Merge pull request #9 from luthersystems/jack-clarke-luthersystems/fi…

…x-web-key-retrieval-panic check for nil retrieveWebKeysFn and error if no webKeys
luthersystems · Nov 29, 2024 · 9291b67 · 9291b67
2 parents 879ab1f + 5ab4895
commit 9291b67
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/jwk/rs256.go b/jwk/rs256.go
@@ -8,6 +8,7 @@ import (
 	"crypto/rsa"
 	"encoding/base64"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"io"
 	"math/big"
@@ -263,17 +264,30 @@ func newHTTPClient() *http.Client {
 
 func (s *Settings) retrieveWebKeys(issuer string) (*gojwk.Key, error) {
 	if issuer == "" {
-		return nil, fmt.Errorf("invalid issuer")
+		return nil, errors.New("invalid issuer")
 	}
 	if s.retrieveWebKeysFn == nil && s.issuerToWebKeyURLFn == nil {
-		return nil, fmt.Errorf("missing all web key fns")
+		return nil, errors.New("missing all web key fns")
 	}
 	if s.issuerToWebKeyURLFn == nil {
 		return s.retrieveWebKeysFn(issuer)
 	}
 
 	webKeyURL, err := s.issuerToWebKeyURLFn(issuer)
-	if err != nil || webKeyURL == "" {
+
+	if err != nil {
+		if s.retrieveWebKeysFn == nil {
+			return nil, fmt.Errorf(
+				"retrieveWebKeysFn is not defined, and issuerToWebKeyURLFn failed: %w", err,
+			)
+		}
+		return s.retrieveWebKeysFn(issuer)
+	}
+
+	if webKeyURL == "" {
+		if s.retrieveWebKeysFn == nil {
+			return nil, errors.New("retrieveWebKeysFn is not defined and webKeyURL is empty")
+		}
 		return s.retrieveWebKeysFn(issuer)
 	}