yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(jwt_worker): handle exceptions when decoding jwk from pem 

Returns a more controlled error if users attempt to use the Service
Account JSON from the GCP PubSub example from swagger, which is
redacted.
This commit is contained in:
Thales Macedo Garitezi 2023-01-19 09:24:45 -03:00
parent e8910c9748
commit d755b43c77
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/emqx_connector/src/emqx_connector_jwt_worker.erl
View File

@ -120,7 +120,7 @@ init(#{private_key := PrivateKeyPEM} = Config) ->
handle_continue({make_key, PrivateKeyPEM}, State0) -> handle_continue({make_key, PrivateKeyPEM}, State0) ->
?tp(connector_jwt_worker_make_key, #{state => State0}), ?tp(connector_jwt_worker_make_key, #{state => State0}),
case jose_jwk:from_pem(PrivateKeyPEM) of try jose_jwk:from_pem(PrivateKeyPEM) of
JWK = #jose_jwk{} -> JWK = #jose_jwk{} ->
State = State0#{jwk := JWK}, State = State0#{jwk := JWK},
{noreply, State, {continue, create_token}}; {noreply, State, {continue, create_token}};
@ -135,6 +135,17 @@ handle_continue({make_key, PrivateKeyPEM}, State0) ->
Error = {invalid_private_key, Error0}, Error = {invalid_private_key, Error0},
?tp(connector_jwt_worker_startup_error, #{error => Error}), ?tp(connector_jwt_worker_startup_error, #{error => Error}),
{stop, {shutdown, {error, Error}}, State0} {stop, {shutdown, {error, Error}}, State0}
catch
Kind:Error ->
?tp(
error,
connector_jwt_worker_startup_error,
#{
kind => Kind,
error => Error
}
),
{stop, {shutdown, {error, Error}}, State0}
end; end;
handle_continue(create_token, State0) -> handle_continue(create_token, State0) ->
State = generate_and_store_jwt(State0), State = generate_and_store_jwt(State0),

20
apps/emqx_connector/test/emqx_connector_jwt_worker_SUITE.erl
View File

@ -364,3 +364,23 @@ t_unknown_requests(_Config) ->
gen_server:cast(Worker, unknown_cast), gen_server:cast(Worker, unknown_cast),
?assertEqual({error, bad_call}, gen_server:call(Worker, unknown_call)), ?assertEqual({error, bad_call}, gen_server:call(Worker, unknown_call)),
ok. ok.
t_truncated_private_key(_Config) ->
Config0 = generate_config(),
Config = Config0#{private_key := <<"-----BEGIN PRIVATE KEY-----\nMIIEvQI...">>},
process_flag(trap_exit, true),
?check_trace(
?wait_async_action(
?assertMatch({ok, _}, emqx_connector_jwt_worker:start_link(Config)),
#{?snk_kind := connector_jwt_worker_startup_error},
1_000
),
fun(Trace) ->
?assertMatch(
[#{error := function_clause}],
?of_kind(connector_jwt_worker_startup_error, Trace)
),
ok
end
),
ok.