Skip to content

Remove duplicated key handlers#318

Merged
prince-chrismc merged 19 commits intoThalhammer:masterfrom
prince-chrismc:ec-key-loaders
Dec 12, 2023
Merged

Remove duplicated key handlers#318
prince-chrismc merged 19 commits intoThalhammer:masterfrom
prince-chrismc:ec-key-loaders

Conversation

@prince-chrismc
Copy link
Collaborator

@prince-chrismc prince-chrismc commented Dec 10, 2023

LoadPublicKeyFromStringReferenceWithEcCert

Trying to test #186 to see if it's easy

@prince-chrismc prince-chrismc marked this pull request as draft December 10, 2023 22:35
@prince-chrismc
Copy link
Collaborator Author

prince-chrismc commented Dec 10, 2023

in 5fd1ad9 I noticed EdDSA is using a mixture of RSA and ECDSA error codes 😦

@prince-chrismc
typo
9560bed
@prince-chrismc
fix tests
6d9ed18
@prince-chrismc
update private key to be more generic
71aa3ae
@prince-chrismc
fixup 2 more tests
7645b2a
@prince-chrismc
update exception for libressl 3.5.3
e69772d 
https://github.com/Thalhammer/jwt-cpp/actions/runs/7161143039/job/19496334109?pr=318#step:8:248

```
[ RUN      ] OpenSSLErrorTest.ECDSACertificate
/home/runner/work/jwt-cpp/jwt-cpp/tests/OpenSSLErrorTest.cpp:487: Failure
Expected equality of these values:
  ec
    Which is: ecdsa_error:19
  e.expected_ec
    Which is: rsa_error:12
```
@prince-chrismc
linter
2f0096a
@prince-chrismc prince-chrismc marked this pull request as ready for review December 11, 2023 00:43
@prince-chrismc prince-chrismc changed the title add a quick test to see if rsa helpers handle ec certs Remove duplicated key handlers Dec 11, 2023
@prince-chrismc prince-chrismc linked an issue Dec 11, 2023 that may be closed by this pull request
Improvements to key loading helpers #186
Closed
@prince-chrismc prince-chrismc mentioned this pull request Dec 11, 2023
Open
prince-chrismc
prince-chrismc commented Dec 11, 2023
View reviewed changes
tests/OpenSSLErrorTest.cpp
Comment on lines +793 to +797
{&fail_BIO_new, 2, jwt::error::ecdsa_error::create_mem_bio_failed},
{&fail_PEM_read_bio_X509, 1, jwt::error::ecdsa_error::cert_load_failed},
{&fail_X509_get_pubkey, 1, jwt::error::ecdsa_error::get_key_failed},
{&fail_PEM_write_bio_PUBKEY, 1, jwt::error::ecdsa_error::write_key_failed}, {
&fail_BIO_ctrl, 1, jwt::error::ecdsa_error::convert_to_pem_failed
Copy link
Collaborator Author

@prince-chrismc prince-chrismc Dec 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure how I feel about this. Its a bit of a breaking change but its more consistent...

Thalhammer
Thalhammer approved these changes Dec 12, 2023
View reviewed changes
Copy link
Owner

@Thalhammer Thalhammer left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the general idea of cleaning up the error handling, given that rsa_error is kind of wrong if you load an ecdsa key.

However I am not sure if I like the implementation. You are essentially duplicating every key error into ecdsa and rsa and the user has to care about that, even though the underlying error is basically the same. With all the upcoming/planned work towards jwks, key related error cases and codes are only going to get more which makes me feel/wonder if a separate error category for key handling might be a better fit. Especially given a key class would very likely be capable of holding all kinds of keys (rsa, ecdsa, maybe even symetric) and I really don't care which one was inside when I want to convert it to pem.

I am still approving this, since the code on its own looks good and it definitly is better than the current solution. I am just not sure if its the best solution.

@prince-chrismc
Copy link
Collaborator Author

prince-chrismc commented Dec 12, 2023

I feel the same way, I was considering fixing the eddsa keys being both RSA and EC -- the big think for 0.8.0 will likely be improving the error handling starting with #252 I am happy I did this because it gave me a better idea of what we have and need to possibly change 👍

I was thinking of a proper cryoptographic_error to cover all of them similar to have there signature_verification and co.

@prince-chrismc prince-chrismc merged commit 8cb307a into Thalhammer:master Dec 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Thalhammer Thalhammer Thalhammer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improvements to key loading helpers

2 participants

@prince-chrismc @Thalhammer