Add ability to sign JWS' during intruder attack #21
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for your PR. I think adding signing to the payload processor is a great idea. I'll have a look at your changes over the weekend. |
|
Hi, I've had an initial look at the PR and like what it's trying to do. Please can you add com.blackberry.jwteditor.utils.Constants and I'll merge the PR. Thank you again for the submission. |
|
Sorry for forgetting the file. Pushed it now :) You're welcome and also thanks to you for creating this extension in the first place. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds another Intruder setting to select a configured signing key. If one is selected when
processPayloadis called, the JWS is signed with the key. If any error happens, we fall back to the current behavior of using the original signature.Feel free to give feedback, or make adjustments to the code, as I have not coded in Java in years.