don't allow empty HMAC key for verification

ivan-tkatchev · Jul 31, 2019 · 651ab74 · 651ab74
1 parent 6c82801
commit 651ab74
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/JWT/src/Signer.cpp b/JWT/src/Signer.cpp
@@ -132,6 +132,8 @@ class HMACAlgorithm: public Algorithm
 public:
 	Poco::DigestEngine::Digest sign(const Signer& signer, const std::string& header, const std::string& payload)
 	{
+		if (signer.getHMACKey().empty()) throw SignatureGenerationException("No HMAC key available");
+
 		Poco::HMACEngine<Engine> hmac(signer.getHMACKey());
 		hmac.update(header);
 		hmac.update('.');