From 92b3eaf897bb56c4880fb46ea2733381d6be9212 Mon Sep 17 00:00:00 2001 From: Laurin-Notemann Date: Wed, 8 Nov 2023 10:18:55 +0100 Subject: [PATCH 1/6] Improve ErrInvalidKeyType error message --- errors.go | 2 +- example_test.go | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/errors.go b/errors.go index 23bb616d..8f0cd1b8 100644 --- a/errors.go +++ b/errors.go @@ -7,7 +7,7 @@ import ( var ( ErrInvalidKey = errors.New("key is invalid") - ErrInvalidKeyType = errors.New("key is of invalid type") + ErrInvalidKeyType = errors.New("key is of invalid go type (should be []byte())") ErrHashUnavailable = errors.New("the requested hash function is unavailable") ErrTokenMalformed = errors.New("token is malformed") ErrTokenUnverifiable = errors.New("token is unverifiable") diff --git a/example_test.go b/example_test.go index 651841de..6d79efa7 100644 --- a/example_test.go +++ b/example_test.go @@ -85,6 +85,7 @@ func ExampleParseWithClaims_customClaimsType() { } token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) { + // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }) if err != nil { @@ -109,6 +110,7 @@ func ExampleParseWithClaims_validationOptions() { } token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) { + // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }, jwt.WithLeeway(5*time.Second)) if err != nil { @@ -148,6 +150,7 @@ func ExampleParseWithClaims_customValidation() { tokenString := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiYXVkIjoic2luZ2xlIn0.QAWg1vGvnqRuCFTMcPkjZljXHh8U3L_qUjszOtQbeaA" token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) { + // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }, jwt.WithLeeway(5*time.Second)) if err != nil { @@ -167,6 +170,7 @@ func ExampleParse_errorChecking() { var tokenString = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJleHAiOjE1MDAwLCJpc3MiOiJ0ZXN0In0.HE7fK0xOQwFEr4WDgRWj4teRPZ6i3GLwD5YCm6Pwu_c" token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { + // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }) From b3b45a6e1037c6b6628b1608da7be1018c0f79a7 Mon Sep 17 00:00:00 2001 From: Laurin-Notemann Date: Wed, 8 Nov 2023 12:38:13 +0100 Subject: [PATCH 2/6] add specific expected type to error message --- ecdsa.go | 4 ++-- ed25519.go | 4 ++-- errors.go | 2 +- hmac.go | 4 ++-- rsa.go | 2 +- rsa_pss.go | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/ecdsa.go b/ecdsa.go index 4ccae2a8..c04d2f09 100644 --- a/ecdsa.go +++ b/ecdsa.go @@ -62,7 +62,7 @@ func (m *SigningMethodECDSA) Verify(signingString string, sig []byte, key interf case *ecdsa.PublicKey: ecdsaKey = k default: - return ErrInvalidKeyType + return newError("ecdsa verify expects *ecsda.PublicKey", ErrInvalidKeyType) } if len(sig) != 2*m.KeySize { @@ -96,7 +96,7 @@ func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) ([]byte case *ecdsa.PrivateKey: ecdsaKey = k default: - return nil, ErrInvalidKeyType + return nil, newError("ecdsa sign expects *ecsda.PrivateKey", ErrInvalidKeyType) } // Create the hasher diff --git a/ed25519.go b/ed25519.go index eb6bdf01..5183518b 100644 --- a/ed25519.go +++ b/ed25519.go @@ -38,7 +38,7 @@ func (m *SigningMethodEd25519) Verify(signingString string, sig []byte, key inte var ok bool if ed25519Key, ok = key.(ed25519.PublicKey); !ok { - return ErrInvalidKeyType + return newError("ed25519 verify expects ed25519.PublicKey", ErrInvalidKeyType) } if len(ed25519Key) != ed25519.PublicKeySize { @@ -60,7 +60,7 @@ func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) ([]by var ok bool if ed25519Key, ok = key.