eden-emu/cpp-jwt
14
0
Fork 0
mirror of https://github.com/arun11299/cpp-jwt.git synced 2025-05-15 01:08:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Put verify under different function. Added new error codes for verification failures.

Browse source
This commit is contained in:
Arun M 2017-12-16 16:39:52 +05:30
parent 912e4b5ff9
commit 7a511c46fe
7 changed files with 204 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

35
include/jwt/impl/error_codes.ipp
View file

@ -59,11 +59,42 @@ struct DecodeErrorCategory: std::error_category
}
};
/**
*/
struct VerificationErrorCategory: std::error_category
{
const char* name() const noexcept override
{
return "verification";
}
std::string message(int ev) const override
{
switch (static_cast<VerificationErrc>(ev))
{
case VerificationErrc::InvalidAlgorithm:
return "invalid algorithm";
case VerificationErrc::TokenExpired:
return "token expired";
case VerificationErrc::InvalidIssuer:
return "invalid issuer";
case VerificationErrc::InvalidAudience:
return "invalid audience";
case VerificationErrc::ImmatureSignature:
return "immature signature";
};
assert (0 && "Code not reached");
}
};
// Create global object for the error categories
const AlgorithmErrCategory theAlgorithmErrCategory {};
const DecodeErrorCategory theDecodeErrorCategory {};
const VerificationErrorCategory theVerificationErrorCategory {};
}
@ -78,6 +109,10 @@ std::error_code make_error_code(DecodeErrc err)
return { static_cast<int>(err), theDecodeErrorCategory };
}
std::error_code make_error_code(VerificationErrc err)
{
return { static_cast<int>(err), theVerificationErrorCategory };
}
} // END namespace jwt

117
include/jwt/impl/jwt.ipp
View file

@ -330,6 +330,71 @@ std::string jwt_object::signature() const
return jws.encode(header_, payload_);
}
template <typename Params, typename SequenceT>
std::error_code jwt_object::verify(
const Params& dparams,
const params::detail::algorithms_param<SequenceT>& algos) const
{
std::error_code ec{};
//Verify if the algorithm set in the header
//is any of the one expected by the client.
auto fitr = std::find_if(algos.get().begin(),
algos.get().end(),
[&](const auto& elem)
{
return jwt::str_to_alg(elem) == header().algo();
});
if (fitr == algos.get().end()) {
ec = VerificationErrc::InvalidAlgorithm;
return ec;
}
//Check for the expiry timings
if (has_claim(registered_claims::expiration)) {
auto curr_time =
std::chrono::duration_cast<
std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count();
auto p_exp = payload()
.get_claim_value<uint64_t>(registered_claims::expiration);
if (p_exp < (curr_time + dparams.leeway)) {
ec = VerificationErrc::TokenExpired;
return ec;
}
}
//Check for issuer
if (dparams.has_issuer &&
has_claim(registered_claims::issuer))
{
jwt::string_view p_issuer = payload()
.get_claim_value<std::string>(registered_claims::issuer);
if (p_issuer.data() != dparams.issuer) {
ec = VerificationErrc::InvalidIssuer;
return ec;
}
}
//Check for audience
if (dparams.has_aud &&
has_claim(registered_claims::audience))
{
jwt::string_view p_aud = payload()
.get_claim_value<std::string>(registered_claims::audience);
if (p_aud.data() != dparams.aud) {
ec = VerificationErrc::InvalidAudience;
return ec;
}
}
return ec;
}
std::array<string_view, 3>
jwt_object::three_parts(const string_view enc_str)
@ -349,7 +414,7 @@ jwt_object::three_parts(const string_view enc_str)
result[1] = string_view{&enc_str[fpos + 1], spos - fpos - 1};
if (spos != enc_str.length()) {
result[2] = string_view{&enc_str[spos + 1], enc_str.length() - spos};
result[2] = string_view{&enc_str[spos + 1], enc_str.length() - spos - 1};
}
return result;
@ -376,6 +441,23 @@ void set_decode_params(DecodeParams& dparams, params::detail::verify_param v, Re
return;
}
template <typename DecodeParams, typename... Rest>
void set_decode_params(DecodeParams& dparams, params::detail::issuer_param i, Rest&&... args)
{
dparams.issuer = std::move(i).get();
dparams.has_issuer = true;
set_decode_params(dparams, std::forward<Rest>(args)...);
return;
}
template <typename DecodeParams, typename... Rest>
void set_decode_params(DecodeParams& dparams, params::detail::audience_param a, Rest&&... args)
{
dparams.aud = std::move(a).get();
dparams.has_aud = true;
set_decode_params(dparams, std::forward<Rest>(args)...);
}
template <typename DecodeParams>
void set_decode_params(DecodeParams& dparams)
{
@ -400,6 +482,14 @@ jwt_object decode(const string_view enc_str,
bool verify = true;
/// Leeway parameter. Defaulted to zero seconds.
uint32_t leeway = 0;
///The issuer
//TODO: optional type
bool has_issuer = false;
std::string issuer;
///The audience
//TODO: optional type
bool has_aud = false;
std::string aud;
};
decode_params dparams{};
@ -414,31 +504,8 @@ jwt_object decode(const string_view enc_str,
//throws decode error
obj.payload(jwt_payload{parts[1]});
//TODO: Should be part of jwt_object::verify
if (dparams.verify) {
//Verify if the algorithm set in the header
//is any of the one expected by the client.
auto fitr = std::find_if(algos.get().begin(), algos.get().end(),
[&](const auto& elem) {
return jwt::str_to_alg(elem) == obj.header().algo();
});
if (fitr == algos.get().end()) {
throw VerificationError("Provided algorithms do not match with header");
}
//Check for the expiry timings
if (obj.payload().has_claim("exp")) {
auto curr_time = std::chrono::duration_cast<
std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count();
auto p_exp = obj.payload()
.get_claim_value(registered_claims::expiration)
.get<uint64_t>();
if (p_exp < (curr_time + dparams.leeway)) {
throw VerificationError("Token expired");
}
}
std::error_code ec = obj.verify(dparams, algos);
}
jwt_signature jsign{key};