Re: Review Request 66621: Add alg RS256 support for JWT generator and validator.

Mon, 16 Apr 2018 02:26:38 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66621/#review201187
-----------------------------------------------------------



I haven't review it very thoroughly yet, but I found something that needs to be 
fixed. SSL support is an optional configurable feature (`--with-ssl` in the 
configure options). Since your patch depends on SSL, you need the guards to 
enable the feature just when SSL is enabled.

- Alexander Rojas


On April 15, 2018, 12:19 a.m., Clément Michaud wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66621/
> -----------------------------------------------------------
> 
> (Updated April 15, 2018, 12:19 a.m.)
> 
> 
> Review request for mesos.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/MESOS-8788
>     
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/MESOS-8788
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Add alg RS256 support for JWT generator and validator.
> 
> Currently, the JWT library only supports unsecured and HS256 tokens. I 
> implemented RS256 to use asymmetrical keys so that Mesos can use it at some 
> point.
> 
> https://issues.apache.org/jira/browse/MESOS-8788
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/include/process/jwt.hpp 
> 768cbf6fa91537ff9f45f236f4033097c5cea959 
>   3rdparty/libprocess/include/process/ssl/utilities.hpp 
> b7cc31c33fd35c93754407f8b350eeb993177f1d 
>   3rdparty/libprocess/src/jwt.cpp 921031e6fe3ced5a6be6bc96190fae6d8282ae26 
>   3rdparty/libprocess/src/ssl/utilities.cpp 
> 4d3727daf53ec62a19255da5a9804d342e770ec2 
>   3rdparty/libprocess/src/tests/jwt_keys.hpp PRE-CREATION 
>   3rdparty/libprocess/src/tests/jwt_tests.cpp 
> eb36a9aed3b11208c7cdc6f20b5347f46821a207 
> 
> 
> Diff: https://reviews.apache.org/r/66621/diff/1/
> 
> 
> Testing
> -------
> 
> I've added the same tests than the ones for HS256 (i.e., validation in 
> following cases: bad header, bad payload, unknown alg, unsupported alg, valid 
> token etc.. and creation of a valid token).
> 
> 
> Thanks,
> 
> Clément Michaud
> 
>

Reply via email to