Bug 1895154 - Don't use .split to break a scoped key's kid into timestamp and fingerprint. r=teshaq

Differential Revision: https://phabricator.services.mozilla.com/D209508

services/fxaccounts/FxAccountsKeys.sys.mjs

@@ -157,7 +157,9 @@ export class FxAccountsKeys {
       if (!kid.includes("-")) {
         return false;
       }
-      const [keyRotationTimestamp, fingerprint] = kid.split("-");
+      const dashIndex = kid.indexOf("-");
+      const keyRotationTimestamp = kid.substring(0, dashIndex);
+      const fingerprint = kid.substring(dashIndex + 1);
       // We then verify that the timestamp is a valid timestamp
       const keyRotationTimestampNum = Number(keyRotationTimestamp);
       // If the value we got back is falsy it's not a valid timestamp

services/fxaccounts/tests/xpcshell/test_keys.js

@@ -219,6 +219,18 @@ add_task(function test_check_valid_scoped_keys() {
     };
     Assert.equal(keys.validScopedKeys(scopedKeys), true);
   });
+  add_task(function test_valid_kid_with_dash() {
+    const scopedKeys = {
+      "https://identity.mozilla.com/apps/oldsync": {
+        kty: "oct",
+        // kid contains another dash. The fingerprint must not be truncated.
+        kid: "1510726318123-I-Qv4onc7VcVE1kTQkyyOw",
+        k: "DW_ll5GwX6SJ5GPqJVAuMUP2t6kDqhUulc2cbt26xbTcaKGQl-9l29FHAQ7kUiJETma4s9fIpEHrt909zgFang",
+        scope: "https://identity.mozilla.com/apps/oldsync",
+      },
+    };
+    Assert.equal(keys.validScopedKeys(scopedKeys), true);
+  });
 });
 
 add_task(async function test_rejects_bad_scoped_key_data() {