I know passing an empty signature does not make sense in the first place but we noticed this during e2e testing in our product and i believe this library should have a guard for it and throw an appropriate error like it does on other cases as well. Like:
throw new Error('JWS is empty)
If you don't mind i can pick this up in a PR. Just lemme know it thats OK.
Another note: A more appropriate string check in TS would be if (typeof signature !== 'string') {...} i believe. Not sure if there's a reason behind the check on signature.split
Code in question: https://github.com/transmute-industries/verifiable-data/blob/main/packages/jose-ld/src/JWS/createVerifier.ts#L3-L20
If the
verify
function increateVerifer
is passed an empty string it passes the initial guard ofas an empty signature string
""
still possesses the split function. This is then passed to the JSON.parse function which explodes as a result.I know passing an empty signature does not make sense in the first place but we noticed this during e2e testing in our product and i believe this library should have a guard for it and throw an appropriate error like it does on other cases as well. Like:
If you don't mind i can pick this up in a PR. Just lemme know it thats OK.