yourkarma · lolgear · Jun 8, 2021 · Jun 8, 2021 · Jun 8, 2021 · Jun 8, 2021
diff --git a/Sources/JWT/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m b/Sources/JWT/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m
@@ -8,6 +8,8 @@
 
 #import <JWT/JWTCryptoSecurity.h>
 #import <JWT/JWTCryptoSecurity+ErrorHandling.h>
+#import <JWT/JWTErrorDescription.h>
+
 @interface JWTMemoryLayout : NSObject
 + (NSString *)typeUInt8;
 + (NSString *)typeCUnsignedChar;
@@ -129,18 +131,28 @@ + (SecKeyRef)keyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; {
     return NULL;
 }
 
-+ (void)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; {
++ (BOOL)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; {
     NSData *tagData = [tag dataUsingEncoding:NSUTF8StringEncoding];
     if (tagData == nil) {
         // tell that nothing to remove.
-        return;
+        if (error) {
+            *error = [JWTErrorDescription errorWithCode:JWTUnexpectedError];
+        }
+        return NO;
     }
     NSDictionary *removeAttributes = @{
                                        (__bridge NSString*)kSecClass: (__bridge NSString*)kSecClassKey,
                                        (__bridge NSString*)kSecAttrKeyType: (__bridge NSString*)kSecAttrKeyTypeRSA,
-                                       (__bridge NSString*)kSecAttrApplicationTag: tagData,
+                                       (__bridge NSString*)kSecAttrApplicationTag: tagData
                                        };
-    SecItemDelete((__bridge CFDictionaryRef)removeAttributes);
+    OSStatus status = SecItemDelete((__bridge CFDictionaryRef)removeAttributes);
+    if (status != errSecSuccess) {
+        if (error) {
+            *error = [NSError errorWithDomain:NSOSStatusErrorDomain code:status userInfo:nil];
+        }
+    }
+    return status != errSecSuccess;
+
 }
 @end
 
@@ -185,6 +197,14 @@ + (OSStatus)extractIdentityAndTrustFromPKCS12:(CFDataRef)inPKCS12Data password:(
                                     optionsDictionary,
                                     &items);                    // 2
 
+    /**
+     @discussion
+     If a pkcs12 that was created with only one private key in it and no certificate was tried used, this just crashed when accessing index 0 with the CFArrayGetValueAtIndex.
+     */
+    if (items != nil && CFArrayGetCount(items) == 0) {
+        securityError = errSecPkcs12VerifyFailure;
+    }
+
     //
     if (securityError == 0) {                                   // 3
         CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);

diff --git a/Sources/JWT/Supplement/JWTErrorDescription.m b/Sources/JWT/Supplement/JWTErrorDescription.m
@@ -12,9 +12,10 @@ @implementation JWTErrorDescription
 + (NSDictionary *)userDescriptionsAndCodes {
     static NSDictionary *userDescriptionsAndCodes = nil;
     return userDescriptionsAndCodes ?: (userDescriptionsAndCodes = @{
+        @(JWTUnexpectedError): @"JWT unexpected error",
         @(JWTInvalidFormatError): @"Invalid format! Try to check your encoding algorithm. Maybe you put too many dots as delimiters?",
         @(JWTUnsupportedAlgorithmError): @"Unsupported algorithm! You could implement it by yourself",
-        @(JWTAlgorithmNameMismatchError) : @"Algorithm doesn't match name in header.",
+        @(JWTAlgorithmNameMismatchError): @"Algorithm doesn't match name in header.",
         @(JWTInvalidSignatureError): @"Invalid signature! It seems that signed part of jwt mismatch generated part by algorithm provided in header.",
         @(JWTNoPayloadError): @"No payload! Hey, forget payload?",
         @(JWTNoHeaderError): @"No header! Hmm",
@@ -27,17 +28,18 @@ + (NSDictionary *)userDescriptionsAndCodes {
         @(JWTBlacklistedAlgorithmError): @"Algorithm in blacklist? Try to check whitelist parameter",
         @(JWTDecodingHeaderError): @"Error decoding the JWT Header segment.",
         @(JWTDecodingPayloadError): @"Error decoding the JWT Payload segment.",
-        @(JWTDecodingHoldersChainEmptyError) : @"Error decoding the JWT algorithm and data holders chain is empty!",
-        @(JWTHolderSecretDataNotSetError) : @"Error encoding/decoding .secretData not set when using sign/verify keys. Bug. Workaround is simple. Set secretData: { holder.secretData([NSData data]); }"
+        @(JWTDecodingHoldersChainEmptyError): @"Error decoding the JWT algorithm and data holders chain is empty!",
+        @(JWTHolderSecretDataNotSetError): @"Error encoding/decoding .secretData not set when using sign/verify keys. Bug. Workaround is simple. Set secretData: { holder.secretData([NSData data]); }"
     });
 }
 
