END_TEST START_TEST(test_jwt_grants_json) { const char *json = "{\"ref\":\"385d6518-fb73-45fc-b649-0527d8576130\"" ",\"id\":\"FVvGYTr3FhiURCFebsBOpBqTbzHdX/DvImiA2yheXr8=\"," "\"iss\":\"localhost\",\"scopes\":\"storage\",\"sub\":" "\"user0\"}"; const char *json2 = "{" "\"id\":\"FVvGYTr3FhiURCFebsBOpBqTbzHdX/DvImiA2yheXr8=\"," "\"iss\":\"localhost\",\"scopes\":\"storage\",\"sub\":" "\"user0\", \"nbf\":12345678, \"iat\":12346789}"; jwt_t *jwt = NULL; json_t *js_val; const char *val; int intval; int ret = 0; ret = jwt_new(&jwt); ck_assert_int_eq(ret, 0); ck_assert(jwt != NULL); ret = jwt_add_grants_json(jwt, json); ck_assert_int_eq(ret, 0); val = jwt_get_grant(jwt, "ref"); ck_assert(val != NULL); ck_assert_str_eq(val, "385d6518-fb73-45fc-b649-0527d8576130"); jwt_free(jwt); ret = jwt_new(&jwt); ck_assert_int_eq(ret, 0); ck_assert(jwt != NULL); ret = jwt_add_grants_json(jwt, json2); ck_assert_int_eq(ret, 0); js_val = jwt_get_grant_obj (jwt, "nbf"); ck_assert (js_val != NULL); ck_assert (json_is_integer (js_val)); ck_assert (json_integer_value (js_val) == 12345678); ret = jwt_get_grant_int_or_str (jwt, "nbf", &val, &intval); ck_assert_int_eq(ret, 0); ck_assert(val == NULL); ck_assert (intval == 12345678); }
END_TEST START_TEST(test_jwt_del_grant) { jwt_t *jwt = NULL; const char *val; const char testval[] = "testing"; int ret = 0; ret = jwt_new(&jwt); ck_assert_int_eq(ret, 0); ck_assert(jwt != NULL); ret = jwt_add_grant(jwt, "iss", testval); ck_assert_int_eq(ret, 0); ret = jwt_del_grant(jwt, "iss"); ck_assert_int_eq(ret, 0); val = jwt_get_grant(jwt, "iss"); ck_assert(val == NULL); /* Delete non existent. */ ret = jwt_del_grant(jwt, "iss"); ck_assert_int_eq(ret, 0); jwt_free(jwt); }
END_TEST START_TEST(test_jwt_grants_json) { const char *json = "{\"ref\":\"385d6518-fb73-45fc-b649-0527d8576130\"" ",\"id\":\"FVvGYTr3FhiURCFebsBOpBqTbzHdX/DvImiA2yheXr8=\"," "\"iss\":\"localhost\",\"scopes\":\"storage\",\"sub\":" "\"user0\"}"; jwt_t *jwt = NULL; const char *val; int ret = 0; ret = jwt_new(&jwt); ck_assert_int_eq(ret, 0); ck_assert(jwt != NULL); ret = jwt_add_grants_json(jwt, json); ck_assert_int_eq(ret, 0); val = jwt_get_grant(jwt, "ref"); ck_assert(val != NULL); ck_assert_str_eq(val, "385d6518-fb73-45fc-b649-0527d8576130"); jwt_free(jwt); }
END_TEST START_TEST(test_jwt_dump_str) { jwt_t *jwt = NULL; int ret = 0; char *out; ret = jwt_new(&jwt); ck_assert_int_eq(ret, 0); ck_assert(jwt != NULL); ret = jwt_add_grant(jwt, "iss", "files.cyphre.com"); ck_assert_int_eq(ret, 0); ret = jwt_add_grant(jwt, "sub", "user0"); ck_assert_int_eq(ret, 0); ret = jwt_add_grant(jwt, "ref", "XXXX-YYYY-ZZZZ-AAAA-CCCC"); ck_assert_int_eq(ret, 0); out = jwt_dump_str(jwt, 1); ck_assert(out != NULL); free(out); out = jwt_dump_str(jwt, 0); ck_assert(out != NULL); free(out); jwt_free(jwt); }