(crypto.Signer); !ok { - return nil, ErrInvalidKeyType + return nil, newError("ed25519 sign expects crypto.Signer", ErrInvalidKeyType) } if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok { diff --git a/errors.go b/errors.go index 8f0cd1b8..ef3586e2 100644 --- a/errors.go +++ b/errors.go @@ -7,7 +7,7 @@ import ( var ( ErrInvalidKey = errors.New("key is invalid") - ErrInvalidKeyType = errors.New("key is of invalid go type (should be []byte())") + ErrInvalidKeyType = errors.New("key is of invalid go type") ErrHashUnavailable = errors.New("the requested hash function is unavailable") ErrTokenMalformed = errors.New("token is malformed") ErrTokenUnverifiable = errors.New("token is unverifiable") diff --git a/hmac.go b/hmac.go index 91b688ba..a45236ee 100644 --- a/hmac.go +++ b/hmac.go @@ -59,7 +59,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa // Verify the key is the right type keyBytes, ok := key.([]byte) if !ok { - return ErrInvalidKeyType + return newError("hmac verify expects []byte", ErrInvalidKeyType) } // Can we use the specified hashing method? @@ -91,7 +91,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte, error) { if keyBytes, ok := key.([]byte); ok { if !m.Hash.Available() { - return nil, ErrHashUnavailable + return nil, newError("hmac sign expects []byte", ErrInvalidKeyType) } hasher := hmac.New(m.Hash.New, keyBytes) diff --git a/rsa.go b/rsa.go index daff0943..b12e098d 100644 --- a/rsa.go +++ b/rsa.go @@ -51,7 +51,7 @@ func (m *SigningMethodRSA) Verify(signingString string, sig []byte, key interfac var ok bool if rsaKey, ok = key.(*rsa.PublicKey); !ok { - return ErrInvalidKeyType + return newError("rsa verify expects *rsa.PublicKey", ErrInvalidKeyType) } // Create hasher diff --git a/rsa_pss.go b/rsa_pss.go index 9599f0a4..21b626aa 100644 --- a/rsa_pss.go +++ b/rsa_pss.go @@ -115,7 +115,7 @@ func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) ([]byt case *rsa.PrivateKey: rsaKey = k default: - return nil, ErrInvalidKeyType + return nil, newError("rsapss sign expects *rsa.PrivateKey", ErrInvalidKeyType) } // Create the hasher From c37696e46b5d8eb2f0753f3212dec56f2381386c Mon Sep 17 00:00:00 2001 From: Laurin-Notemann Date: Wed, 8 Nov 2023 12:40:37 +0100 Subject: [PATCH 3/6] fix ErrInvalidKey error to ErrInvalidKeyType in rsa and rsapss --- rsa.go | 2 +- rsa_pss.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rsa.go b/rsa.go index b12e098d..f5c6481c 100644 --- a/rsa.go +++ b/rsa.go @@ -73,7 +73,7 @@ func (m *SigningMethodRSA) Sign(signingString string, key interface{}) ([]byte, // Validate type of key if rsaKey, ok = key.(*rsa.PrivateKey); !ok { - return nil, ErrInvalidKey + return nil, newError("rsa sign expects *rsa.PrivateKey", ErrInvalidKeyType) } // Create the hasher diff --git a/rsa_pss.go b/rsa_pss.go index 21b626aa..55b1bf08 100644 --- a/rsa_pss.go +++ b/rsa_pss.go @@ -88,7 +88,7 @@ func (m *SigningMethodRSAPSS) Verify(signingString string, sig []byte, key inter case *rsa.PublicKey: rsaKey = k default: - return ErrInvalidKey + return newError("rsapss verify expects *rsa.PublicKey", ErrInvalidKeyType) } // Create hasher From fcdcf1167e56c4e7f38b65dd635192e8f07c2f7d Mon Sep 17 00:00:00 2001 From: Laurin-Notemann Date: Wed, 8 Nov 2023 13:41:41 +0100 Subject: [PATCH 4/6] format --- errors.go | 2 +- example_test.go | 8 ++++---- hmac.go | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/errors.go b/errors.go index ef3586e2..23bb616d 100644 --- a/errors.go +++ b/errors.go @@ -7,7 +7,7 @@ import ( var ( ErrInvalidKey = errors.New("key is invalid") - ErrInvalidKeyType = errors.New("key is of invalid go type") + ErrInvalidKeyType = errors.New("key is of invalid type") ErrHashUnavailable = errors.New("the requested hash function is unavailable") ErrTokenMalformed = errors.New("token is malformed") ErrTokenUnverifiable = errors.New("token is unverifiable") diff --git a/example_test.go b/example_test.go index 6d79efa7..53a8cd6c 100644 --- a/example_test.go +++ b/example_test.go @@ -85,7 +85,7 @@ func