lestrrat-go / jwx
Showing 1 of 1 files from the diff.

@@ -263,29 +263,22 @@
Loading
263 263
	}
264 264
265 265
	if ctx.inferAlgorithm {
266 -
		// Okay, we couldn't deterministically find the single key to use.
267 -
		// fallback to heuristics.
268 -
		for i := 0; i < ks.Len(); i++ {
269 -
			key, _ := ks.Get(i)
270 -
			algs, err := jws.AlgorithmsForKey(key)
271 -
			if err != nil {
272 -
				return nil, _JwsVerifyInvalid, errors.Wrapf(err, `failed to get a list of signature methods for key type %s`, key.KeyType())
273 -
			}
274 -
275 -
			for _, alg := range algs {
276 -
				// bail out if the JWT has a `alg` field, and it doesn't match
277 -
				if tokAlg := headers.Algorithm(); tokAlg != "" {
278 -
					if tokAlg != alg {
279 -
						continue
280 -
					}
281 -
				}
266 +
		// Check whether the JWT headers specify a valid
267 +
		// algorithm, use it if it's compatible.
268 +
		algs, err := jws.AlgorithmsForKey(key)
269 +
		if err != nil {
270 +
			return nil, _JwsVerifyInvalid, errors.Wrapf(err, `failed to get a list of signature methods for key type %s`, key.KeyType())
271 +
		}
282 272
283 -
				// Yippeeeeeee! we found a key that matches both kid and alg!
284 -
				v, state, err := verifyJWSWithParams(ctx, payload, alg, key)
285 -
				if err == nil {
286 -
					return v, state, nil
273 +
		for _, alg := range algs {
274 +
			// bail out if the JWT has a `alg` field, and it doesn't match
275 +
			if tokAlg := headers.Algorithm(); tokAlg != "" {
276 +
				if tokAlg != alg {
277 +
					continue
287 278
				}
288 279
			}
280 +
281 +
			return verifyJWSWithParams(ctx, payload, alg, key)
289 282
		}
290 283
	}
291 284
Files Coverage
internal 80.92%
jwa 100.00%
jwe 64.22%
jwk 73.28%
jws 75.99%
jwt 74.56%
cmd/jwx/jwx.go 100.00%
format.go 84.62%
formatkind_string_gen.go 100.00%
options.go 66.67%
x25519/x25519.go 82.35%
Project Totals (83 files) 72.75%
Sunburst
The inner-most circle is the entire project, moving away from the center are folders then, finally, a single file. The size and color of each slice is representing the number of statements and the coverage, respectively.
Icicle
The top section represents the entire project. Proceeding with folders and finally individual files. The size and color of each slice is representing the number of statements and the coverage, respectively.
Grid
Each block represents a single file in the project. The size and color of each block is represented by the number of statements and the coverage, respectively.
Loading