From bee0c88dfacf69ae3fa675512b1134b47b771860 Mon Sep 17 00:00:00 2001 From: Manpreet Date: Thu, 9 Jan 2020 12:41:46 +0530 Subject: [PATCH 1/5] Handling case when "use" paramter is blank --- src/JwksClient.js | 2 +- tests/jwksClient.tests.js | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/JwksClient.js b/src/JwksClient.js index f50fa7f..f401e55 100644 --- a/src/JwksClient.js +++ b/src/JwksClient.js @@ -66,7 +66,7 @@ export class JwksClient { } const signingKeys = keys - .filter(key => key.use === 'sig' && key.kty === 'RSA' && key.kid && ((key.x5c && key.x5c.length) || (key.n && key.e))) + .filter(key => (!key.use || key.use === 'sig') && key.kty === 'RSA' && key.kid && ((key.x5c && key.x5c.length) || (key.n && key.e))) .map(key => { if (key.x5c && key.x5c.length) { return { diff --git a/tests/jwksClient.tests.js b/tests/jwksClient.tests.js index bb685dd..8fb578c 100644 --- a/tests/jwksClient.tests.js +++ b/tests/jwksClient.tests.js @@ -278,6 +278,14 @@ describe("JwksClient", () => { e: "AQAB", n: "s4W7xjkQZP3OwG7PfRgcYKn8eRYXHiz1iK503fS-K2FZo-Ublwwa2xFZWpsUU_jtoVCwIkaqZuo6xoKtlMYXXvfVHGuKBHEBVn8b8x_57BQWz1d0KdrNXxuMvtFe6RzMqiMqzqZrzae4UqVCkYqcR9gQx66Ehq7hPmCxJCkg7ajo7fu6E7dPd34KH2HSYRsaaEA_BcKTeb9H1XE_qEKjog68wUU9Ekfl3FBIRN-1Ah_BoktGFoXyi_jt0-L0-gKcL1BLmUlGzMusvRbjI_0-qj-mc0utGdRjY-xIN2yBj8vl4DODO-wMwfp-cqZbCd9TENyHaTb8iA27s-73L3ExOQ" + }, + { + "kid": "85b539b0f0c8429b8fabcd6526401444", + "kty": "RSA", + "use": "", + "alg": "", + "n": "iY2WDVmdhraQwnsHzkV8pMuuhaA75jYd5faUEN6ARESsK3tJFioky1HSpEbzpb5iVqCK45C-p6jAZzI9Ci1J9G46t2svoXao_eFGddL6uYzkkd_jFrmk8GXG9lnBnqeoOCPvhOjznAJmEFC4HHx5X3o5uqNnBAWBW0Th65bu5ktLOIy29A4gIwYH7vGdTiUSGx-YkXic5LSePs7zNlOtkULSAcHPxgIzW8GTnvaYep41qYvwotHiBdWX9zf4Q5uZOGSfEO-P01ph_iaTUY2kmUrLRzsq4ztChWBK0kHxJLm64CJP46MYFUdaGjLcAFOyMRJr6hzmxrIKFeQzjmVDIQ", + "e": "AQAB" } ] }); @@ -289,12 +297,13 @@ describe("JwksClient", () => { client.getSigningKeys((err, keys) => { expect(err).to.be.null; expect(keys).not.to.be.null; - expect(keys.length).to.equal(2); + expect(keys.length).to.equal(3); expect(keys[0].rsaPublicKey).not.to.be.null; expect(keys[0].kid).to.equal("IdTokenSigningKeyContainer"); expect(keys[1].kid).to.equal("IdTokenSigningKeyContainer.v2"); expect(keys[1].rsaPublicKey).not.to.be.null; expect(keys[1].nbf).to.equal(1459289287); + expect(keys[2].rsaPublicKey).not.to.be.null; done(); }); }); From f177f5c8b32ee7bdf4c611857b8bb58ea71f0cca