diff --git a/go.mod b/go.mod index ff9c0d72..d9a490b0 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/golang/protobuf v1.4.2 // indirect github.com/klauspost/compress v1.11.12 github.com/minio/highwayhash v1.0.1 - github.com/nats-io/jwt/v2 v2.0.1 + github.com/nats-io/jwt/v2 v2.0.2 github.com/nats-io/nats.go v1.10.1-0.20210419223411-20527524c393 github.com/nats-io/nkeys v0.3.0 github.com/nats-io/nuid v1.0.1 diff --git a/go.sum b/go.sum index 9c617a6c..7df6a1ba 100644 --- a/go.sum +++ b/go.sum @@ -14,8 +14,8 @@ github.com/minio/highwayhash v1.0.1 h1:dZ6IIu8Z14VlC0VpfKofAhCy74wu/Qb5gcn52yWoz github.com/minio/highwayhash v1.0.1/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= github.com/nats-io/jwt v1.2.2 h1:w3GMTO969dFg+UOKTmmyuu7IGdusK+7Ytlt//OYH/uU= github.com/nats-io/jwt v1.2.2/go.mod h1:/xX356yQA6LuXI9xWW7mZNpxgF2mBmGecH+Fj34sP5Q= -github.com/nats-io/jwt/v2 v2.0.1 h1:SycklijeduR742i/1Y3nRhURYM7imDzZZ3+tuAQqhQA= -github.com/nats-io/jwt/v2 v2.0.1/go.mod h1:VRP+deawSXyhNjXmxPCHskrR6Mq50BqpEI5SEcNiGlY= +github.com/nats-io/jwt/v2 v2.0.2 h1:ejVCLO8gu6/4bOKIHQpmB5UhhUJfAQw55yvLWpfmKjI= +github.com/nats-io/jwt/v2 v2.0.2/go.mod h1:VRP+deawSXyhNjXmxPCHskrR6Mq50BqpEI5SEcNiGlY= github.com/nats-io/nats.go v1.10.1-0.20210419223411-20527524c393 h1:GQxfDz4otI9mde5QqJlpyRNpa2tfURHiPy0YLf7hy4c= github.com/nats-io/nats.go v1.10.1-0.20210419223411-20527524c393/go.mod h1:BPko4oXsySz4aSWeFgOHLZs3G4Jq4ZAyE6/zMCxRT6w= github.com/nats-io/nkeys v0.2.0/go.mod h1:XdZpAbhgyyODYqjTawOnIOI7VlbKSarI9Gfy1tqEu/s= diff --git a/server/jwt.go b/server/jwt.go index a41f79d7..538af9b9 100644 --- a/server/jwt.go +++ b/server/jwt.go @@ -17,7 +17,6 @@ import ( "fmt" "io/ioutil" "net" - "regexp" "strings" "time" @@ -25,8 +24,6 @@ import ( "github.com/nats-io/nkeys" ) -var nscDecoratedRe = regexp.MustCompile(`\s*(?:(?:[-]{3,}[^\n]*[-]{3,}\n)(.+)(?:\n\s*[-]{3,}[^\n]*[-]{3,}[\n]*))`) - // All JWTs once encoded start with this const jwtPrefix = "eyJ" @@ -48,17 +45,9 @@ func readOperatorJWT(jwtfile string) (string, *jwt.OperatorClaims, error) { } defer wipeSlice(contents) - var theJWT string - items := nscDecoratedRe.FindAllSubmatch(contents, -1) - if len(items) == 0 { - theJWT = string(contents) - } else { - // First result should be the JWT. - // We copy here so that if the file contained a seed file too we wipe appropriately. - raw := items[0][1] - tmp := make([]byte, len(raw)) - copy(tmp, raw) - theJWT = string(tmp) + theJWT, err := jwt.ParseDecoratedJWT(contents) + if err != nil { + return "", nil, err } opc, err := jwt.DecodeOperatorClaims(theJWT) if err != nil { diff --git a/vendor/github.com/nats-io/jwt/v2/creds_utils.go b/vendor/github.com/nats-io/jwt/v2/creds_utils.go index 93ba6d18..c532c887 100644 --- a/vendor/github.com/nats-io/jwt/v2/creds_utils.go +++ b/vendor/github.com/nats-io/jwt/v2/creds_utils.go @@ -97,7 +97,7 @@ NKEYs are sensitive and should be treated as secrets. return w.Bytes(), nil } -var userConfigRE = regexp.MustCompile(`\s*(?:(?:[-]{3,}.*[-]{3,}\r?\n)([\w\-.=]+)(?:\r?\n[-]{3,}.*[-]{3,}\r?\n))`) +var userConfigRE = regexp.MustCompile(`\s*(?:(?:[-]{3,}.*[-]{3,}\r?\n)([\w\-.=]+)(?:\r?\n[-]{3,}.*[-]{3,}(\r?\n|\z)))`) // An user config file looks like this: // -----BEGIN NATS USER JWT----- diff --git a/vendor/github.com/nats-io/jwt/v2/header.go b/vendor/github.com/nats-io/jwt/v2/header.go index a1063467..2fd587ca 100644 --- a/vendor/github.com/nats-io/jwt/v2/header.go +++ b/vendor/github.com/nats-io/jwt/v2/header.go @@ -23,7 +23,7 @@ import ( const ( // Version is semantic version. - Version = "2.0.1" + Version = "2.0.2" // TokenTypeJwt is the JWT token type supported JWT tokens // encoded and decoded by this library diff --git a/vendor/modules.txt b/vendor/modules.txt index f4dbbff6..fa549e09 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -6,7 +6,7 @@ github.com/klauspost/compress/s2 # github.com/minio/highwayhash v1.0.1 ## explicit github.com/minio/highwayhash -# github.com/nats-io/jwt/v2 v2.0.1 +# github.com/nats-io/jwt/v2 v2.0.2 ## explicit github.com/nats-io/jwt/v2 # github.com/nats-io/nats.go v1.10.1-0.20210419223411-20527524c393