. Its a bit of a breaking change but its more consistent...

Copy link
Owner

@Thalhammer Thalhammer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the general idea of cleaning up the error handling, given that rsa_error is kind of wrong if you load an ecdsa key.

However I am not sure if I like the implementation. You are essentially duplicating every key error into ecdsa and rsa and the user has to care about that, even though the underlying error is basically the same. With all the upcoming/planned work towards jwks, key related error cases and codes are only going to get more which makes me feel/wonder if a separate error category for key handling might be a better fit. Especially given a key class would very likely be capable of holding all kinds of keys (rsa, ecdsa, maybe even symetric) and I really don't care which one was inside when I want to convert it to pem.

I am still approving this, since the code on its own looks good and it definitly is better than the current solution. I am just not sure if its the best solution.

@prince-chrismc
Copy link
Collaborator Author

I feel the same way, I was considering fixing the eddsa keys being both RSA and EC -- the big think for 0.8.0 will likely be improving the error handling starting with #252 I am happy I did this because it gave me a better idea of what we have and need to possibly change 👍

I was thinking of a proper cryoptographic_error to cover all of them similar to have there signature_verification and co.

@prince-chrismc prince-chrismc merged commit 8cb307a into Thalhammer:master Dec 12, 2023
52 of 53 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Improvements to key loading helpers
2 participants