MINOR: jwt: Do not rely on enum order anymore

Replace the test based on the enum value of the algorithm by an explicit switch statement in case someone reorders it for some reason (while still managing not to break the regtest).
2025-01-31 02:22:07 +00:00 · 2021-10-18 15:14:48 +02:00 · 2021-10-18 15:14:48 +02:00 · 8abed17a34
commit 8abed17a34
parent 1c891bcc90
1 changed files with 18 additions and 3 deletions
--- a/src/jwt.c
+++ b/src/jwt.c
@ -338,18 +338,33 @@ enum jwt_vrfy_status jwt_verify(const struct buffer *token, const struct buffer

 	/* We have all three sections, signature calculation can begin. */

-	if (ctx.alg <= JWS_ALG_HS512) {
+	switch(ctx.alg) {
+
+	case JWS_ALG_HS256:
+	case JWS_ALG_HS384:
+	case JWS_ALG_HS512:
 		/* HMAC + SHA-XXX */
 		retval = jwt_jwsverify_hmac(&ctx, decoded_sig);
-	} else if (ctx.alg <= JWS_ALG_ES512) {
+		break;
+	case JWS_ALG_RS256:
+	case JWS_ALG_RS384:
+	case JWS_ALG_RS512:
+	case JWS_ALG_ES256:
+	case JWS_ALG_ES384:
+	case JWS_ALG_ES512:
 		/* RSASSA-PKCS1-v1_5 + SHA-XXX */
 		/* ECDSA using P-XXX and SHA-XXX */
 		retval = jwt_jwsverify_rsa_ecdsa(&ctx, decoded_sig);
-	} else if (ctx.alg <= JWS_ALG_PS512) {
+		break;
+	case JWS_ALG_PS256:
+	case JWS_ALG_PS384:
+	case JWS_ALG_PS512:
+	default:
 		/* RSASSA-PSS using SHA-XXX and MGF1 with SHA-XXX */

 		/* Not managed yet */
 		retval = JWT_VRFY_UNMANAGED_ALG;
+		break;
 	}

 end: