From 71279f548d2818ad05b08e6f4f8584d7885f4e97 Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Tue, 10 Oct 2023 19:19:20 +0800
Subject: [PATCH] Show cert.Certificate empty error

---
 object/oidc_discovery.go | 9 ++++++++-
 object/saml_idp.go       | 8 ++++++++
 object/token_cas.go      | 4 ++++
 object/token_jwt.go      | 4 ++++
 4 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/object/oidc_discovery.go b/object/oidc_discovery.go
index e1da6a8f..41224111 100644
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@@ -127,9 +127,16 @@ func GetJsonWebKeySet() (jose.JSONWebKeySet, error) {
 			continue
 		}
 
+		if cert.Certificate == "" {
+			return jwks, fmt.Errorf("the certificate field should not be empty for the cert: %v", cert)
+		}
+
 		certPemBlock := []byte(cert.Certificate)
 		certDerBlock, _ := pem.Decode(certPemBlock)
-		x509Cert, _ := x509.ParseCertificate(certDerBlock.Bytes)
+		x509Cert, err := x509.ParseCertificate(certDerBlock.Bytes)
+		if err != nil {
+			return jwks, err
+		}
 
 		var jwk jose.JSONWebKey
 		jwk.Key = x509Cert.PublicKey
diff --git a/object/saml_idp.go b/object/saml_idp.go
index 072fe204..f10f0576 100644
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -200,6 +200,10 @@ func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, e
 		return nil, errors.New("please set a cert for the application first")
 	}
 
+	if cert.Certificate == "" {
+		return nil, fmt.Errorf("the certificate field should not be empty for the cert: %v", cert)
+	}
+
 	block, _ := pem.Decode([]byte(cert.Certificate))
 	certificate := base64.StdEncoding.EncodeToString(block.Bytes)
 
@@ -288,6 +292,10 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 		return "", "", "", err
 	}
 
+	if cert.Certificate == "" {
+		return "", "", "", fmt.Errorf("the certificate field should not be empty for the cert: %v", cert)
+	}
+
 	block, _ := pem.Decode([]byte(cert.Certificate))
 	certificate := base64.StdEncoding.EncodeToString(block.Bytes)
 
diff --git a/object/token_cas.go b/object/token_cas.go
index 81c08f1d..e8fb55d3 100644
--- a/object/token_cas.go
+++ b/object/token_cas.go
@@ -286,6 +286,10 @@ func GetValidationBySaml(samlRequest string, host string) (string, string, error
 		return "", "", err
 	}
 
+	if cert.Certificate == "" {
+		return "", "", fmt.Errorf("the certificate field should not be empty for the cert: %v", cert)
+	}
+
 	block, _ := pem.Decode([]byte(cert.Certificate))
 	certificate := base64.StdEncoding.EncodeToString(block.Bytes)
 	randomKeyStore := &X509Key{
diff --git a/object/token_jwt.go b/object/token_jwt.go
index 13961643..169d015b 100644
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -368,6 +368,10 @@ func ParseJwtToken(token string, cert *Cert) (*Claims, error) {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
 
+		if cert.Certificate == "" {
+			return nil, fmt.Errorf("the certificate field should not be empty for the cert: %v", cert)
+		}
+
 		// RSA certificate
 		certificate, err := jwt.ParseRSAPublicKeyFromPEM([]byte(cert.Certificate))
 		if err != nil {