// verify the signature on this token, optionally using key loaded in this exchange
lob_t jwt_verify(lob_t token, e3x_exchange_t x)
{
size_t hlen, clen;
char *encoded;
uint8_t err;
lob_t payload = lob_linked(token);
if(!token || !payload) return LOG("bad args");
// generate the temporary encoded data
clen = base64_encode_length(payload->head_len);
hlen = base64_encode_length(token->head_len);
encoded = (char*)malloc(hlen+1+clen);
hlen = base64_encoder(token->head,token->head_len,encoded);
encoded[hlen] = '.';
clen = base64_encoder(payload->head,payload->head_len,encoded+hlen+1);
// do the validation
err = e3x_exchange_validate(x, token, payload, (uint8_t*)encoded, hlen+1+clen);
free(encoded);
if(err)
{
LOG("validate failed: %d",err);
return NULL;
}
return token;
}
// return >0 if this alg is supported
uint8_t jwt_alg(char *alg)
{
uint8_t err;
lob_t test = lob_new();
lob_set(test,"alg",alg);
// TODO refactor how this is checked
err = e3x_exchange_validate(NULL, test, NULL, (uint8_t*)"x", 1);
lob_free(test);
return (err == 1) ? 0 : 1;
}
// verify the signature on this token, optionally using key loaded in this exchange
lob_t jwt_verify(lob_t token, e3x_exchange_t x)
{
lob_t claims = jwt_claims(token);
if(!token || !claims) return LOG("bad args");
// generate the temporary encoded data
char *encoded = jwt_encode(token);
if(!encoded) return LOG("bad token");
char *dot = strchr(encoded,'.');
dot = strchr(dot+1,'.');
LOG("checking %lu %.*s",lob_body_len(claims),dot-encoded,encoded);
// do the validation against the sig on the claims using info from the token
uint8_t err = e3x_exchange_validate(x, token, claims, (uint8_t*)encoded, dot-encoded);
free(encoded);
if(err) return LOG("validate failed: %d",err);
return token;
}
