Software /
code /
prosody
Comparison
util/jwt.lua @ 12704:31a2bd84191d
util.jwt: All the algorithms (+ all the tests!)
Except 'none'. Not implementing that one.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 02 Jul 2022 15:29:04 +0100 |
parent | 12702:f63176781940 |
child | 12705:008a7097fdc5 |
comparison
equal
deleted
inserted
replaced
12703:5bda8598a2af | 12704:31a2bd84191d |
---|---|
32 local function new_static_header(algorithm_name) | 32 local function new_static_header(algorithm_name) |
33 return b64url('{"alg":"'..algorithm_name..'","typ":"JWT"}') .. '.'; | 33 return b64url('{"alg":"'..algorithm_name..'","typ":"JWT"}') .. '.'; |
34 end | 34 end |
35 | 35 |
36 -- HS*** family | 36 -- HS*** family |
37 local function new_hmac_algorithm(name, hmac) | 37 local function new_hmac_algorithm(name) |
38 local static_header = new_static_header(name); | 38 local static_header = new_static_header(name); |
39 | |
40 local hmac = hashes["hmac_sha"..name:sub(-3)]; | |
39 | 41 |
40 local function sign(key, payload) | 42 local function sign(key, payload) |
41 local encoded_payload = json.encode(payload); | 43 local encoded_payload = json.encode(payload); |
42 local signed = static_header .. b64url(encoded_payload); | 44 local signed = static_header .. b64url(encoded_payload); |
43 local signature = hmac(key, signed); | 45 local signature = hmac(key, signed); |
120 end; | 122 end; |
121 }; | 123 }; |
122 end | 124 end |
123 | 125 |
124 -- RS***, PS*** | 126 -- RS***, PS*** |
125 local function new_rsa_algorithm(name, c_sign, c_verify) | 127 local rsa_sign_algos = { RS = "rsassa_pkcs1", PS = "rsassa_pss" }; |
128 local function new_rsa_algorithm(name) | |
129 local family, digest_bits = name:match("^(..)(...)$"); | |
130 local c_sign = crypto[rsa_sign_algos[family].."_sha"..digest_bits.."_sign"]; | |
131 local c_verify = crypto[rsa_sign_algos[family].."_sha"..digest_bits.."_verify"]; | |
126 return new_crypto_algorithm(name, "rsaEncryption", c_sign, c_verify); | 132 return new_crypto_algorithm(name, "rsaEncryption", c_sign, c_verify); |
127 end | 133 end |
128 | 134 |
129 -- ES*** | 135 -- ES*** |
130 local function new_ecdsa_algorithm(name, c_sign, c_verify) | 136 local function new_ecdsa_algorithm(name, c_sign, c_verify) |
138 end | 144 end |
139 return new_crypto_algorithm(name, "id-ecPublicKey", c_sign, c_verify, encode_ecdsa_sig, decode_ecdsa_sig); | 145 return new_crypto_algorithm(name, "id-ecPublicKey", c_sign, c_verify, encode_ecdsa_sig, decode_ecdsa_sig); |
140 end | 146 end |
141 | 147 |
142 local algorithms = { | 148 local algorithms = { |
143 HS256 = new_hmac_algorithm("HS256", hashes.hmac_sha256); | 149 HS256 = new_hmac_algorithm("HS256"), HS384 = new_hmac_algorithm("HS384"), HS512 = new_hmac_algorithm("HS512"); |
144 ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify); | 150 ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify); |
145 RS256 = new_rsa_algorithm("RS256", crypto.rsassa_pkcs1_sha256_sign, crypto.rsassa_pkcs1_sha256_verify); | 151 RS256 = new_rsa_algorithm("RS256"), RS384 = new_rsa_algorithm("RS384"), RS512 = new_rsa_algorithm("RS512"); |
146 PS256 = new_rsa_algorithm("PS256", crypto.rsassa_pss_sha256_sign, crypto.rsassa_pss_sha256_verify); | 152 PS256 = new_rsa_algorithm("PS256"), PS384 = new_rsa_algorithm("PS384"), PS512 = new_rsa_algorithm("PS512"); |
147 }; | 153 }; |
148 | 154 |
149 local function new_signer(algorithm, key_input) | 155 local function new_signer(algorithm, key_input) |
150 local impl = assert(algorithms[algorithm], "Unknown JWT algorithm: "..algorithm); | 156 local impl = assert(algorithms[algorithm], "Unknown JWT algorithm: "..algorithm); |
151 local key = (impl.load_private_key or impl.load_key)(key_input); | 157 local key = (impl.load_private_key or impl.load_key)(key_input); |
165 end | 171 end |
166 | 172 |
167 return { | 173 return { |
168 new_signer = new_signer; | 174 new_signer = new_signer; |
169 new_verifier = new_verifier; | 175 new_verifier = new_verifier; |
176 _algorithms = algorithms; | |
170 -- Deprecated | 177 -- Deprecated |
171 sign = algorithms.HS256.sign; | 178 sign = algorithms.HS256.sign; |
172 verify = algorithms.HS256.verify; | 179 verify = algorithms.HS256.verify; |
173 }; | 180 }; |
174 | 181 |