Kong: Bug at Resty.OpenSSL.Digest from Kong 2.1.0 Alpha 1
Summary
I have a custom plugin to sign JWTs that uses the "openssl.digest", new this package is in "resty.openssl.digest", I had fix it and now I get the error:
2020/05/21 12:36:41 [error] 3622#0: *10946 lua coroutine: runtime error: /usr/local/share/lua/5.1/resty/openssl/digest.lua:47: attempt to index local 'l' (a boolean value)
stack traceback:
coroutine 0:
/usr/local/share/lua/5.1/resty/openssl/digest.lua: in function 'istype'
/usr/local/share/lua/5.1/resty/openssl/pkey.lua:410: in function 'sign'
.../5.1/kong/plugins/kong-gluu-oauth-jwt-signer/handler.lua:116: in function 'sign'
.../5.1/kong/plugins/kong-gluu-oauth-jwt-signer/handler.lua:215: in function 'authorize'
.../5.1/kong/plugins/kong-gluu-oauth-jwt-signer/handler.lua:242: in function <.../5.1/kong/plugins/kong-gluu-oauth-jwt-signer/handler.lua:55>
coroutine 1:
[C]: in function 'resume'
coroutine.wrap:21: in function <coroutine.wrap:21>
/usr/local/share/lua/5.1/kong/init.lua:700: in function 'access'
Plugin Code:
return data .. "." .. encode_base64(openssl_pkey.new(key):sign(openssl_digest.new("sha512"):update(data))):gsub("+", "-"):gsub("/", "_"):gsub("==$", ""):gsub("=$", "")
Additional Details & Logs
- Kong version: 2.1.0alpha.1
- Operating system: CentOS 7
carnei-ro
All 4 comments
~Hi @carnei-ro. Thanks for opening this issue. ~I'm not sure I followed the issue here; could you elaborate?~ Given this is a potential issue in an external library, could you reopen the issue in the library's repository? https://github.com/fffonion/lua-resty-openssl
gszr
on 21 May 2020
Just an update for someone who is facing the same issue:
#!/usr/local/openresty/bin/resty
local key = [[-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAl1jmtJpW9GlMeOjbU0B1qegDT746UM/qocPHbu9lHAL2pt6y
WRbUwEBOKl8k8g8JqBXDvH2nKOZiVKbHBX332uKWwuhAK61r1ydSG3TklVpL2nrC
SraayHzLxYLt3s4XtPpStgwnk3pHrupn+lHsE990LTwC5IJkSUxU2faNoxO0rqC/
qLQcokffLRNX2kkhMprqiTM3PNMDYGDDyVsIyTqQkV6t/4EDEQ3gPxP1rcQ832sA
0t2KzAt9ESppXQ1T3oWWGgiEv6L3gAl0nsFxlUspqN6V/ZYtkaBtKyoB2dOMq4Zz
cj8dXTeH2XKLComhKl2E9kR/ByxKNznUt5ntowIDAQABAoIBAGFcCDVgH9XksxQI
v6aDje252f9/YOZBii970RyVFdb6NQ9NrS9QV5ZBB8eMIykv8UdWkO79af4Ojmzk
SJ1I1pvRLai+XSF70ya6HcCZ5r4JM0idtcT4SQP1++PYAQtWSrvaWEDR+teNTvW/
xxmpf5OdKJA8zaOQGdFpMCBy0dR4SH0njRK/06wKjtflD4Wb7ON3F8ItP1aGWabR
gOPTupBBtyRXkXT3v9f5pYzoh33uFMLNPz5BAqtzV4I6WMzzmPsQDj8Gs2/U3fiz
uvTjFDXAPzLzsbXQ1+g1rkWHoZW6PVLKJxYnBawT07Me2V8aOVoP/159q0EgyllZ
hS0MflkCgYEAxs7Mux4R9LMQgayDCYQLU7klZ5volbL0e+0ec03DmGGym0vp2n0n
ji7A3bGK9GiPRahw/tHhrfh4DsMBpXEypef0TboV1ejZrLInjZ3F/xsDlihhWk1D
Zw/PSDDHQmIGxvwJYF1IAUv5h/h8mOUMBwx2J4YUavEqRH8E0OGTVA0CgYEAwuLe
whdQ4Fl3lHpEcV6kh6pdc6psgtOVCqoaSCTBLvUx6v8o4C9N2PsK0bqGJHsEBOb+
LFF8+jH08gVnBJIcKcENc8jpyMhSApbuLSvHevMQ5uWhFfVyTFO4DQ1YCSibTq5t
2icXHIjIln01YsGyFnmJuOIjsU9V8zj+hoaPbG8CgYBNuZAFH855UoCDkgRw9fTP
uLTM+wFFdX9r69pZze9IZfnECTvWNdP/HHw+sCjZQP+yhhYXKcsHjvqxGsBMBCN/
BV5X/QaIaM6hW81m6mX8RH10eTkGauqNInsxiBB+/YAUz3iC+jUqfJ+D7zwXMoUv
REn1TdAxtzOFL/ucBnTpCQKBgEVyhyLvIBjyiNRWRbGIomTd5vNi1cxBDamBOGBh
CJ5tLd6qEqzg7oLV4uMd7tNtKt98WTL9zuVxi/H6zt0oG/UdIGgUPosYJ3FYy4M5
SJqdp3ZAegjTMGnWo42zJZ4N5FpDek31BB1c+O33rGCG2al8ogFKRKHYva4wrzLN
HKrtAoGASm/hPtY/G8X2Z7hg40+GbxbusHgwuXUdtupOAZj038gpfJ0eINcQRAl1
BlDB7bcwcs6xDrC5zYzal5qNHDhM8ijkfQiJld27L94AuoxmasEGzPtSwsOK9A9V
CFWwQqWLKh78SIvL1EvMEx3/Jxi4rJE4p/W2db2Wljy7MfZ2/uQ=
-----END RSA PRIVATE KEY-----]]
local json = require("cjson")
local openssl_digest = require "resty.openssl.digest"
local openssl_pkey = require "resty.openssl.pkey"
local encode_base64 = ngx.encode_base64
local headers={}
headers['alg']='RS512'
headers['typ']='JWT'
local claims={}
claims['sub']='3414de32-9b83-11ea-bb37-0242ac130002'
claims['foo']='bar'
local h = encode_base64(json.encode(headers)):gsub("==$", ""):gsub("=$", "")
local c = encode_base64(json.encode(claims)):gsub("==$", ""):gsub("=$", "")
local data = h .. '.' .. c
-- this does not work
--print(data .. "." .. encode_base64(pkey:sign(openssl_digest.new("sha512"):update(data))):gsub("+", "-"):gsub("/", "_"):gsub("==$", ""):gsub("=$", ""))
-- this works
local pkey = openssl_pkey.new(key)
local digest = openssl_digest.new("sha512")
digest:update(data)
local signature, err = pkey:sign(digest)
if err then
return nil, err
end
print(data .. ".".. encode_base64(signature):gsub("+", "-"):gsub("/", "_"):gsub("==$", ""):gsub("=$", ""))
👍1
Thanks @carnei-ro. @fffonion could you have a look at this?
gszr
on 21 May 2020
👍1
@carnei-ro There's some API difference between lua-resty-openssl and luaossl. In your case, digest:update() returns ok, err not the digest instance it self.
If you are in the progress of migrating, you can also enable the luaossl_compat mode. But it's not needed for applications that starts from scratch.
fffonion
on 22 May 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
xiaochai
路
3Comments
ghost
路
3Comments
vikaskmr1008
路
3Comments
rucciva
路
3Comments
gopirajum
路
3Comments