mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-18 19:50:54 +00:00
MINOR: jwt: JWT tokenizing helper function
This helper function splits a JWT under Compact Serialization format (dot-separated base64-url encoded strings) into its different sub strings. Since we do not want to manage more than JWS for now, which can only have at most three subparts, any JWT that has strictly more than two dots is considered invalid.
This commit is contained in:
parent
7feb361776
commit
e0d3c00086
@ -40,6 +40,27 @@ enum jwt_alg {
|
||||
JWS_ALG_PS384,
|
||||
JWS_ALG_PS512,
|
||||
};
|
||||
|
||||
struct jwt_item {
|
||||
char *start;
|
||||
size_t length;
|
||||
};
|
||||
|
||||
struct jwt_ctx {
|
||||
enum jwt_alg alg;
|
||||
struct jwt_item jose;
|
||||
struct jwt_item claims;
|
||||
struct jwt_item signature;
|
||||
char *key;
|
||||
unsigned int key_length;
|
||||
};
|
||||
|
||||
enum jwt_elt {
|
||||
JWT_ELT_JOSE = 0,
|
||||
JWT_ELT_CLAIMS,
|
||||
JWT_ELT_SIG,
|
||||
JWT_ELT_MAX
|
||||
};
|
||||
#endif /* USE_OPENSSL */
|
||||
|
||||
|
||||
|
@ -27,6 +27,7 @@
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len);
|
||||
int jwt_tokenize(const struct buffer *jwt, struct jwt_item *items, unsigned int *item_num);
|
||||
#endif /* USE_OPENSSL */
|
||||
|
||||
#endif /* _HAPROXY_JWT_H */
|
||||
|
43
src/jwt.c
43
src/jwt.c
@ -77,4 +77,47 @@ enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len)
|
||||
|
||||
return alg;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Split a JWT into its separate dot-separated parts.
|
||||
* Since only JWS following the Compact Serialization format are managed for
|
||||
* now, we don't need to manage more than three subparts in the tokens.
|
||||
* See section 3.1 of RFC7515 for more information about JWS Compact
|
||||
* Serialization.
|
||||
* Returns 0 in case of success.
|
||||
*/
|
||||
int jwt_tokenize(const struct buffer *jwt, struct jwt_item *items, unsigned int *item_num)
|
||||
{
|
||||
char *ptr = jwt->area;
|
||||
char *jwt_end = jwt->area + jwt->data;
|
||||
unsigned int index = 0;
|
||||
unsigned int length = 0;
|
||||
|
||||
if (index < *item_num) {
|
||||
items[index].start = ptr;
|
||||
items[index].length = 0;
|
||||
}
|
||||
|
||||
while (index < *item_num && ptr < jwt_end) {
|
||||
if (*ptr++ == '.') {
|
||||
items[index++].length = length;
|
||||
|
||||
if (index == *item_num)
|
||||
return -1;
|
||||
items[index].start = ptr;
|
||||
items[index].length = 0;
|
||||
length = 0;
|
||||
} else
|
||||
++length;
|
||||
}
|
||||
|
||||
if (index < *item_num)
|
||||
items[index].length = length;
|
||||
|
||||
*item_num = (index+1);
|
||||
|
||||
return (ptr != jwt_end);
|
||||
}
|
||||
|
||||
#endif /* USE_OPENSSL */
|
||||
|
Loading…
Reference in New Issue
Block a user