Fixup: Support []crytpo.PublicKey in ed25519

golang-jwt · Mar 1, 2022 · 2167225 · 2167225
1 parent 27eab99
commit 2167225
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 9 deletions.
diff --git a/ed25519.go b/ed25519.go
@@ -34,27 +34,37 @@ func (m *SigningMethodEd25519) Alg() string {
 
 // Verify implements token verification for the SigningMethod.
 // For this verify method, key must be an ed25519.PublicKey
-// For this verify method, key must be in types of either ed25519.PublicKey or
-// []ed25519.PublicKey (for rotation keys), and each key must be of the size
-// ed25519.PublicKeySize.
+// For this verify method, key must be in types of one of ed25519.PublicKey,
+// []ed25519.PublicKey, or []crypto.PublicKey (slice types for rotation keys),
+// and each key must be of the size ed25519.PublicKeySize.
 func (m *SigningMethodEd25519) Verify(signingString, signature string, key interface{}) error {
 	var err error
 
-	var keys []ed25519.PublicKey
+	var cryptoKeys []crypto.PublicKey
 	switch v := key.(type) {
 	case ed25519.PublicKey:
-		keys = append(keys, v)
+		cryptoKeys = append(cryptoKeys, v)
 	case []ed25519.PublicKey:
-		keys = v
+		for _, k := range v {
+			cryptoKeys = append(cryptoKeys, k)
+		}
+	case []crypto.PublicKey:
+		cryptoKeys = v
 	}
-	if len(keys) == 0 {
+	if len(cryptoKeys) == 0 {
 		return ErrInvalidKeyType
 	}
 
-	for _, ed25519Key := range keys {
+	keys := make([]ed25519.PublicKey, len(cryptoKeys))
+	for i, key := range cryptoKeys {
+		ed25519Key, ok := key.(ed25519.PublicKey)
+		if !ok {
+			return ErrInvalidKey
+		}
 		if len(ed25519Key) != ed25519.PublicKeySize {
 			return ErrInvalidKey
 		}
+		keys[i] = ed25519Key
 	}
 
 	// Decode the signature

diff --git a/ed25519_test.go b/ed25519_test.go
@@ -1,6 +1,7 @@
 package jwt_test
 
 import (
+	"crypto"
 	"crypto/ed25519"
 	"io/ioutil"
 	"strings"
@@ -90,7 +91,15 @@ MCowBQYDK2VwAyEADXYgR79f8XWn19vwmxtYb/H4hFiaQDBm1xUsgaqr/3Q=
 			ed25519Key.(ed25519.PublicKey),
 		})
 		if err != nil {
-			t.Errorf("[%v] Error while verifying invalid+valid keys: %v", data.name, err)
+			t.Errorf("[%v] Error while verifying invalid+valid ed25519 keys: %v", data.name, err)
+		}
+
+		err = method.Verify(strings.Join(parts[0:2], "."), parts[2], []crypto.PublicKey{
+			invalidKey,
+			ed25519Key,
+		})
+		if err != nil {
+			t.Errorf("[%v] Error while verifying invalid+valid crypto keys: %v", data.name, err)
 		}
 	}
 }