ExampleParseWithClaims_customClaimsType() { } token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) { - // []byte("AllYourBase") refers to the signing key that is used to sign the claim with + // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }) if err != nil { @@ -110,7 +110,7 @@ func ExampleParseWithClaims_validationOptions() { } token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) { - // []byte("AllYourBase") refers to the signing key that is used to sign the claim with + // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }, jwt.WithLeeway(5*time.Second)) if err != nil { @@ -150,7 +150,7 @@ func ExampleParseWithClaims_customValidation() { tokenString := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiYXVkIjoic2luZ2xlIn0.QAWg1vGvnqRuCFTMcPkjZljXHh8U3L_qUjszOtQbeaA" token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) { - // []byte("AllYourBase") refers to the signing key that is used to sign the claim with + // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }, jwt.WithLeeway(5*time.Second)) if err != nil { @@ -170,7 +170,7 @@ func ExampleParse_errorChecking() { var tokenString = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJleHAiOjE1MDAwLCJpc3MiOiJ0ZXN0In0.HE7fK0xOQwFEr4WDgRWj4teRPZ6i3GLwD5YCm6Pwu_c" token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { - // []byte("AllYourBase") refers to the signing key that is used to sign the claim with + // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }) diff --git a/hmac.go b/hmac.go index a45236ee..5ed0c848 100644 --- a/hmac.go +++ b/hmac.go @@ -91,7 +91,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte, error) { if keyBytes, ok := key.([]byte); ok { if !m.Hash.Available() { - return nil, newError("hmac sign expects []byte", ErrInvalidKeyType) + return nil, newError("hmac sign expects []byte", ErrInvalidKeyType) } hasher := hmac.New(m.Hash.New, keyBytes) From c7f33b379111dcf6fbc9ff3203ee9bb8eeb49a14 Mon Sep 17 00:00:00 2001 From: Laurin-Notemann Date: Wed, 8 Nov 2023 13:50:16 +0100 Subject: [PATCH 5/6] revert changes from example_test.go remove the comments --- example_test.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/example_test.go b/example_test.go index 53a8cd6c..651841de 100644 --- a/example_test.go +++ b/example_test.go @@ -85,7 +85,6 @@ func ExampleParseWithClaims_customClaimsType() { } token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) { - // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }) if err != nil { @@ -110,7 +109,6 @@ func ExampleParseWithClaims_validationOptions() { } token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) { - // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }, jwt.WithLeeway(5*time.Second)) if err != nil { @@ -150,7 +148,6 @@ func ExampleParseWithClaims_customValidation() { tokenString := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiYXVkIjoic2luZ2xlIn0.QAWg1vGvnqRuCFTMcPkjZljXHh8U3L_qUjszOtQbeaA" token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) { - // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }, jwt.WithLeeway(5*time.Second)) if err != nil { @@ -170,7 +167,6 @@ func ExampleParse_errorChecking() { var tokenString = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJleHAiOjE1MDAwLCJpc3MiOiJ0ZXN0In0.HE7fK0xOQwFEr4WDgRWj4teRPZ6i3GLwD5YCm6Pwu_c" token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { - // []byte("AllYourBase") refers to the signing key that is used to sign the claim with return []byte("AllYourBase"), nil }) From ce050d55a390ddbb32faa7e2dec5965c6f8f8597 Mon Sep 17 00:00:00 2001 From: Laurin-Notemann Date: Fri, 17 Nov 2023 17:21:37 +0100 Subject: [PATCH 6/6] fix: udpate the signing names to uppercase --- ecdsa.go | 4 ++-- ed25519.go | 4 ++-- hmac.go | 4 ++-- rsa.go | 4 ++-- rsa_pss.go | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ecdsa.go