Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: JWK provisioner with Key ID that begins with - interpereted as flag #1599

Open
4x0v7 opened this issue Oct 24, 2023 · 0 comments
Open

[Bug]: JWK provisioner with Key ID that begins with - interpereted as flag #1599

4x0v7 opened this issue Oct 24, 2023 · 0 comments
Assignees
@hslatman
Labels
bug needs triage Waiting for discussion / prioritization by team
Milestone
v0.26.2

Comments

@4x0v7
Copy link

4x0v7 commented Oct 24, 2023
edited

Steps to Reproduce

Add a provisioner with a Key ID that has a - character at the start.
I'm not sure how many generations of provisioner keys this may take, it just happened to be the first one generated on bringing up my compose stack.

Try to retrieve and print the provisioning key:

step ca provisioner jwe-key "-nAsFs068iXyne5_yY9Do_3nDINu-Qnu-9jP3vH7UtQ"
Incorrect Usage: flag provided but not defined: -nAsFs068iXyne5_yY9Do_3nDINu-Qnu-9jP3vH7UtQ

Generate a new JWK provisioner and verify the command works (provided that the generated kid does not start with a -

step ca provisioner add admin2 --create

# (reload config with SIGHUP, I do this with my compose stack `docker compose kill --signal SIGHUP step-ca`)

NEW_PROVISIONER=$(step ca provisioner list | jq -r '. | map(select(.name == "admin2") .key.kid) | .[]')

step ca provisioner jwe-key $NEW_PROVISIONER
eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoiX3hBYWNjMXB3Q05FbDgxdC1iSVJydyJ9.0I697MUERgBeRVwaMM-FOnaHLEyL-IHlUE5ZvXDZJ8tydcvbqlBn6A.QPMr0L_LI1wL2dKl.1PqvBGzuGfp-ZTeyC0zH8Yp5VTOLgSnabhaAZcGBXQlOLRGuwrvpsS5DJj5TML-3ga8xozvddAO7xJqhDJTil4GV8H7PF7vcvI8h77ojzQ1iIHlsXshYJjuRlD0oHV8yyiiKFaHPlHKJCg21sZyCd3ss-FIhlPBqkzG6C5k7Ul90r2NOMiA8_e_1HP6piaiWssgiBP1gY03TFuigx5HwKzHsllLBoIjPpXvCgncljDjHc5usDVKsZ-KNuO_4APbFLyMD4Eu4tSPLvBVsS0_1XrEyanH8M4Ul_qmCF0fBKSz91CGhXdlfDzQExzy0prTjC1PdDdPxl5bfxNXJ0xM.eOk9do9Y9I_xgLi0L6QgUA

Your Environment

  • OS - Linux / Docker (smallstep/step-ca:0.25.0@sha256:9cdef9c9daecf71d87d23d83a57712867e6c08d4f9ecad998d4bc6239f2218dd )
  • step-ca Version - 0.25.0

Expected Behavior

The key is printed

Actual Behavior

Incorrect Usage: flag provided but not defined: -nAsFs068iXyne5_yY9Do_3nDINu-Qnu-9jP3vH7UtQ

Additional Context

This happens with step-cli 0.25.0 talking to a step-ca server running in Docker, also running the same command with step directly in the CA container.

My provisioner looks like this:

{
  "type": "JWK",
  "name": "admin",
  "key": {
    "use": "sig",
    "kty": "EC",
    "kid": "-nAsFs068iXyne5_yY9Do_3nDINu-Qnu-9jP3vH7UtQ",
    "crv": "P-256",
    "alg": "ES256",
    "x": "OOXgCFfqJUTY3LkY0fSTFSI5UWkv-Jf1f5R8ZmXHz0g",
    "y": "xSa_cfDJeAnrtB2JUdKMbMYMlkllw5K9PwFgi-g0Kt4"
  },
  "encryptedKey": "<redacted>"
}

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@4x0v7 4x0v7 added bug needs triage Waiting for discussion / prioritization by team labels Oct 24, 2023
@4x0v7 4x0v7 changed the title [Bug]: JWK kid that begins with - interpereted as flag [Bug]: JWK provisioner with Key ID that begins with - interpereted as flag Oct 24, 2023
@hslatman hslatman self-assigned this Oct 24, 2023
@hslatman hslatman added this to the v0.25.1 milestone Oct 24, 2023
@hslatman hslatman modified the milestones: v0.25.1, v0.25.2 Nov 29, 2023
@hslatman hslatman modified the milestones: v0.26.0, v0.26.1 Mar 29, 2024
@hslatman hslatman modified the milestones: v0.26.1, v0.26.2 Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hslatman hslatman

Labels
bug needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
v0.26.2
Development

No branches or pull requests
2 participants
@hslatman @4x0v7