Mon Sep 17 00:00:00 2001 From: Manpreet Date: Thu, 9 Jan 2020 13:05:13 +0530 Subject: [PATCH 2/5] Updating test case --- tests/jwksClient.tests.js | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/tests/jwksClient.tests.js b/tests/jwksClient.tests.js index 8fb578c..5b275fa 100644 --- a/tests/jwksClient.tests.js +++ b/tests/jwksClient.tests.js @@ -280,13 +280,23 @@ describe("JwksClient", () => { "s4W7xjkQZP3OwG7PfRgcYKn8eRYXHiz1iK503fS-K2FZo-Ublwwa2xFZWpsUU_jtoVCwIkaqZuo6xoKtlMYXXvfVHGuKBHEBVn8b8x_57BQWz1d0KdrNXxuMvtFe6RzMqiMqzqZrzae4UqVCkYqcR9gQx66Ehq7hPmCxJCkg7ajo7fu6E7dPd34KH2HSYRsaaEA_BcKTeb9H1XE_qEKjog68wUU9Ekfl3FBIRN-1Ah_BoktGFoXyi_jt0-L0-gKcL1BLmUlGzMusvRbjI_0-qj-mc0utGdRjY-xIN2yBj8vl4DODO-wMwfp-cqZbCd9TENyHaTb8iA27s-73L3ExOQ" }, { - "kid": "85b539b0f0c8429b8fabcd6526401444", - "kty": "RSA", - "use": "", - "alg": "", - "n": "iY2WDVmdhraQwnsHzkV8pMuuhaA75jYd5faUEN6ARESsK3tJFioky1HSpEbzpb5iVqCK45C-p6jAZzI9Ci1J9G46t2svoXao_eFGddL6uYzkkd_jFrmk8GXG9lnBnqeoOCPvhOjznAJmEFC4HHx5X3o5uqNnBAWBW0Th65bu5ktLOIy29A4gIwYH7vGdTiUSGx-YkXic5LSePs7zNlOtkULSAcHPxgIzW8GTnvaYep41qYvwotHiBdWX9zf4Q5uZOGSfEO-P01ph_iaTUY2kmUrLRzsq4ztChWBK0kHxJLm64CJP46MYFUdaGjLcAFOyMRJr6hzmxrIKFeQzjmVDIQ", - "e": "AQAB" - } + kid: "IdTokenSigningKeyContainer.v3", + nbf: 1459289287, + use: "", + kty: "RSA", + e: "AQAB", + n: + "s4W7xjkQZP3OwG7PfRgcYKn8eRYXHiz1iK503fS-K2FZo-Ublwwa2xFZWpsUU_jtoVCwIkaqZuo6xoKtlMYXXvfVHGuKBHEBVn8b8x_57BQWz1d0KdrNXxuMvtFe6RzMqiMqzqZrzae4UqVCkYqcR9gQx66Ehq7hPmCxJCkg7ajo7fu6E7dPd34KH2HSYRsaaEA_BcKTeb9H1XE_qEKjog68wUU9Ekfl3FBIRN-1Ah_BoktGFoXyi_jt0-L0-gKcL1BLmUlGzMusvRbjI_0-qj-mc0utGdRjY-xIN2yBj8vl4DODO-wMwfp-cqZbCd9TENyHaTb8iA27s-73L3ExOQ" + }, + { + kid: "IdTokenSigningKeyContainer.v3", + nbf: 1459289287, + use: "enc", + kty: "RSA", + e: "AQAB", + n: + "s4W7xjkQZP3OwG7PfRgcYKn8eRYXHiz1iK503fS-K2FZo-Ublwwa2xFZWpsUU_jtoVCwIkaqZuo6xoKtlMYXXvfVHGuKBHEBVn8b8x_57BQWz1d0KdrNXxuMvtFe6RzMqiMqzqZrzae4UqVCkYqcR9gQx66Ehq7hPmCxJCkg7ajo7fu6E7dPd34KH2HSYRsaaEA_BcKTeb9H1XE_qEKjog68wUU9Ekfl3FBIRN-1Ah_BoktGFoXyi_jt0-L0-gKcL1BLmUlGzMusvRbjI_0-qj-mc0utGdRjY-xIN2yBj8vl4DODO-wMwfp-cqZbCd9TENyHaTb8iA27s-73L3ExOQ" + }, ] }); From 6ab4bd3ae12ff8d6f610f273e1c60b566b90df2c Mon Sep 17 00:00:00 2001 From: Manpreet Date: Mon, 13 Jan 2020 17:50:22 +0530 Subject: [PATCH 3/5] Incorporating review feedback --- tests/jwksClient.tests.