Example #1
0
// verify the signature on this token, optionally using key loaded in this exchange
lob_t jwt_verify(lob_t token, e3x_exchange_t x)
{
  size_t hlen, clen;
  char *encoded;
  uint8_t err;
  lob_t payload = lob_linked(token);
  if(!token || !payload) return LOG("bad args");

  // generate the temporary encoded data
  clen = base64_encode_length(payload->head_len);
  hlen = base64_encode_length(token->head_len);
  encoded = (char*)malloc(hlen+1+clen);
  hlen = base64_encoder(token->head,token->head_len,encoded);
  encoded[hlen] = '.';
  clen = base64_encoder(payload->head,payload->head_len,encoded+hlen+1);

  // do the validation
  err = e3x_exchange_validate(x, token, payload, (uint8_t*)encoded, hlen+1+clen);
  free(encoded);

  if(err)
  {
    LOG("validate failed: %d",err);
    return NULL;
  }

  return token;
}
Example #2
0
// return >0 if this alg is supported
uint8_t jwt_alg(char *alg)
{
  uint8_t err;
  lob_t test = lob_new();
  lob_set(test,"alg",alg);
  // TODO refactor how this is checked
  err = e3x_exchange_validate(NULL, test, NULL, (uint8_t*)"x", 1);
  lob_free(test);
  return (err == 1) ? 0 : 1;
}
Example #3
0
// verify the signature on this token, optionally using key loaded in this exchange
lob_t jwt_verify(lob_t token, e3x_exchange_t x)
{
  lob_t claims = jwt_claims(token);
  if(!token || !claims) return LOG("bad args");

  // generate the temporary encoded data
  char *encoded = jwt_encode(token);
  if(!encoded) return LOG("bad token");
  char *dot = strchr(encoded,'.');
  dot = strchr(dot+1,'.');
  
  LOG("checking %lu %.*s",lob_body_len(claims),dot-encoded,encoded);

  // do the validation against the sig on the claims using info from the token
  uint8_t err = e3x_exchange_validate(x, token, claims, (uint8_t*)encoded, dot-encoded);
  free(encoded);

  if(err) return LOG("validate failed: %d",err);
  return token;
}