98 lines
2.6 KiB
Plaintext
98 lines
2.6 KiB
Plaintext
note
|
|
description: "Summary description for {JWT_LOADER}."
|
|
author: ""
|
|
date: "$Date$"
|
|
revision: "$Revision$"
|
|
|
|
class
|
|
JWT_LOADER
|
|
|
|
inherit
|
|
JWT_UTILITIES
|
|
|
|
feature -- Access
|
|
|
|
token (a_token_input: READABLE_STRING_8; a_secret: READABLE_STRING_8; ctx: detachable JWT_CONTEXT): detachable JWT
|
|
-- Decoded token from `a_token_input` given the secret `a_secret`, and optional context `ctx`
|
|
-- used to specify eventual issuer and various parameters.
|
|
local
|
|
jws: JWS
|
|
i,j,n: INTEGER
|
|
alg, l_enc_payload, l_enc_header, l_signature: READABLE_STRING_8
|
|
do
|
|
n := a_token_input.count
|
|
i := a_token_input.index_of ('.', 1)
|
|
if i > 0 then
|
|
j := a_token_input.index_of ('.', i + 1)
|
|
if j > 0 then
|
|
l_enc_header := a_token_input.substring (1, i - 1)
|
|
l_enc_payload := a_token_input.substring (i + 1, j - 1)
|
|
l_signature := a_token_input.substring (j + 1, n)
|
|
create jws.make_with_json_payload (base64url_decode (l_enc_payload))
|
|
|
|
alg := signature_algorithm_from_encoded_header (l_enc_header)
|
|
jws.set_algorithm (alg)
|
|
if alg = Void then
|
|
-- Use default
|
|
alg := alg_hs256
|
|
end
|
|
check alg_set: alg /= Void end
|
|
if ctx = Void or else not ctx.validation_ignored then
|
|
if not is_supporting_signature_algorithm (alg) then
|
|
jws.report_unsupported_alg_error (alg)
|
|
alg := alg_hs256
|
|
end
|
|
if not l_signature.same_string (signature (l_enc_header, l_enc_payload, a_secret, alg)) then
|
|
jws.report_unverified_token_error
|
|
end
|
|
if
|
|
not jws.has_error and then
|
|
ctx /= Void
|
|
then
|
|
check not ctx.validation_ignored end
|
|
if jws.is_expired (ctx.time) then
|
|
jws.report_claim_validation_error ("exp")
|
|
end
|
|
if not jws.is_nbf_validated (ctx.time) then
|
|
jws.report_claim_validation_error ("nbf")
|
|
end
|
|
if
|
|
not jws.is_iss_validated (ctx.issuer)
|
|
then
|
|
jws.report_claim_validation_error ("iss")
|
|
end
|
|
if
|
|
not jws.is_aud_validated (ctx.audience)
|
|
then
|
|
jws.report_claim_validation_error ("aud")
|
|
end
|
|
|
|
end
|
|
end
|
|
else
|
|
-- jws.report_invalid_token
|
|
end
|
|
else
|
|
-- jws.report_invalid_token
|
|
end
|
|
Result := jws
|
|
end
|
|
|
|
feature {NONE} -- Implementation
|
|
|
|
signature_algorithm_from_encoded_header (a_enc_header: READABLE_STRING_8): detachable STRING_8
|
|
local
|
|
jp: JSON_PARSER
|
|
do
|
|
create jp.make_with_string (base64url_decode (a_enc_header))
|
|
jp.parse_content
|
|
if
|
|
attached jp.parsed_json_object as jo and then
|
|
attached {JSON_STRING} jo.item ("alg") as j_alg
|
|
then
|
|
Result := j_alg.unescaped_string_8
|
|
end
|
|
end
|
|
|
|
end
|