Merge pull request square#139 from b1v1r/v2

Fix crash when using symmetric JSONWebKey for JWS signing
AccelByte · Feb 24, 2017 · d5683d9 · d5683d9
2 parents 76f7817 + 5bfae18
commit d5683d9
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/signing.go b/signing.go
@@ -177,7 +177,13 @@ func newJWKSigner(alg SignatureAlgorithm, signingKey JSONWebKey) (recipientSigIn
 	if err != nil {
 		return recipientSigInfo{}, err
 	}
-	recipient.publicKey.KeyID = signingKey.KeyID
+	if signingKey.IsPublic() {
+		recipient.publicKey.KeyID = signingKey.KeyID
+	} else {
+		recipient.publicKey = &JSONWebKey{
+			KeyID: signingKey.KeyID,
+		}
+	}
 	return recipient, nil
 }
 

diff --git a/signing_test.go b/signing_test.go
@@ -217,11 +217,19 @@ func TestMultiRecipientJWS(t *testing.T) {
 		0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
 		0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
 	}
+	jwkSharedKey := JSONWebKey{
+		KeyID: "123",
+		Key:   sharedKey,
+	}
 
 	signer, err := NewMultiSigner([]SigningKey{
 		{RS256, rsaTestKey},
 		{HS384, sharedKey},
+		{HS512, jwkSharedKey},
 	}, nil)
+	if err != nil {
+		t.Fatal("error creating signer: ", err)
+	}
 
 	input := []byte("Lorem ipsum dolor sit amet")
 	obj, err := signer.Sign(input)