mirror of
https://github.com/1f349/mjwt.git
synced 2024-12-22 07:24:05 +00:00
Update rsa-helper
Add read limit for key loader in signer
This commit is contained in:
parent
690b9f9512
commit
5d1bd6f8fd
2
go.mod
2
go.mod
@ -5,7 +5,7 @@ go 1.22
|
|||||||
toolchain go1.22.3
|
toolchain go1.22.3
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/1f349/rsa-helper v0.0.1
|
github.com/1f349/rsa-helper v0.0.2
|
||||||
github.com/becheran/wildmatch-go v1.0.0
|
github.com/becheran/wildmatch-go v1.0.0
|
||||||
github.com/golang-jwt/jwt/v4 v4.5.0
|
github.com/golang-jwt/jwt/v4 v4.5.0
|
||||||
github.com/google/subcommands v1.2.0
|
github.com/google/subcommands v1.2.0
|
||||||
|
4
go.sum
4
go.sum
@ -1,5 +1,5 @@
|
|||||||
github.com/1f349/rsa-helper v0.0.1 h1:Ec/MXHR2eIpLgIR69eqhCV2o8OOBs2JZNAkEhW7HQks=
|
github.com/1f349/rsa-helper v0.0.2 h1:N/fLQqg5wrjIzG6G4zdwa5Xcv9/jIPutCls9YekZr9U=
|
||||||
github.com/1f349/rsa-helper v0.0.1/go.mod h1:VUQ++1tYYhYrXeOmVFkQ82BegR24HQEJHl5lHbjg7yg=
|
github.com/1f349/rsa-helper v0.0.2/go.mod h1:VUQ++1tYYhYrXeOmVFkQ82BegR24HQEJHl5lHbjg7yg=
|
||||||
github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
|
github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
|
||||||
github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
|
github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
|
23
signer.go
23
signer.go
@ -11,6 +11,8 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const readLimit = 10240 // 10 KiB
|
||||||
|
|
||||||
var ErrNoPrivateKeyFound = errors.New("no private key found")
|
var ErrNoPrivateKeyFound = errors.New("no private key found")
|
||||||
|
|
||||||
// defaultMJwtSigner implements Signer and uses an rsa.PrivateKey and issuer name
|
// defaultMJwtSigner implements Signer and uses an rsa.PrivateKey and issuer name
|
||||||
@ -181,15 +183,22 @@ func readOrCreatePrivateKey(file string, random io.Reader, bits int) (*rsa.Priva
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// readOrEmptyFile returns bytes and errors from os.ReadFile or (nil, nil) if the
|
// readOrEmptyFile returns bytes and errors from os.OpenFile or (nil, nil) if the
|
||||||
// file does not exist.
|
// file does not exist.
|
||||||
func readOrEmptyFile(file string) ([]byte, error) {
|
func readOrEmptyFile(file string) ([]byte, error) {
|
||||||
raw, err := os.ReadFile(file)
|
fp, err := os.Open(file)
|
||||||
if err == nil {
|
if err != nil {
|
||||||
return raw, nil
|
if os.IsNotExist(err) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
return nil, err
|
||||||
}
|
}
|
||||||
if os.IsNotExist(err) {
|
defer func() { _ = fp.Close() }()
|
||||||
return nil, nil
|
// add hard limit
|
||||||
|
limitReader := io.LimitReader(fp, readLimit)
|
||||||
|
raw, err := io.ReadAll(limitReader)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
}
|
}
|
||||||
return nil, err
|
return raw, nil
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user