Fix parsing of alg claim to be RFC compliant

The alg claim should always be treated as a case-sensitive value
according to the RFC spec which you can find here:

https://tools.ietf.org/html/rfc7515#section-4.1.1.

The same RFC spec also says it must be present, if it is empty
it is not present so it should not be converted to the "none"
algo as the "none" algo is an algorithm and not the absence of
one.

Finally the "none" algorithm as a string should be "none" not
"NONE" according to the IANA register for JWS Signature and
Encryption Algorithms which can be found here:

https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
This commit is contained in:
Andrew Wiik 2020-01-16 00:42:50 -05:00
parent 534e72b326
commit 9624da5e59

View file

@ -235,7 +235,7 @@ inline jwt::string_view alg_to_str(SCOPED_ENUM algorithm alg) noexcept
case algorithm::ES384: return "ES384";
case algorithm::ES512: return "ES512";
case algorithm::TERM: return "TERM";
case algorithm::NONE: return "NONE";
case algorithm::NONE: return "none";
case algorithm::UNKN: return "UNKN";
default: assert (0 && "Unknown Algorithm");
};
@ -249,18 +249,18 @@ inline jwt::string_view alg_to_str(SCOPED_ENUM algorithm alg) noexcept
*/
inline SCOPED_ENUM algorithm str_to_alg(const jwt::string_view alg) noexcept
{
if (!alg.length()) return algorithm::NONE;
if (!alg.length()) return algorithm::UNKN;
if (!strcasecmp(alg.data(), "none")) return algorithm::NONE;
if (!strcasecmp(alg.data(), "hs256")) return algorithm::HS256;
if (!strcasecmp(alg.data(), "hs384")) return algorithm::HS384;
if (!strcasecmp(alg.data(), "hs512")) return algorithm::HS512;
if (!strcasecmp(alg.data(), "rs256")) return algorithm::RS256;
if (!strcasecmp(alg.data(), "rs384")) return algorithm::RS384;
if (!strcasecmp(alg.data(), "rs512")) return algorithm::RS512;
if (!strcasecmp(alg.data(), "es256")) return algorithm::ES256;
if (!strcasecmp(alg.data(), "es384")) return algorithm::ES384;
if (!strcasecmp(alg.data(), "es512")) return algorithm::ES512;
if (!strcasecmp(alg.data(), "HS256")) return algorithm::HS256;
if (!strcasecmp(alg.data(), "HS384")) return algorithm::HS384;
if (!strcasecmp(alg.data(), "HS512")) return algorithm::HS512;
if (!strcasecmp(alg.data(), "RS256")) return algorithm::RS256;
if (!strcasecmp(alg.data(), "RS384")) return algorithm::RS384;
if (!strcasecmp(alg.data(), "RS512")) return algorithm::RS512;
if (!strcasecmp(alg.data(), "ES256")) return algorithm::ES256;
if (!strcasecmp(alg.data(), "ES384")) return algorithm::ES384;
if (!strcasecmp(alg.data(), "ES512")) return algorithm::ES512;
return algorithm::UNKN;