Exemplo n.º 1
0
func validateJWT(ih bittorrent.InfoHash, jwtBytes []byte, cfgIss, cfgAud string, publicKeys map[string]crypto.PublicKey) error {
	parsedJWT, err := jws.ParseJWT(jwtBytes)
	if err != nil {
		return err
	}

	claims := parsedJWT.Claims()
	if iss, ok := claims.Issuer(); !ok || iss != cfgIss {
		return jwt.ErrInvalidISSClaim
	}

	if aud, ok := claims.Audience(); !ok || !validAudience(aud, cfgAud) {
		return jwt.ErrInvalidAUDClaim
	}

	if ihClaim, ok := claims.Get("infohash").(string); !ok || !validInfoHash(ihClaim, ih) {
		return errors.New("claim \"infohash\" is invalid")
	}

	parsedJWS := parsedJWT.(jws.JWS)
	kid, ok := parsedJWS.Protected().Get("kid").(string)
	if !ok {
		return errors.New("invalid kid")
	}
	publicKey, ok := publicKeys[kid]
	if !ok {
		return errors.New("signed by unknown kid")
	}

	return parsedJWS.Verify(publicKey, jc.SigningMethodRS256)
}
Exemplo n.º 2
0
func TestMultipleAudienceFix_AfterMarshal(t *testing.T) {
	// Create JWS claims
	claims := jws.Claims{}
	claims.SetAudience("example.com", "api.example.com")

	token := jws.NewJWT(claims, crypto.SigningMethodHS256)
	serializedToken, _ := token.Serialize([]byte("abcdef"))

	// Unmarshal JSON
	newToken, _ := jws.ParseJWT(serializedToken)

	c := newToken.Claims()

	// Get Audience
	aud, ok := c.Audience()
	if !ok {

		// Fails
		t.Fail()
	}

	t.Logf("aud len(): %d", len(aud))
	t.Logf("aud Value: %s", aud)
	t.Logf("aud Type : %T", aud)
}
Exemplo n.º 3
0
// ValidateClaim validate the JWT token and return the user model
// decoded from the claim
func ValidateClaim(certs *Certs, token string) (*models.User, error) {

	usr := new(models.User)

	w, err := jws.ParseJWT([]byte(token))
	if err != nil {
		return nil, err
	}

	if err := w.Validate(certs.PublicKey, crypto.SigningMethodRS512); err != nil {
		return nil, err
	}

	_, isExpired := w.Claims().Expiration()

	if !isExpired {
		return nil, ErrTokenExpired
	}

	usr.Email = extractKey("email", w.Claims())
	usr.Login = extractKey("login", w.Claims())
	usr.ID = extractKey("user_id", w.Claims())

	return usr, nil
}
Exemplo n.º 4
0
func ValidateToken(token string) bool {
	parsed, err := jws.ParseJWT([]byte(token))
	if err != nil {
		return false
	}

	id := int(parsed.Claims().Get("id").(float64))
	if id > 0 {
		fmt.Printf("parsed: %d : %v\n", id, parsed)
		db, err := sql.Open("postgres", config.DbConnection)
		if err != nil {
			fmt.Println(err.Error())
		}
		defer db.Close()

		stmt, err := db.Prepare("SELECT token FROM tokens where user_id = $1;")
		if err != nil {
			fmt.Printf("ERROR prepare: %s\n", err.Error())
			return false
		}
		defer stmt.Close()

		row := stmt.QueryRow(id)
		var dbToken string
		err = row.Scan(&dbToken)
		if err != nil {
			fmt.Println(err.Error())
			return false
		}
		return token == dbToken
	} else {
		return false
	}
}
Exemplo n.º 5
0
Arquivo: jwt.go Projeto: itpkg/chaos
//Validate check jwt
func (p *Jwt) Validate(buf []byte) (jwt.Claims, error) {
	tk, err := jws.ParseJWT(buf)
	if err != nil {
		return nil, err
	}
	err = tk.Validate(p.Key, p.Method)
	return tk.Claims(), err
}
Exemplo n.º 6
0
func decodeUserFromJWT(accessToken string) (User, error) {
	if accessToken == "" {
		return User{}, nil
	}

	token, err := jws.ParseJWT([]byte(accessToken[7:]))
	if err != nil {
		return User{}, err
	}

	claims := token.Claims()
	return User{
		Name: claims.Get("user_name").(string),
	}, nil
}
Exemplo n.º 7
0
// TestTimeValuesThroughJSON verifies that the time values
// that are set via the Set{IssuedAt,NotBefore,Expiration}()
// methods can actually be parsed back
func TestTimeValuesThroughJSON(t *testing.T) {
	now := time.Unix(time.Now().Unix(), 0)

	c := jws.Claims{}
	c.SetIssuedAt(now)
	c.SetNotBefore(now)
	c.SetExpiration(now)

	// serialize to JWT
	tok := jws.NewJWT(c, crypto.SigningMethodHS256)
	b, err := tok.Serialize([]byte("key"))
	if err != nil {
		t.Fatal(err)
	}

	// parse the JWT again
	tok2, err := jws.ParseJWT(b)
	if err != nil {
		t.Fatal(err)
	}
	c2 := tok2.Claims()

	iat, ok1 := c2.IssuedAt()
	nbf, ok2 := c2.NotBefore()
	exp, ok3 := c2.Expiration()
	if !ok1 || !ok2 || !ok3 {
		t.Fatal("got false want true")
	}

	if got, want := iat, now; !got.Equal(want) {
		t.Errorf("%s: got %v want %v", "iat", got, want)
	}
	if got, want := nbf, now; !got.Equal(want) {
		t.Errorf("%s: got %v want %v", "nbf", got, want)
	}
	if got, want := exp, now; !got.Equal(want) {
		t.Errorf("%s: got %v want %v", "exp", got, want)
	}
}