jfinn
/
jitsi_app_c0
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

fix: prosody: token alg is checked before public key is used

master
Aaron van Meerten 3 years ago
parent
fb144a55a3
commit
81c4e9a7fd
1 changed files with 7 additions and 0 deletions
Unified View Show Diff Stats
  1. 7
    0
      resources/prosody-plugins/token/util.lib.lua

+ 7
- 0
resources/prosody-plugins/token/util.lib.lua View File

270 
         if kid == nil then
 270 
         if kid == nil then
271 
             return false, "not-allowed", "'kid' claim is missing";
 271 
             return false, "not-allowed", "'kid' claim is missing";
272 
         end
 272 
         end
273 
+        local alg = header["alg"];
274 
+        if alg == nil then
275 
+            return false, "not-allowed", "'alg' claim is missing";
276 
+        end
277 
+        if alg.sub(alg,1,2) ~= "RS" then
278 
+            return false, "not-allowed", "'kid' claim only support with RS family";
279 
+        end
273 
         pubKey = self:get_public_key(kid);
 280 
         pubKey = self:get_public_key(kid);
274 
         if pubKey == nil then
 281 
         if pubKey == nil then
275 
             return false, "not-allowed", "could not obtain public key";
 282 
             return false, "not-allowed", "could not obtain public key";

Write Preview
Loading…
Cancel
Save