diff --git a/plugins/experimental/uri_signing/jwt.c b/plugins/experimental/uri_signing/jwt.c index f557828a7cf..3f2063bc312 100644 --- a/plugins/experimental/uri_signing/jwt.c +++ b/plugins/experimental/uri_signing/jwt.c @@ -52,6 +52,7 @@ parse_jwt(json_t *raw) } struct jwt *jwt = malloc(sizeof *jwt); + jwt->raw = raw; jwt->iss = json_string_value(json_object_get(raw, "iss")); jwt->sub = json_string_value(json_object_get(raw, "sub")); jwt->aud = json_object_get(raw, "aud"); @@ -76,7 +77,7 @@ jwt_delete(struct jwt *jwt) return; } - json_decref(jwt->aud); + json_decref(jwt->raw); free(jwt); } diff --git a/plugins/experimental/uri_signing/jwt.h b/plugins/experimental/uri_signing/jwt.h index 6f61fc406f6..d3b8e755d14 100644 --- a/plugins/experimental/uri_signing/jwt.h +++ b/plugins/experimental/uri_signing/jwt.h @@ -22,6 +22,7 @@ #include struct jwt { + json_t *raw; const char *iss; const char *sub; json_t *aud; diff --git a/plugins/experimental/uri_signing/parse.c b/plugins/experimental/uri_signing/parse.c index 5636c27559b..4791c80d020 100644 --- a/plugins/experimental/uri_signing/parse.c +++ b/plugins/experimental/uri_signing/parse.c @@ -165,7 +165,7 @@ validate_jws(cjose_jws_t *jws, struct config *cfg, const char *uri, size_t uri_c cjose_err cerr; memset(&cerr, 0, sizeof(cjose_err)); size_t pt_ct; - const char *pt; + char const *pt; if (!cjose_jws_get_plaintext(jws, (uint8_t **)&pt, &pt_ct, &cerr)) { PluginDebug("Cannot get plaintext for %16p", jws); return false; @@ -175,14 +175,20 @@ validate_jws(cjose_jws_t *jws, struct config *cfg, const char *uri, size_t uri_c json_error_t jerr; memset(&jerr, 0, sizeof(json_error_t)); - struct jwt *jwt = parse_jwt(json_loadb(pt, pt_ct, 0, &jerr)); - TimerDebug("parsing jwt"); - if (!jwt) { + json_t *const jwk_json = json_loadb(pt, pt_ct, 0, &jerr); + if (!jwk_json) { if (jerr.text[0]) { - PluginDebug("Cannot parse json for %16p: %.*s '%s'", jws, (int)pt_ct, pt, jerr.text); + PluginDebug("Cannot load json for %16p: %.*s '%s'", jws, (int)pt_ct, pt, jerr.text); } else { - PluginDebug("Cannot parse jwt for %16p: %.*s", jws, (int)pt_ct, pt); + PluginDebug("Cannot load json for %16p: %.*s", jws, (int)pt_ct, pt); } + return false; + } + struct jwt *jwt = parse_jwt(jwk_json); + + TimerDebug("parsing jwt"); + if (!jwt) { + json_decref(jwk_json); return NULL; } diff --git a/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc b/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc index ceec300ca69..9c78ed6426e 100644 --- a/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc +++ b/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc @@ -144,16 +144,20 @@ jwt_parsing_helper(const char *jwt_string) { fprintf(stderr, "Parsing JWT from string: %s\n", jwt_string); bool resp; - json_error_t jerr = {}; - size_t pt_ct = strlen(jwt_string); - struct jwt *jwt = parse_jwt(json_loadb(jwt_string, pt_ct, 0, &jerr)); + json_error_t jerr = {}; + size_t pt_ct = strlen(jwt_string); + struct json_t *const jwk_json = json_loadb(jwt_string, pt_ct, 0, &jerr); + if (!jwk_json) { + return false; + } - if (jwt) { - resp = jwt_validate(jwt); - } else { - resp = false; + struct jwt *jwt = parse_jwt(jwk_json); + if (!jwt) { + json_decref(jwk_json); + return false; } + resp = jwt_validate(jwt); jwt_delete(jwt); return resp; } @@ -601,7 +605,6 @@ TEST_CASE("6", "[AudTests]") json_t *raw = json_loads("{\"aud\": \"tester\"}", 0, err); json_t *aud = json_object_get(raw, "aud"); REQUIRE(jwt_check_aud(aud, "tester")); - json_decref(aud); json_decref(raw); } @@ -610,7 +613,6 @@ TEST_CASE("6", "[AudTests]") json_t *raw = json_loads("{\"aud\": [ \"foo\", \"bar\", \"tester\"]}", 0, err); json_t *aud = json_object_get(raw, "aud"); REQUIRE(jwt_check_aud(aud, "tester")); - json_decref(aud); json_decref(raw); } @@ -619,7 +621,6 @@ TEST_CASE("6", "[AudTests]") json_t *raw = json_loads("{\"aud\": \"foo\"}", 0, err); json_t *aud = json_object_get(raw, "aud"); REQUIRE(!jwt_check_aud(aud, "tester")); - json_decref(aud); json_decref(raw); } @@ -628,7 +629,6 @@ TEST_CASE("6", "[AudTests]") json_t *raw = json_loads("{\"aud\": [\"foo\", \"bar\", \"foobar\"]}", 0, err); json_t *aud = json_object_get(raw, "aud"); REQUIRE(!jwt_check_aud(aud, "tester")); - json_decref(aud); json_decref(raw); } @@ -637,7 +637,6 @@ TEST_CASE("6", "[AudTests]") json_t *raw = json_loads("{\"aud\": 1}", 0, err); json_t *aud = json_object_get(raw, "aud"); REQUIRE(!jwt_check_aud(aud, "tester")); - json_decref(aud); json_decref(raw); } @@ -646,7 +645,6 @@ TEST_CASE("6", "[AudTests]") json_t *raw = json_loads("{\"aud\": [1, \"foo\", \"bar\", \"tester\"]}", 0, err); json_t *aud = json_object_get(raw, "aud"); REQUIRE(jwt_check_aud(aud, "tester")); - json_decref(aud); json_decref(raw); } @@ -655,7 +653,6 @@ TEST_CASE("6", "[AudTests]") json_t *raw = json_loads("{\"aud\": \"TESTer\"}", 0, err); json_t *aud = json_object_get(raw, "aud"); REQUIRE(!jwt_check_aud(aud, "tester")); - json_decref(aud); json_decref(raw); } @@ -664,7 +661,6 @@ TEST_CASE("6", "[AudTests]") json_t *raw = json_loads("{\"aud\": [1, \"foo\", \"bar\", \"Tester\"]}", 0, err); json_t *aud = json_object_get(raw, "aud"); REQUIRE(!jwt_check_aud(aud, "tester")); - json_decref(aud); json_decref(raw); } @@ -700,13 +696,12 @@ jws_validation_helper(const char *url, const char *package, struct config *cfg) return false; } struct jwt *jwt = validate_jws(jws, cfg, uri_strip, strip_ct); - if (jwt) { - jwt_delete(jwt); - cjose_jws_release(jws); - return true; - } cjose_jws_release(jws); - return false; + if (!jwt) { + return false; + } + jwt_delete(jwt); + return true; } TEST_CASE("8", "[TestsWithConfig]")