From d01b0e5f63621d75833307f5823b6797aa88ab41 Mon Sep 17 00:00:00 2001
From: Yulius Tjahjadi <yulius.tjahjadi@take2games.com>
Date: Fri, 15 Oct 2021 11:01:50 -0700
Subject: [PATCH 1/3] patch to fix undecoded Pem

---
 src/jwt.erl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/jwt.erl b/src/jwt.erl
index b17b679..821eb54 100644
--- a/src/jwt.erl
+++ b/src/jwt.erl
@@ -335,6 +335,8 @@ pem_to_key(Pem) ->
         [_, Key] ->
             Key;
         [Key] ->
-            Key
+            Key;
+        [] ->
+            <<"">>
     end,
     public_key:pem_entry_decode(Decoded).

From 8a227112266be9a6d5865f85fb313f937d271eb2 Mon Sep 17 00:00:00 2001
From: Yulius Tjahjadi <yulius.tjahjadi@take2games.com>
Date: Fri, 15 Oct 2021 12:49:11 -0700
Subject: [PATCH 2/3] return empty key

---
 src/jwt.erl | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/jwt.erl b/src/jwt.erl
index 821eb54..ed4553b 100644
--- a/src/jwt.erl
+++ b/src/jwt.erl
@@ -331,12 +331,13 @@ append_claim(ClaimsSet, Key, Val) when is_map(ClaimsSet) ->
 append_claim(ClaimsSet, Key, Val) -> [{ Key, Val } | ClaimsSet].
 
 pem_to_key(Pem) ->
-    Decoded = case public_key:pem_decode(Pem) of
+    case public_key:pem_decode(Pem) of
         [_, Key] ->
-            Key;
+            Key,
+            public_key:pem_entry_decode(Key);
         [Key] ->
-            Key;
+            Key,
+            public_key:pem_entry_decode(Key);
         [] ->
             <<"">>
-    end,
-    public_key:pem_entry_decode(Decoded).
+    end.

From 3d0163fa5ba0203e76c7bb947879f542f7189271 Mon Sep 17 00:00:00 2001
From: Yulius Tjahjadi <yulius.tjahjadi@take2games.com>
Date: Fri, 15 Oct 2021 16:55:14 -0700
Subject: [PATCH 3/3] more invalid key handling

---
 src/jwt.erl | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/jwt.erl b/src/jwt.erl
index ed4553b..4a33112 100644
--- a/src/jwt.erl
+++ b/src/jwt.erl
@@ -243,8 +243,12 @@ jwt_check_sig({hmac, _} = Alg, Payload, Signature, Key) ->
 
 jwt_check_sig({Algo, Crypto}, Payload, Signature, Pem)
     when (Algo =:= rsa orelse Algo =:= ecdsa) andalso is_binary(Pem) ->
-    jwt_check_sig({Algo, Crypto}, Payload, Signature, pem_to_key(Pem));
-
+        case pem_to_key(Pem) of
+            <<"">> ->
+                false;
+            Key ->
+                jwt_check_sig({Algo, Crypto}, Payload, Signature, Key)
+        end;
 jwt_check_sig({rsa, Crypto}, Payload, Signature, Key) ->
     public_key:verify(Payload, Crypto, base64url:decode(Signature), Key);