-
Notifications
You must be signed in to change notification settings - Fork 5
/
jwtverifier.go
93 lines (82 loc) · 2.95 KB
/
jwtverifier.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
/*
* Copyright (C) 2015-2018 Virgil Security Inc.
*
* Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* (1) Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* (2) Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* (3) Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
package session
import (
"errors"
"strings"
"github.com/VirgilSecurity/virgil-sdk-go/v6/crypto"
)
type JwtVerifier struct {
appPublicKey crypto.PublicKey
appPublicKeyID string
accessTokenSigner AccessTokenSigner
}
func NewJwtVerifier(appPublicKey crypto.PublicKey, appPublicKeyID string, accessTokenSigner AccessTokenSigner) *JwtVerifier {
v := &JwtVerifier{
accessTokenSigner: accessTokenSigner,
appPublicKeyID: appPublicKeyID,
appPublicKey: appPublicKey,
}
if err := v.Validate(); err != nil {
panic(err)
}
return v
}
func (j *JwtVerifier) VerifyToken(jwtToken *Jwt) error {
if jwtToken == nil {
return ErrJWTTokenIsMandatory
}
if jwtToken.HeaderContent.AppKeyID != j.appPublicKeyID ||
jwtToken.HeaderContent.Algorithm != j.accessTokenSigner.GetAlgorithm() ||
jwtToken.HeaderContent.ContentType != VirgilContentType ||
jwtToken.HeaderContent.Type != JwtType {
return ErrJWTInvalid
}
return jwtToken.verify(j.accessTokenSigner, j.appPublicKey)
}
func (j *JwtVerifier) Validate() error {
if j.accessTokenSigner == nil {
return errors.New("JwtVerifier: access token signer is not set")
}
if j.appPublicKey == nil {
return errors.New("JwtVerifier: api public key is not set")
}
if strings.Replace(j.appPublicKeyID, " ", "", -1) == "" {
return errors.New("JwtVerifier: api public key id is not set")
}
return nil
}