This repository was archived by the owner on Feb 27, 2023. It is now read-only.
Support x5u, x5t, and x5t#S256 headers (for JWK) #242
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mbyczkowski
approved these changes
May 29, 2019
csstaub
changed the title
ghost
mentioned this pull request
Merged
|
@csstaub x5u need to be a string? WDYT? |
|
@ramonberrutti if you think there might be a bug, just open an issue and we can discuss there. Not many people will look at already-merged PRs. |
mbyczkowski
added a commit
that referenced
this pull request
Apr 30, 2020
When support for optional x5u, x5t, and x5t#S256 parameters in JWK was added in #242 (and subsequently released in 2.5.0) it actually broke parsing of JWKs which included those parameters. See #299 for detailed analysis and discussion. Co-authored-by: Mat Byczkowski <[email protected]>
mbyczkowski
added a commit
that referenced
this pull request
Apr 30, 2020
When support for optional x5u, x5t, and x5t#S256 parameters in JWK was added in #242 (and subsequently released in 2.5.0) it actually broke parsing of JWKs which included those parameters. See #299 for detailed analysis and discussion. Cherry-picked from #304 Needed minor tweaks, since v2 doesn't use golangci linter nor Go modules. Co-authored-by: Mat Byczkowski <[email protected]>
mbyczkowski
added a commit
that referenced
this pull request
Apr 30, 2020
When support for optional x5u, x5t, and x5t#S256 parameters in JWK was added in #242 (and subsequently released in 2.5.0) it actually broke parsing of JWKs which included those parameters. See #299 for detailed analysis and discussion. Cherry-picked from #304 Needed minor tweaks, since v2 doesn't use golangci linter nor Go modules. Co-authored-by: Mat Byczkowski <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes:
Note that we could do additional checks on the cert chain, like compare the key usage extension to the defined "use" in the JWK header. But I decided not to implement that at this time -- the standard is a bit fuzzy about how to match these (sigh). We also don't check the cert chain that the x5u URI points at, because we don't want to do an HTTP get on a JSON unmarshal and it could change at any time regardless.
cc @0x13A