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/jwksClient.tests.js b/tests/jwksClient.tests.js index 5b275fa..17557d0 100644 --- a/tests/jwksClient.tests.js +++ b/tests/jwksClient.tests.js @@ -282,14 +282,13 @@ describe("JwksClient", () => { { kid: "IdTokenSigningKeyContainer.v3", nbf: 1459289287, - use: "", kty: "RSA", e: "AQAB", n: "s4W7xjkQZP3OwG7PfRgcYKn8eRYXHiz1iK503fS-K2FZo-Ublwwa2xFZWpsUU_jtoVCwIkaqZuo6xoKtlMYXXvfVHGuKBHEBVn8b8x_57BQWz1d0KdrNXxuMvtFe6RzMqiMqzqZrzae4UqVCkYqcR9gQx66Ehq7hPmCxJCkg7ajo7fu6E7dPd34KH2HSYRsaaEA_BcKTeb9H1XE_qEKjog68wUU9Ekfl3FBIRN-1Ah_BoktGFoXyi_jt0-L0-gKcL1BLmUlGzMusvRbjI_0-qj-mc0utGdRjY-xIN2yBj8vl4DODO-wMwfp-cqZbCd9TENyHaTb8iA27s-73L3ExOQ" }, { - kid: "IdTokenSigningKeyContainer.v3", + kid: "IdTokenSigningKeyContainer.v4", nbf: 1459289287, use: "enc", kty: "RSA", From c366230660b6801ebb6198ffd59eaea99b9a3659 Mon Sep 17 00:00:00 2001 From: Manpreet Date: Wed, 15 Jan 2020 19:00:49 +0530 Subject: [PATCH 4/5] Updating check to property existance --- src/JwksClient.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/JwksClient.js b/src/JwksClient.js index f401e55..7e1c87e 100644 --- a/src/JwksClient.js +++ b/src/JwksClient.js @@ -66,7 +66,7 @@ export class JwksClient { } const signingKeys = keys - .filter(key => (!key.use || key.use === 'sig') && key.kty === 'RSA' && key.kid && ((key.x5c && key.x5c.length) || (key.n && key.e))) + .filter(key => (!key.hasOwnProperty('use') || key.use === 'sig') && key.kty === 'RSA' && key.kid && ((key.x5c && key.x5c.length) || (key.n && key.e))) .map(key => { if (key.x5c && key.x5c.length) { return { From 7b6aa8013efbcc0bc86918479df5d9d3c6b53105 Mon Sep 17 00:00:00 2001 From: Manpreet Date: Thu, 16 Jan 2020 17:26:04 +0530 Subject: [PATCH 5/5] Simplifying filter conditions --- src/JwksClient.js | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/JwksClient.js b/src/JwksClient.js index 7e1c87e..7debe82 100644 --- a/src/JwksClient.js +++ b/src/JwksClient.js @@ -66,7 +66,18 @@ export class JwksClient { } const signingKeys = keys - .filter(key => (!key.hasOwnProperty('use') || key.use === 'sig') && key.kty === 'RSA' && key.kid && ((key.x5c && key.x5c.length) || (key.n && key.e))) + .filter((key) => { + if(key.kty !== 'RSA'){ + return false; + } + if(!key.kid){ + return false; + } + if(key.hasOwnProperty('use') && key.use !== 'sig'){ + return false; + } + return ((key.x5c && key.x5c.length) || (key.n && key.e)); + }) .map(key => { if (key.x5c && key.x5c.length) { return {