Skip to content

Commit

Permalink
Merge pull request #235 from lolgear/cleanup/known_bugs
Browse files Browse the repository at this point in the history
[Cleanup] Known bugs.
  • Loading branch information
lolgear authored Jun 8, 2021
2 parents 2709deb + 82ab932 commit 466a8e8
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 12 deletions.
28 changes: 24 additions & 4 deletions Sources/JWT/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@

#import <JWT/JWTCryptoSecurity.h>
#import <JWT/JWTCryptoSecurity+ErrorHandling.h>
#import <JWT/JWTErrorDescription.h>

@interface JWTMemoryLayout : NSObject
+ (NSString *)typeUInt8;
+ (NSString *)typeCUnsignedChar;
Expand Down Expand Up @@ -129,18 +131,28 @@ + (SecKeyRef)keyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; {
return NULL;
}

+ (void)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; {
+ (BOOL)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; {
NSData *tagData = [tag dataUsingEncoding:NSUTF8StringEncoding];
if (tagData == nil) {
// tell that nothing to remove.
return;
if (error) {
*error = [JWTErrorDescription errorWithCode:JWTUnexpectedError];
}
return NO;
}
NSDictionary *removeAttributes = @{
(__bridge NSString*)kSecClass: (__bridge NSString*)kSecClassKey,
(__bridge NSString*)kSecAttrKeyType: (__bridge NSString*)kSecAttrKeyTypeRSA,
(__bridge NSString*)kSecAttrApplicationTag: tagData,
(__bridge NSString*)kSecAttrApplicationTag: tagData
};
SecItemDelete((__bridge CFDictionaryRef)removeAttributes);
OSStatus status = SecItemDelete((__bridge CFDictionaryRef)removeAttributes);
if (status != errSecSuccess) {
if (error) {
*error = [NSError errorWithDomain:NSOSStatusErrorDomain code:status userInfo:nil];
}
}
return status != errSecSuccess;

}
@end

Expand Down Expand Up @@ -185,6 +197,14 @@ + (OSStatus)extractIdentityAndTrustFromPKCS12:(CFDataRef)inPKCS12Data password:(
optionsDictionary,
&items); // 2

/**
@discussion
If a pkcs12 that was created with only one private key in it and no certificate was tried used, this just crashed when accessing index 0 with the CFArrayGetValueAtIndex.
*/
if (items != nil && CFArrayGetCount(items) == 0) {
securityError = errSecPkcs12VerifyFailure;
}

//
if (securityError == 0) { // 3
CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
Expand Down
14 changes: 8 additions & 6 deletions Sources/JWT/Supplement/JWTErrorDescription.m
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,10 @@ @implementation JWTErrorDescription
+ (NSDictionary *)userDescriptionsAndCodes {
static NSDictionary *userDescriptionsAndCodes = nil;
return userDescriptionsAndCodes ?: (userDescriptionsAndCodes = @{
@(JWTUnexpectedError): @"JWT unexpected error",
@(JWTInvalidFormatError): @"Invalid format! Try to check your encoding algorithm. Maybe you put too many dots as delimiters?",
@(JWTUnsupportedAlgorithmError): @"Unsupported algorithm! You could implement it by yourself",
@(JWTAlgorithmNameMismatchError) : @"Algorithm doesn't match name in header.",
@(JWTAlgorithmNameMismatchError): @"Algorithm doesn't match name in header.",
@(JWTInvalidSignatureError): @"Invalid signature! It seems that signed part of jwt mismatch generated part by algorithm provided in header.",
@(JWTNoPayloadError): @"No payload! Hey, forget payload?",
@(JWTNoHeaderError): @"No header! Hmm",
Expand All @@ -27,17 +28,18 @@ + (NSDictionary *)userDescriptionsAndCodes {
@(JWTBlacklistedAlgorithmError): @"Algorithm in blacklist? Try to check whitelist parameter",
@(JWTDecodingHeaderError): @"Error decoding the JWT Header segment.",
@(JWTDecodingPayloadError): @"Error decoding the JWT Payload segment.",
@(JWTDecodingHoldersChainEmptyError) : @"Error decoding the JWT algorithm and data holders chain is empty!",
@(JWTHolderSecretDataNotSetError) : @"Error encoding/decoding .secretData not set when using sign/verify keys. Bug. Workaround is simple. Set secretData: { holder.secretData([NSData data]); }"
@(JWTDecodingHoldersChainEmptyError): @"Error decoding the JWT algorithm and data holders chain is empty!",
@(JWTHolderSecretDataNotSetError): @"Error encoding/decoding .secretData not set when using sign/verify keys. Bug. Workaround is simple. Set secretData: { holder.secretData([NSData data]); }"
});
}

+ (NSDictionary *)errorDescriptionsAndCodes {
static NSDictionary *errorDescriptionsAndCodes = nil;
return errorDescriptionsAndCodes ?: (errorDescriptionsAndCodes = @{
@(JWTUnexpectedError): @"JWTUnexpectedError",
@(JWTInvalidFormatError): @"JWTInvalidFormatError",
@(JWTUnsupportedAlgorithmError): @"JWTUnsupportedAlgorithmError",
@(JWTAlgorithmNameMismatchError) :@"JWTAlgorithmNameMismatchError",
@(JWTAlgorithmNameMismatchError): @"JWTAlgorithmNameMismatchError",
@(JWTInvalidSignatureError): @"JWTInvalidSignatureError",
@(JWTNoPayloadError): @"JWTNoPayloadError",
@(JWTNoHeaderError): @"JWTNoHeaderError",
Expand All @@ -50,8 +52,8 @@ + (NSDictionary *)errorDescriptionsAndCodes {
@(JWTBlacklistedAlgorithmError): @"JWTBlacklistedAlgorithmError",
@(JWTDecodingHeaderError): @"JWTDecodingHeaderError",
@(JWTDecodingPayloadError): @"JWTDecodingPayloadError",
@(JWTDecodingHoldersChainEmptyError) :@"JWTDecodingHoldersChainEmptyError",
@(JWTHolderSecretDataNotSetError) : @"JWTHolderSecretDataNotSetError"
@(JWTDecodingHoldersChainEmptyError): @"JWTDecodingHoldersChainEmptyError",
@(JWTHolderSecretDataNotSetError): @"JWTHolderSecretDataNotSetError"
});
}

Expand Down
2 changes: 1 addition & 1 deletion Sources/JWT/include/JWT/JWTCryptoSecurity.h
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
+ (SecKeyRef)addKeyWithData:(NSData *)data asPublic:(BOOL)public tag:(NSString *)tag type:(NSString *)type error:(NSError *__autoreleasing*)error;
+ (SecKeyRef)addKeyWithData:(NSData *)data asPublic:(BOOL)public tag:(NSString *)tag error:(NSError *__autoreleasing*)error;
+ (SecKeyRef)keyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error;
+ (void)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error;
+ (BOOL)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error;
@end

@interface JWTCryptoSecurity (Certificates)
Expand Down
3 changes: 2 additions & 1 deletion Sources/JWT/include/JWT/JWTErrorDescription.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
extern NSString *JWTErrorDomain;

typedef NS_ENUM(NSInteger, JWTError) {
JWTInvalidFormatError = -100,
JWTUnexpectedError = -99,
JWTInvalidFormatError,
JWTUnsupportedAlgorithmError,
JWTAlgorithmNameMismatchError,
JWTInvalidSignatureError,
Expand Down

0 comments on commit 466a8e8

Please sign in to comment.