aboutsummaryrefslogtreecommitdiff
path: root/mod/jwt.cxx
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2024-02-21 12:38:49 +0200
committerFrancois Kritzinger <francois@codesynthesis.com>2024-10-15 09:05:27 +0200
commit80626fde3bb2a6b013d4a3dd75eab55c6913f64e (patch)
tree1947daa3d606b216a893d30ca1a8141475021fea /mod/jwt.cxx
parentf301ff524fc245c79176004bdcedd5e3f6802f32 (diff)
Review: JWT
Diffstat (limited to 'mod/jwt.cxx')
-rw-r--r--mod/jwt.cxx47
1 files changed, 28 insertions, 19 deletions
diff --git a/mod/jwt.cxx b/mod/jwt.cxx
index e70752e..0c9c1f6 100644
--- a/mod/jwt.cxx
+++ b/mod/jwt.cxx
@@ -122,15 +122,19 @@ gen_jwt (const options::openssl_options& o,
process_env (o.openssl (), o.openssl_envvar ()),
"dgst", o.openssl_option (), "-sha256", "-sign", pk);
+ ifdstream err (move (errp.in));
+
vector<char> bs; // Binary signature (openssl output).
string et; // Openssl stderr text.
try
{
// In case of exception, skip and close input after output.
//
+ // Note: re-open in/out so that they get automaitcally closed on
+ // exception.
+ //
ifdstream in (os.in.release (), fdstream_mode::skip);
ofdstream out (os.out.release ());
- ifdstream err (move (errp.in));
// Write the concatenated header and payload to openssl's input.
//
@@ -141,40 +145,45 @@ gen_jwt (const options::openssl_options& o,
//
bs = in.read_binary ();
in.close ();
-
- if (!os.wait ())
- et = err.read_text ();
-
- err.close ();
}
catch (const io_error& e)
{
- // IO failure, child exit status doesn't matter. Just wait for the
- // process completion and throw.
+ // If the process exits with non-zero status, assume the IO error is due
+ // to that and fall through.
//
- os.wait ();
-
- throw_generic_error (e.code ().value (),
- ("unable to communicate with " +
- o.openssl ().string () + ": " + e.what ())
- .c_str ());
+ if (os.wait ())
+ {
+ throw_generic_error (
+ e.code ().value (),
+ ("unable to read/write openssl stdout/stdin: " + e.what ()).c_str ());
+ }
}
if (!os.wait ())
{
+ et = err.read_text ();
throw_generic_error (
- EINVAL,
- (o.openssl ().string () + " failed: " + et).c_str ());
+ EINVAL,
+ ("non-zero openssl exit status: " + et).c_str ());
}
+ err.close ();
+
s = base64url_encode (bs);
}
catch (const process_error& e)
{
throw_generic_error (
- e.code ().value (),
- ("unable to execute " + o.openssl ().string () + ": " + e.what ())
- .c_str ());
+ e.code ().value (),
+ ("unable to execute openssl: " + e.what ()).c_str ());
+ }
+ catch (const io_error& e)
+ {
+ // Unable to read diagnostics from stderr.
+ //
+ throw_generic_error (
+ e.code ().value (),
+ ("unable to read openssl stderr : " + e.what ()).c_str ());
}
return h + '.' + p + '.' + s; // Return the token.