Skip to content

Commit

Permalink
fix(jwk) return error if exporting private key from public key (#128)
Browse files Browse the repository at this point in the history
  • Loading branch information
fffonion authored Nov 7, 2023
1 parent 969f3e0 commit 3a1bc27
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 1 deletion.
4 changes: 4 additions & 0 deletions lib/resty/openssl/auxiliary/jwk.lua
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,10 @@ end

function _M.dump_jwk(pkey, is_priv)
local jwk
if is_priv and not pkey:is_private() then
return nil, "jwk.dump_jwk: could not dump public key as private key"
end

if pkey.key_type == evp_macro.EVP_PKEY_RSA then
local param_keys = { "n" , "e" }
if is_priv then
Expand Down
37 changes: 36 additions & 1 deletion t/openssl/aux/jwk.t
Original file line number Diff line number Diff line change
Expand Up @@ -225,4 +225,39 @@ true
'pkey.new:load_key: failed to construct OKP key from JWK: at least "x" or "d" parameter is required
'
--- no_error_log
[error]
[error]

=== TEST 4: Errors if tries to export privkey using pubkey
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local privkey, err = require("resty.openssl.pkey").new({ type = 'EC', curve = 'prime256v1'})
if err then
ngx.log(ngx.ERR, err)
return
end
local pem, err = privkey:tostring("public")
if err then
ngx.log(ngx.ERR, err)
return
end
local pubkey, err = require("resty.openssl.pkey").new(pem)
if err then
ngx.log(ngx.ERR, err)
return
end
local _, err = pubkey:tostring("private", "JWK")
ngx.say(err)
}
}
--- request
GET /t
--- response_body eval
'jwk.dump_jwk: could not dump public key as private key
'
--- no_error_log
[error]

0 comments on commit 3a1bc27

Please sign in to comment.