 + (NSDictionary *)errorDescriptionsAndCodes {
     static NSDictionary *errorDescriptionsAndCodes = nil;
     return errorDescriptionsAndCodes ?: (errorDescriptionsAndCodes = @{
+        @(JWTUnexpectedError): @"JWTUnexpectedError",
         @(JWTInvalidFormatError): @"JWTInvalidFormatError",
         @(JWTUnsupportedAlgorithmError): @"JWTUnsupportedAlgorithmError",
-        @(JWTAlgorithmNameMismatchError) :@"JWTAlgorithmNameMismatchError",
+        @(JWTAlgorithmNameMismatchError): @"JWTAlgorithmNameMismatchError",
         @(JWTInvalidSignatureError): @"JWTInvalidSignatureError",
         @(JWTNoPayloadError): @"JWTNoPayloadError",
         @(JWTNoHeaderError): @"JWTNoHeaderError",
@@ -50,8 +52,8 @@ + (NSDictionary *)errorDescriptionsAndCodes {
         @(JWTBlacklistedAlgorithmError): @"JWTBlacklistedAlgorithmError",
         @(JWTDecodingHeaderError): @"JWTDecodingHeaderError",
         @(JWTDecodingPayloadError): @"JWTDecodingPayloadError",
-        @(JWTDecodingHoldersChainEmptyError) :@"JWTDecodingHoldersChainEmptyError",
-        @(JWTHolderSecretDataNotSetError) : @"JWTHolderSecretDataNotSetError"
+        @(JWTDecodingHoldersChainEmptyError): @"JWTDecodingHoldersChainEmptyError",
+        @(JWTHolderSecretDataNotSetError): @"JWTHolderSecretDataNotSetError"
     });
 }
 

diff --git a/Sources/JWT/include/JWT/JWTCryptoSecurity.h b/Sources/JWT/include/JWT/JWTCryptoSecurity.h
@@ -25,7 +25,7 @@
 + (SecKeyRef)addKeyWithData:(NSData *)data asPublic:(BOOL)public tag:(NSString *)tag type:(NSString *)type error:(NSError *__autoreleasing*)error;
 + (SecKeyRef)addKeyWithData:(NSData *)data asPublic:(BOOL)public tag:(NSString *)tag error:(NSError *__autoreleasing*)error;
 + (SecKeyRef)keyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error;
-+ (void)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error;
++ (BOOL)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error;
 @end
 
 @interface JWTCryptoSecurity (Certificates)

diff --git a/Sources/JWT/include/JWT/JWTErrorDescription.h b/Sources/JWT/include/JWT/JWTErrorDescription.h
@@ -11,7 +11,8 @@
 extern NSString *JWTErrorDomain;
 
 typedef NS_ENUM(NSInteger, JWTError) {
-    JWTInvalidFormatError = -100,
+    JWTUnexpectedError = -99,
+    JWTInvalidFormatError,
     JWTUnsupportedAlgorithmError,
     JWTAlgorithmNameMismatchError,
     JWTInvalidSignatureError,