b/ecdsa.go index c04d2f09..ca85659b 100644 --- a/ecdsa.go +++ b/ecdsa.go @@ -62,7 +62,7 @@ func (m *SigningMethodECDSA) Verify(signingString string, sig []byte, key interf case *ecdsa.PublicKey: ecdsaKey = k default: - return newError("ecdsa verify expects *ecsda.PublicKey", ErrInvalidKeyType) + return newError("ECDSA verify expects *ecsda.PublicKey", ErrInvalidKeyType) } if len(sig) != 2*m.KeySize { @@ -96,7 +96,7 @@ func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) ([]byte case *ecdsa.PrivateKey: ecdsaKey = k default: - return nil, newError("ecdsa sign expects *ecsda.PrivateKey", ErrInvalidKeyType) + return nil, newError("ECDSA sign expects *ecsda.PrivateKey", ErrInvalidKeyType) } // Create the hasher diff --git a/ed25519.go b/ed25519.go index 5183518b..c2138119 100644 --- a/ed25519.go +++ b/ed25519.go @@ -38,7 +38,7 @@ func (m *SigningMethodEd25519) Verify(signingString string, sig []byte, key inte var ok bool if ed25519Key, ok = key.(ed25519.PublicKey); !ok { - return newError("ed25519 verify expects ed25519.PublicKey", ErrInvalidKeyType) + return newError("Ed25519 verify expects ed25519.PublicKey", ErrInvalidKeyType) } if len(ed25519Key) != ed25519.PublicKeySize { @@ -60,7 +60,7 @@ func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) ([]by var ok bool if ed25519Key, ok = key.(crypto.Signer); !ok { - return nil, newError("ed25519 sign expects crypto.Signer", ErrInvalidKeyType) + return nil, newError("Ed25519 sign expects crypto.Signer", ErrInvalidKeyType) } if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok { diff --git a/hmac.go b/hmac.go index 5ed0c848..96c62722 100644 --- a/hmac.go +++ b/hmac.go @@ -59,7 +59,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa // Verify the key is the right type keyBytes, ok := key.([]byte) if !ok { - return newError("hmac verify expects []byte", ErrInvalidKeyType) + return newError("HMAC verify expects []byte", ErrInvalidKeyType) } // Can we use the specified hashing method? @@ -91,7 +91,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte, error) { if keyBytes, ok := key.([]byte); ok { if !m.Hash.Available() { - return nil, newError("hmac sign expects []byte", ErrInvalidKeyType) + return nil, newError("HMAC sign expects []byte", ErrInvalidKeyType) } hasher := hmac.New(m.Hash.New, keyBytes) diff --git a/rsa.go b/rsa.go index f5c6481c..83cbee6a 100644 --- a/rsa.go +++ b/rsa.go @@ -51,7 +51,7 @@ func (m *SigningMethodRSA) Verify(signingString string, sig []byte, key interfac var ok bool if rsaKey, ok = key.(*rsa.PublicKey); !ok { - return newError("rsa verify expects *rsa.PublicKey", ErrInvalidKeyType) + return newError("RSA verify expects *rsa.PublicKey", ErrInvalidKeyType) } // Create hasher @@ -73,7 +73,7 @@ func (m *SigningMethodRSA) Sign(signingString string, key interface{}) ([]byte, // Validate type of key if rsaKey, ok = key.(*rsa.PrivateKey); !ok { - return nil, newError("rsa sign expects *rsa.PrivateKey", ErrInvalidKeyType) + return nil, newError("RSA sign expects *rsa.PrivateKey", ErrInvalidKeyType) } // Create the hasher diff --git a/rsa_pss.go b/rsa_pss.go index 55b1bf08..28c386ec 100644 --- a/rsa_pss.go +++ b/rsa_pss.go @@ -88,7 +88,7 @@ func (m *SigningMethodRSAPSS) Verify(signingString string, sig []byte, key inter case *rsa.PublicKey: rsaKey = k default: - return newError("rsapss verify expects *rsa.PublicKey", ErrInvalidKeyType) + return newError("RSA-PSS verify expects *rsa.PublicKey", ErrInvalidKeyType) } // Create hasher @@ -115,7 +115,7 @@ func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) ([]byt case *rsa.PrivateKey: rsaKey = k default: - return nil, newError("rsapss sign expects *rsa.PrivateKey", ErrInvalidKeyType) + return nil, newError("RSA-PSS sign expects *rsa.PrivateKey", ErrInvalidKeyType) } // Create the hasher