// verify the signature on this token, optionally using key loaded in this exchange
lob_t jwt_verify(lob_t token, e3x_exchange_t x)
{
size_t hlen, clen;
char *encoded;
uint8_t err;
lob_t payload = lob_linked(token);
if(!token || !payload) return LOG("bad args");
// generate the temporary encoded data
clen = base64_encode_length(payload->head_len);
hlen = base64_encode_length(token->head_len);
encoded = (char*)malloc(hlen+1+clen);
hlen = base64_encoder(token->head,token->head_len,encoded);
encoded[hlen] = '.';
clen = base64_encoder(payload->head,payload->head_len,encoded+hlen+1);
// do the validation
err = e3x_exchange_validate(x, token, payload, (uint8_t*)encoded, hlen+1+clen);
free(encoded);
if(err)
{
LOG("validate failed: %d",err);
return NULL;
}
return token;
}
char *zio_json_encode (void *data, int len, bool eof)
{
char *json_str = NULL;
char *s_data = NULL;
json_t *o = NULL;
int s_len;
s_len = base64_encode_length (len);
s_data = calloc (1, s_len);
if (!s_data) {
errno = ENOMEM;
goto error;
}
if (base64_encode_block (s_data, &s_len, data, len) < 0) {
errno = EINVAL;
goto error;
}
if (!(o = json_pack ("{s:b s:s}", "eof", eof, "data", s_data))) {
errno = ENOMEM;
goto error;
}
if (!(json_str = json_dumps (o, 0))) {
errno = ENOMEM;
goto error;
}
free (s_data);
json_decref (o);
return json_str;
error:
free (s_data);
json_decref (o);
return NULL;
}
int main(int argc, char **argv)
{
char *eout = malloc(base64_encode_length(7));
uint8_t *dout = malloc(base64_decode_length(8));
size_t len;
len = base64_encoder((const uint8_t *)"foobar", 6, eout);
fail_unless(len == 8);
fail_unless(strcmp(eout,"Zm9vYmFy") == 0);
len = base64_decoder(eout,0,dout);
fail_unless(len == 6);
fail_unless(strncmp((char*)dout,"foobar",6) == 0);
char bfix[] = "eyJzdWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ";
char jfix[] = "{\"sub\":1234567890,\"name\":\"John Doe\",\"admin\":true}";
char *jtest = malloc(base64_decode_length(strlen(bfix)));
len = base64_decoder(bfix,0,(uint8_t*)jtest);
fail_unless(len == strlen(jfix));
fail_unless(strcmp(jtest,jfix) == 0);
char *btest = malloc(base64_encode_length(strlen(jfix)));
len = base64_encoder((uint8_t*)jfix,strlen(jfix),btest);
// printf("len %d %d %s",len,strlen(bfix),btest);
fail_unless(len == strlen(bfix));
fail_unless(strncmp(btest,bfix,len) == 0);
e3x_init(NULL); // random seed
uint8_t *rand = malloc(32);
char *rtest = malloc(base64_encode_length(32));
uint8_t *rand2 = malloc(32);
char *rtest2 = malloc(base64_encode_length(32));
int i;
for(i = 1;i<=32;i++)
{
e3x_rand(rand, i);
e3x_rand(rand2, i);
base64_encoder(rand,i,rtest);
base64_decoder(rtest,0,rand2);
base64_encoder(rand2,i,rtest2);
// printf("%s\n%s\n",rtest,rtest2);
fail_unless(memcmp(rand,rand2,i) == 0);
}
return 0;
}
static int
_common_encode(lua_State *L, EncodeFunc_t encode) {
size_t len;
const char *str = lua64_tolstring(L, 1, &len);
size_t dlen = base64_encode_length(len);
luaL_Buffer b;
char *dst = luaL_buffinitsize(L, &b, dlen);
encode(str, len, dst);
luaL_pushresultsize(&b, dlen);
return 1;
}
static int
_scheme_encode(lua_State *L) {
struct base64_scheme *sch = lua64_touserdata(L, 1);
size_t len;
const char *str = lua64_tolstring(L, 2, &len);
size_t dlen = base64_encode_length(len);
luaL_Buffer b;
char *dst = luaL_buffinitsize(L, &b, dlen);
base64_scheme_encode(sch, str, len, dst);
luaL_pushresultsize(&b, dlen);
return 1;
}
// returns the base64 encoded token from a packet
char *jwt_encode(lob_t token)
{
lob_t claims = jwt_claims(token);
if(!claims) return LOG_WARN("no claims");
size_t slen = base64_encode_length(claims->body_len);
size_t clen = base64_encode_length(claims->head_len);
size_t hlen = base64_encode_length(token->head_len);
char *encoded;
if(!(encoded = malloc(hlen+1+clen+1+slen+1))) return LOG_WARN("OOM");
// append all the base64 encoding
hlen = base64_encoder(token->head,token->head_len,encoded);
encoded[hlen] = '.';
clen = base64_encoder(claims->head,claims->head_len,encoded+hlen+1);
encoded[hlen+1+clen] = '.';
slen = base64_encoder(claims->body,claims->body_len,encoded+hlen+1+clen+1);
encoded[hlen+1+clen+1+slen] = 0;
return encoded;
}
json_object *base64_json_encode (uint8_t *dat, int len)
{
char *buf;
int dstlen;
json_object *o;
int size = base64_encode_length (len);
buf = xzmalloc (size);
(void) base64_encode_block (buf, &dstlen, dat, len);
if (!(o = json_object_new_string (buf)))
oom ();
free (buf);
return o;
}
// returns the base64 encoded token from a packet (return is cached/freed inside token)
char *jwt_encode(lob_t token)
{
size_t hlen, clen, slen;
char *encoded;
lob_t payload = lob_linked(token);
if(!payload) return NULL;
// allocates space in the token body
slen = base64_encode_length(payload->body_len);
clen = base64_encode_length(payload->head_len);
hlen = base64_encode_length(token->head_len);
encoded = (char*)lob_body(token,NULL,hlen+1+clen+1+slen+1);
// append all the base64 encoding
hlen = base64_encoder(token->head,token->head_len,encoded);
encoded[hlen] = '.';
clen = base64_encoder(payload->head,payload->head_len,encoded+hlen+1);
encoded[hlen+1+clen] = '.';
slen = base64_encoder(payload->body,payload->body_len,encoded+hlen+1+clen+1);
encoded[hlen+1+clen+1+slen] = 0;
return encoded;
}
// sign this token, adds signature to the claims body
lob_t jwt_sign(lob_t token, e3x_self_t self)
{
size_t hlen, clen;
char *encoded;
lob_t payload = lob_linked(token);
if(!token || !payload) return LOG("bad args");
// allocates space in the payload body for the encoded data to be signed
clen = base64_encode_length(payload->head_len);
hlen = base64_encode_length(token->head_len);
encoded = (char*)lob_body(payload,NULL,hlen+1+clen);
hlen = base64_encoder(token->head,token->head_len,encoded);
encoded[hlen] = '.';
clen = base64_encoder(payload->head,payload->head_len,encoded+hlen+1);
// e3x returns packet w/ signature
if(!e3x_self_sign(self, token, payload->body, hlen+1+clen)) return LOG("signing failed");
// copy sig to payload
lob_body(payload,token->body,token->body_len);
return token;
}
