Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expand signature validation with the output of the signature together… #81

Closed
wants to merge 17 commits into from
Closed

Expand signature validation with the output of the signature together… #81

Changes from 6 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
43f72c3
Expand signature validation with the output of the signature together…
skriesch Jun 28, 2022
a041e9e
fix syntax error
skriesch Jun 28, 2022
05827c1
Add function extractSignature with jose utility generate_key_pair #11
skriesch Jun 28, 2022
244d6e0
Fix module import generate_key_pair
skriesch Jun 28, 2022
e5ee58c
Replace the ESM import with adding jose into the fuction
skriesch Jun 28, 2022
454bd32
Remove all from generate_key_pair
skriesch Jun 28, 2022
5668bdb
remove deprecated GenerateKeyPair untility
skriesch Jun 29, 2022
05dc453
Adopt KeyType to jose.KeyType
skriesch Jun 29, 2022
5554a74
Add additional function for key decoding without JSON #11
skriesch Jun 29, 2022
0c1a295
Use async function
skriesch Jun 29, 2022
ab1909d
Remove function to extract keys
skriesch Jun 29, 2022
f3c610e
Remove bracket
skriesch Jun 29, 2022
d150e53
Add jose before JWSObject for identification
skriesch Jun 29, 2022
25277a4
Define JWSObject
skriesch Jun 29, 2022
24d3e0d
Try with jose.JWS
skriesch Jun 29, 2022
8399d8e
Try with jose.JWS and async
skriesch Jun 29, 2022
3ab900e
Fix Promise
skriesch Jun 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 31 additions & 5 deletions src/token/token.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
//SDPX-License-Identifier: MIT
//SDPX-FileCopyrightText: 2022 Philip Rebbe <rebbe.philip@fau.de>
//SDPX-FileCopyrightText: 2022 Raghunandan Arava <raghunandan.arava@fau.de>
//SDPX-FileCopyrightText: 2022 Sarah Julia Kriesch <sarah.j.kriesch@fau.de>

import { HttpException, HttpStatus, Inject, Injectable } from '@nestjs/common';
import * as jose from 'jose';
Expand All @@ -10,6 +11,7 @@ import * as qs from 'qs';
import { DiscoveryService } from '../discovery/discovery.service';
import * as fs from 'fs';
import { GetKeyFunction } from 'jose/dist/types/types';
import { generateKeyPair } from 'jose/util/generate_key_pair.ts';
import { SettingsService } from '../settings/settings.service';
import { HelperService } from '../helper/helper.service';

Expand Down Expand Up @@ -94,13 +96,14 @@ export class TokenService {
return await this.getToken(String(issuer.token_endpoint), grantBody);
}

async decodeToken(tokenString: string): Promise<[string, string]> {
const [header, payload] = this.decodeTokenString(tokenString);
async decodeToken(tokenString: string): Promise<[string, string, string]> {
const [header, payload, signature] = this.decodeTokenString(tokenString);

const formattedHeader = JSON.stringify(header, undefined, 2);
const formattedPayload = JSON.stringify(payload, undefined, 2);
const formattedSignature = JSON.stringify(signature, undefined, 2);

return [formattedHeader, formattedPayload];
return [formattedHeader, formattedPayload, formattedSignature];
}

async validateTokenSignature(
Expand Down Expand Up @@ -137,7 +140,7 @@ export class TokenService {
);
}

private decodeTokenString(tokenString: string): [string, string] {
private decodeTokenString(tokenString: string): [string, string, string] {
if (tokenString === undefined || tokenString === '') {
throw new HttpException('There was no token to decode!', 400);
}
Expand All @@ -150,14 +153,37 @@ export class TokenService {

const header = this.decodeBase64EncodedString(tokenParts[0]);
const body = this.decodeBase64EncodedString(tokenParts[1]);
const signature = this.extractSignature(tokenParts[2]);

return [header, body];

return [header, body, signature];
}

private decodeBase64EncodedString(input: string): string {
return JSON.parse(new TextDecoder().decode(jose.base64url.decode(input)));
}

private async extractSignature(
algorithm: string,
filepath: string,
publicKey: KeyLike,
privateKey: KeyLike
): Promise<string, string, string> {
let message = '';
let isValid = true;
try {
const keyMaterial = await this.getFileKeyMaterial (algorithm, filepath);
const pubKey = await jose.exportSPKI(publicKey);
const privKey = await jose.exportPKCS8(privateKey);

return [algorithm, privKey, pubKey];
} catch (error) {
isValid = false;
message = `The signature is invalid: ${error}`;
}

}

private async validateTokenStringWithExternalKeys(
tokenString: string,
issuer: string,
Expand Down