MINOR: jwt: JWT tokenizing helper function

This helper function splits a JWT under Compact Serialization format (dot-separated base64-url encoded strings) into its different sub strings. Since we do not want to manage more than JWS for now, which can only have at most three subparts, any JWT that has strictly more than two dots is considered invalid.
2024-12-16 00:14:31 +00:00 · 2021-10-01 15:36:55 +02:00 · 2021-10-01 15:36:55 +02:00 · e0d3c00086
commit e0d3c00086
parent 7feb361776
3 changed files with 65 additions and 0 deletions
--- a/include/haproxy/jwt-t.h
+++ b/include/haproxy/jwt-t.h
@ -40,6 +40,27 @@ enum jwt_alg {
 	JWS_ALG_PS384,
 	JWS_ALG_PS512,
 };
+
+struct jwt_item {
+	char *start;
+	size_t length;
+};
+
+struct jwt_ctx {
+	enum jwt_alg alg;
+	struct jwt_item jose;
+	struct jwt_item claims;
+	struct jwt_item signature;
+	char *key;
+	unsigned int key_length;
+};
+
+enum jwt_elt {
+	JWT_ELT_JOSE = 0,
+	JWT_ELT_CLAIMS,
+	JWT_ELT_SIG,
+	JWT_ELT_MAX
+};
 #endif /* USE_OPENSSL */


--- a/include/haproxy/jwt.h
+++ b/include/haproxy/jwt.h
@ -27,6 +27,7 @@

 #ifdef USE_OPENSSL
 enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len);
+int jwt_tokenize(const struct buffer *jwt, struct jwt_item *items, unsigned int *item_num);
 #endif /* USE_OPENSSL */

 #endif /* _HAPROXY_JWT_H */
--- a/src/jwt.c
+++ b/src/jwt.c
@ -77,4 +77,47 @@ enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len)

 	return alg;
 }
+
+
+/*
+ * Split a JWT into its separate dot-separated parts.
+ * Since only JWS following the Compact Serialization format are managed for
+ * now, we don't need to manage more than three subparts in the tokens.
+ * See section 3.1 of RFC7515 for more information about JWS Compact
+ * Serialization.
+ * Returns 0 in case of success.
+ */
+int jwt_tokenize(const struct buffer *jwt, struct jwt_item *items, unsigned int *item_num)
+{
+	char *ptr = jwt->area;
+	char *jwt_end = jwt->area + jwt->data;
+	unsigned int index = 0;
+	unsigned int length = 0;
+
+	if (index < *item_num) {
+		items[index].start = ptr;
+		items[index].length = 0;
+	}
+
+	while (index < *item_num && ptr < jwt_end) {
+		if (*ptr++ == '.') {
+			items[index++].length = length;
+
+			if (index == *item_num)
+				return -1;
+			items[index].start = ptr;
+			items[index].length = 0;
+			length = 0;
+		} else
+			++length;
+	}
+
+	if (index < *item_num)
+		items[index].length = length;
+
+	*item_num = (index+1);
+
+	return (ptr != jwt_end);
+}
+
 #endif /* USE_OPENSSL */