Skip to content

Commit

Permalink
add failing test for JWKS key with unknown curve
Browse files Browse the repository at this point in the history
  • Loading branch information
@btoews
btoews committed Nov 3, 2022
1 parent 5a2fb27 commit d3a7b10
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions ecdsa_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package keyfunc

import (
"encoding/json"
"testing"

"github.com/golang-jwt/jwt/v4"
)

func TestBadCurve(t *testing.T) {
const (
badJWKS = `{"keys":[{"kty":"EC","crv":"BAD","x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4","y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM","use":"sig","kid":"1"}]}`
someJWT = `eyJhbGciOiJFUzI1NiIsImtpZCI6IjEiLCJ0eXAiOiJKV1QifQ.e30.Q1EeyWUv6XEA0gMLwTFoNhx7Hq1MbVwjI2k9FZPSa-myKW1wYn1X6rHtRyuV-2MEzvimCskFD-afL7UzvdWBQg`
)

jwks, err := NewJSON(json.RawMessage(badJWKS))
if err != nil {
t.Fatalf("Failed to create JWKS from JSON: %v", err)
}

defer func() {
if r := recover(); r != nil {
t.Fatalf("panic")
}
}()

if _, err = jwt.Parse(someJWT, jwks.Keyfunc); err == nil {
t.Fatal("No error for bad curve")
}
}

0 comments on commit d3a7b10

Please sign in to comment.