/** * Calculates a Java Web Token (JWT) given the path to a EC private key and * Google Cloud project ID. Returns the JWT as a string that the caller must * free. */ static char* CreateJwt(const char* ec_private_path, const char* project_id) { char iat_time[sizeof(time_t) * 3 + 2]; char exp_time[sizeof(time_t) * 3 + 2]; uint8_t* key = NULL; // Stores the Base64 encoded certificate size_t key_len = 0; jwt_t *jwt = NULL; int ret = 0; char *out = NULL; // Read private key from file FILE *fp = fopen(ec_private_path, "r"); if (fp == (void*) NULL) { printf("Could not open file: %s\n", ec_private_path); return ""; } fseek(fp, 0L, SEEK_END); key_len = ftell(fp); fseek(fp, 0L, SEEK_SET); key = malloc(sizeof(uint8_t) * (key_len + 1)); // certificate length + \0 fread(key, 1, key_len, fp); key[key_len] = '\0'; fclose(fp); // Get JWT parts GetIatExp(iat_time, exp_time, sizeof(iat_time)); jwt_new(&jwt); // Write JWT ret = jwt_add_grant(jwt, "iat", iat_time); if (ret) { printf("Error setting issue timestamp: %d", ret); } ret = jwt_add_grant(jwt, "exp", exp_time); if (ret) { printf("Error setting expiration: %d", ret); } ret = jwt_add_grant(jwt, "aud", project_id); if (ret) { printf("Error adding audience: %d", ret); } ret = jwt_set_alg(jwt, JWT_ALG_ES256, key, key_len); if (ret) { printf("Error during set alg: %d", ret); } out = jwt_encode_str(jwt); // Print JWT if (TRACE) { printf("JWT: [%s]", out); } jwt_free(jwt); free(key); return out; }
/** * @brief can be used to build a jwt for a user * * @param user a user model * @return a jwt token as string */ std::string AuthenticationApp::buildJWT (cppcms::http::response & resp, const model::User & user) const { jwt_t * jwt; // reserve token memory if (jwt_new (&jwt) != 0 || !jwt) { RootApp::setInternalServerError (resp, "Something went wrong while creating the session token.", "AUTH_CREATE_TOKEN_ERROR"); throw exception::JwtCreationException (); } // create smart pointer that ensures freeing the jwt std::unique_ptr<jwt_t, void (*) (jwt_t *)> jwt_ptr (jwt, jwt_free); // specify jwt algorithm and encryption key if (jwt_set_alg (jwt_ptr.get (), JWT_ALG_HS256, reinterpret_cast<const unsigned char *> ( Config::instance ().getConfig ().get<std::string> ("jwt.encryption.secret").c_str ()), Config::instance ().getConfig ().get<std::string> ("jwt.encryption.secret").size ()) != 0) { RootApp::setInternalServerError (resp, "Something went wrong while creating the session token.", "AUTH_CREATE_TOKEN_ERROR"); throw exception::JwtCreationException (); } // add claims if (jwt_add_grant (jwt_ptr.get (), "issuer", ELEKTRA_REST_AUTHENTICATION_JWT_ISSUER) != 0 || jwt_add_grant (jwt_ptr.get (), "username", user.getUsername ().c_str ()) != 0 || jwt_add_grant_int (jwt_ptr.get (), "rank", user.getRank ()) != 0 || jwt_add_grant_int (jwt_ptr.get (), "expires", std::time (NULL) + Config::instance ().getConfig ().get<int> ("jwt.validity")) != 0) { RootApp::setInternalServerError (resp, "Something went wrong while creating the session token.", "AUTH_CREATE_TOKEN_ERROR"); throw exception::JwtCreationException (); } // generate and return token return std::string (jwt_encode_str (jwt_ptr.get ())); }
END_TEST START_TEST(test_jwt_grant_invalid) { jwt_t *jwt = NULL; const char *val; int ret = 0; ret = jwt_new(&jwt); ck_assert_int_eq(ret, 0); ck_assert(jwt != NULL); ret = jwt_add_grant(jwt, "iss", NULL); ck_assert_int_eq(ret, EINVAL); ret = jwt_del_grant(jwt, ""); ck_assert_int_eq(ret, EINVAL); val = jwt_get_grant(jwt, NULL); ck_assert_int_eq(errno, EINVAL); ck_assert(val == NULL); jwt_free(jwt); }