From 7f27a6d8e45ae5ad024532e7b5a2cfb60cc3f458 Mon Sep 17 00:00:00 2001
From: Vincent Prouillet <github@vincentprouillet.com>
Date: Mon, 12 Jan 2026 22:15:24 +0100
Subject: [PATCH] Use try_sign to avoid panics

Closes #473
---
 .github/workflows/ci.yml |  2 +-
 src/crypto/mod.rs        |  2 +-
 src/encoding.rs          |  2 +-
 src/errors.rs            | 10 ++++++++++
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d7f03f9..5516c73 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -41,7 +41,7 @@ jobs:
                 include:
                     -   build: pinned
                         os: ubuntu-24.04
-                        rust: 1.85.0
+                        rust: 1.86.0
                     -   build: stable
                         os: ubuntu-latest
                         rust: stable
diff --git a/src/crypto/mod.rs b/src/crypto/mod.rs
index d681bde..2be728b 100644
--- a/src/crypto/mod.rs
+++ b/src/crypto/mod.rs
@@ -47,7 +47,7 @@ pub trait JwtVerifier: Verifier<Vec<u8>> {
 /// If you just want to encode a JWT, use `encode` instead.
 pub fn sign(message: &[u8], key: &EncodingKey, algorithm: Algorithm) -> Result<String> {
     let provider = (CryptoProvider::get_default().signer_factory)(&algorithm, key)?;
-    Ok(b64_encode(provider.sign(message)))
+    Ok(b64_encode(provider.try_sign(message)?))
 }
 
 /// Compares the signature given with a re-computed signature for HMAC or using the public key
diff --git a/src/encoding.rs b/src/encoding.rs
index b6b2720..dd512fd 100644
--- a/src/encoding.rs
+++ b/src/encoding.rs
@@ -168,7 +168,7 @@ pub fn encode<T: Serialize>(header: &Header, claims: &T, key: &EncodingKey) -> R
     let encoded_claims = b64_encode_part(claims)?;
     let message = [encoded_header, encoded_claims].join(".");
 
-    let signature = b64_encode(signing_provider.sign(message.as_bytes()));
+    let signature = b64_encode(signing_provider.try_sign(message.as_bytes())?);
 
     Ok([message, signature].join("."))
 }
diff --git a/src/errors.rs b/src/errors.rs
index 3d4963f..4495896 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -48,6 +48,8 @@ pub enum ErrorKind {
     InvalidRsaKey(String),
     /// We could not sign with the given key
     RsaFailedSigning,
+    /// Signing failed
+    Signing(String),
     /// When the algorithm from string doesn't match the one passed to `from_str`
     InvalidAlgorithmName,
     /// When a key is provided with an invalid format
@@ -91,6 +93,7 @@ impl StdError for Error {
             ErrorKind::InvalidEcdsaKey => None,
             ErrorKind::InvalidEddsaKey => None,
             ErrorKind::RsaFailedSigning => None,
+            ErrorKind::Signing(_) => None,
             ErrorKind::InvalidRsaKey(_) => None,
             ErrorKind::ExpiredSignature => None,
             ErrorKind::MissingAlgorithm => None,
@@ -129,6 +132,7 @@ impl fmt::Display for Error {
             | ErrorKind::InvalidAlgorithmName => write!(f, "{:?}", self.0),
             ErrorKind::MissingRequiredClaim(c) => write!(f, "Missing required claim: {}", c),
             ErrorKind::InvalidRsaKey(msg) => write!(f, "RSA key invalid: {}", msg),
+            ErrorKind::Signing(msg) => write!(f, "Signing failed: {}", msg),
             ErrorKind::Json(err) => write!(f, "JSON error: {}", err),
             ErrorKind::Utf8(err) => write!(f, "UTF-8 error: {}", err),
             ErrorKind::Base64(err) => write!(f, "Base64 error: {}", err),
@@ -170,6 +174,12 @@ impl From<ErrorKind> for Error {
     }
 }
 
+impl From<signature::Error> for Error {
+    fn from(err: signature::Error) -> Error {
+        new_error(ErrorKind::Signing(err.to_string()))
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use wasm_bindgen_test::wasm_bindgen_test;