Skip to content

[Bug]: JWK provisioner with Key ID that begins with - interpereted as flag #1599

New issue
New issue
Open
Open
[Bug]: JWK provisioner with Key ID that begins with - interpereted as flag#1599
Assignees
hslatman
Labels
bugneeds triageWaiting for discussion / prioritization by team
Milestone
v0.28.5
@4x0v7

Description

@4x0v7
4x0v7
opened on Oct 24, 2023

Steps to Reproduce

Add a provisioner with a Key ID that has a - character at the start.
I'm not sure how many generations of provisioner keys this may take, it just happened to be the first one generated on bringing up my compose stack.

Try to retrieve and print the provisioning key:

step ca provisioner jwe-key "-nAsFs068iXyne5_yY9Do_3nDINu-Qnu-9jP3vH7UtQ"
Incorrect Usage: flag provided but not defined: -nAsFs068iXyne5_yY9Do_3nDINu-Qnu-9jP3vH7UtQ

Generate a new JWK provisioner and verify the command works (provided that the generated kid does not start with a -

step ca provisioner add admin2 --create

# (reload config with SIGHUP, I do this with my compose stack `docker compose kill --signal SIGHUP step-ca`)

NEW_PROVISIONER=$(step ca provisioner list | jq -r '. | map(select(.name == "admin2") .key.kid) | .[]')

step ca provisioner jwe-key $NEW_PROVISIONER
eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoiX3hBYWNjMXB3Q05FbDgxdC1iSVJydyJ9.0I697MUERgBeRVwaMM-FOnaHLEyL-IHlUE5ZvXDZJ8tydcvbqlBn6A.QPMr0L_LI1wL2dKl.1PqvBGzuGfp-ZTeyC0zH8Yp5VTOLgSnabhaAZcGBXQlOLRGuwrvpsS5DJj5TML-3ga8xozvddAO7xJqhDJTil4GV8H7PF7vcvI8h77ojzQ1iIHlsXshYJjuRlD0oHV8yyiiKFaHPlHKJCg21sZyCd3ss-FIhlPBqkzG6C5k7Ul90r2NOMiA8_e_1HP6piaiWssgiBP1gY03TFuigx5HwKzHsllLBoIjPpXvCgncljDjHc5usDVKsZ-KNuO_4APbFLyMD4Eu4tSPLvBVsS0_1XrEyanH8M4Ul_qmCF0fBKSz91CGhXdlfDzQExzy0prTjC1PdDdPxl5bfxNXJ0xM.eOk9do9Y9I_xgLi0L6QgUA

Your Environment

  • OS - Linux / Docker (smallstep/step-ca:0.25.0@sha256:9cdef9c9daecf71d87d23d83a57712867e6c08d4f9ecad998d4bc6239f2218dd )
  • step-ca Version - 0.25.0

Expected Behavior

The key is printed

Actual Behavior

Incorrect Usage: flag provided but not defined: -nAsFs068iXyne5_yY9Do_3nDINu-Qnu-9jP3vH7UtQ

Additional Context

This happens with step-cli 0.25.0 talking to a step-ca server running in Docker, also running the same command with step directly in the CA container.

My provisioner looks like this:

{
  "type": "JWK",
  "name": "admin",
  "key": {
    "use": "sig",
    "kty": "EC",
    "kid": "-nAsFs068iXyne5_yY9Do_3nDINu-Qnu-9jP3vH7UtQ",
    "crv": "P-256",
    "alg": "ES256",
    "x": "OOXgCFfqJUTY3LkY0fSTFSI5UWkv-Jf1f5R8ZmXHz0g",
    "y": "xSa_cfDJeAnrtB2JUdKMbMYMlkllw5K9PwFgi-g0Kt4"
  },
  "encryptedKey": "<redacted>"
}

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

Metadata

Metadata

Assignees

Labels

bugneeds triageWaiting for discussion / prioritization by team

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions