From e274e5368af11f6375d64b6fd33e3d881aecb841 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 15 Mar 2019 13:59:55 -0600 Subject: [PATCH] v1.2.1: better trusted issuer normalization --- keyfetch-test.js | 2 ++ keyfetch.js | 3 ++- package.json | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/keyfetch-test.js b/keyfetch-test.js index 07d0bde..18bd9fa 100644 --- a/keyfetch-test.js +++ b/keyfetch-test.js @@ -41,6 +41,8 @@ keypairs.generate().then(function (pair) { , keyfetch.jwt.verify(jwt, { jwks: [pair.public] }) , keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['https://example.com/'] }) , keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['https://example.com'] }) + , keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['example.com'] }) + , keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['example.com/'] }) , keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['*'] }) , keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['http://example.com'] }) .then(e("bad scheme")).catch(throwIfNotExpected) diff --git a/keyfetch.js b/keyfetch.js index b4a95b5..44c5286 100644 --- a/keyfetch.js +++ b/keyfetch.js @@ -386,7 +386,8 @@ function ecdsaAsn1SigToJwtSig(header, b64sig) { function isTrustedIssuer(issuer) { return function (trusted) { if ('*' === trusted) { return true; } - // TODO normalize and account for '*' + // TODO account for '*.example.com' + trusted = (/^http(s?):\/\//.test(trusted) ? trusted : ('https://' + trusted)); return issuer.replace(/\/$/, '') === trusted.replace(/\/$/, '') && trusted; }; } diff --git a/package.json b/package.json index 8d23a13..4172505 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "keyfetch", - "version": "1.2.0", + "version": "1.2.1", "description": "Lightweight support for fetching JWKs.", "homepage": "https://git.coolaj86.com/coolaj86/keyfetch.js", "main": "keyfetch.js",