Skip to content

Commit

Permalink
Fix fix r_jwt_validate_claims for aud claim (Closes: #34), Add vclaim…
Browse files Browse the repository at this point in the history 
… validation for amr claimn
  • Loading branch information
@babelouest
babelouest committed Nov 11, 2023
1 parent 506cc0c commit 84cebbd
Show file tree
Hide file tree
Showing 2 changed files with 112 additions and 4 deletions.
1 change: 1 addition & 0 deletions include/rhonabwy.h
View file
Expand Up @@ -166,6 +166,7 @@ typedef enum {
R_JWT_CLAIM_JSN = 10,
R_JWT_CLAIM_TYP = 11,
R_JWT_CLAIM_CTY = 12,
R_JWT_CLAIM_AMR = 13,
} rhn_claim_opt;

typedef enum {
Expand Down
115 changes: 111 additions & 4 deletions src/jwt.c
View file
Expand Up @@ -1693,11 +1693,12 @@ int r_jwt_verify_signature_nested(jwt_t * jwt, jwk_t * verify_key, int verify_ke
int r_jwt_validate_claims(jwt_t * jwt, ...) {
rhn_claim_opt option;
int ret = RHN_OK;
int i_value;
int i_value, has_invalid_value, has_claim;
const char * str_key, * str_value;
json_t * j_value, * j_expected_value;
json_t * j_value, * j_expected_value, * j_element = NULL;
va_list vl;
time_t now, t_value;
size_t index = 0;

if (jwt != NULL) {
time(&now);
Expand Down Expand Up @@ -1731,11 +1732,50 @@ int r_jwt_validate_claims(jwt_t * jwt, ...) {
case R_JWT_CLAIM_AUD:
str_value = va_arg(vl, const char *);
if (!o_strnullempty(str_value)) {
if (0 != o_strcmp(str_value, r_jwt_get_claim_str_value(jwt, "aud"))) {
if ((j_value = r_jwt_get_claim_json_t_value(jwt, "aud")) != NULL) {
if (json_is_string(j_value)) {
if (0 != o_strcmp(str_value, json_string_value(j_value))) {
ret = RHN_ERROR_PARAM;
}
} else if (json_is_array(j_value)) {
has_invalid_value = 0;
has_claim = 0;
json_array_foreach(j_value, index, j_element) {
if (!json_is_string(j_element) || !json_string_length(j_element)) {
has_invalid_value = 1;
} else if (0 == o_strcmp(str_value, json_string_value(j_element))) {
has_claim = 1;
}
}
if (!has_claim || has_invalid_value) {
ret = RHN_ERROR_PARAM;
}
} else {
ret = RHN_ERROR_PARAM;
}
json_decref(j_value);
j_value = NULL;
} else {
ret = RHN_ERROR_PARAM;
}
} else {
if (o_strnullempty(r_jwt_get_claim_str_value(jwt, "aud"))) {
if ((j_value = r_jwt_get_claim_json_t_value(jwt, "aud")) != NULL) {
if (json_is_array(j_value)) {
has_invalid_value = 0;
json_array_foreach(j_value, index, j_element) {
if (!json_is_string(j_element) || !json_string_length(j_element)) {
has_invalid_value = 1;
}
}
if (has_invalid_value) {
ret = RHN_ERROR_PARAM;
}
} else if (!json_is_string(j_value) || !json_string_length(j_value)) {
ret = RHN_ERROR_PARAM;
}
json_decref(j_value);
j_value = NULL;
} else {
ret = RHN_ERROR_PARAM;
}
}
Expand Down Expand Up @@ -1860,6 +1900,53 @@ int r_jwt_validate_claims(jwt_t * jwt, ...) {
}
}
break;
case R_JWT_CLAIM_AMR:
str_value = va_arg(vl, const char *);
if (!o_strnullempty(str_value)) {
if ((j_value = r_jwt_get_claim_json_t_value(jwt, "amr")) != NULL) {
if (json_is_array(j_value)) {
has_invalid_value = 0;
has_claim = 0;
json_array_foreach(j_value, index, j_element) {
if (!json_is_string(j_element) || !json_string_length(j_element)) {
has_invalid_value = 1;
} else if (0 == o_strcmp(str_value, json_string_value(j_element))) {
has_claim = 1;
}
}
if (!has_claim || has_invalid_value) {
ret = RHN_ERROR_PARAM;
}
} else {
ret = RHN_ERROR_PARAM;
}
json_decref(j_value);
j_value = NULL;
} else {
ret = RHN_ERROR_PARAM;
}
} else {
if ((j_value = r_jwt_get_claim_json_t_value(jwt, "amr")) != NULL) {
if (json_is_array(j_value)) {
has_invalid_value = 0;
json_array_foreach(j_value, index, j_element) {
if (!json_is_string(j_element) || !json_string_length(j_element)) {
has_invalid_value = 1;
}
}
if (has_invalid_value) {
ret = RHN_ERROR_PARAM;
}
} else if (!json_is_string(j_value) || !json_string_length(j_value)) {
ret = RHN_ERROR_PARAM;
}
json_decref(j_value);
j_value = NULL;
} else {
ret = RHN_ERROR_PARAM;
}
}
break;
default:
ret = RHN_ERROR_PARAM;
break;
Expand Down Expand Up @@ -1985,6 +2072,26 @@ int r_jwt_set_claims(jwt_t * jwt, ...) {
ret = RHN_ERROR_PARAM;
}
break;
case R_JWT_CLAIM_AMR:
str_value = va_arg(vl, const char *);
if (!o_strnullempty(str_value)) {
if ((j_value = r_jwt_get_claim_json_t_value(jwt, "amr")) == NULL) {
j_value = json_pack("[s]", str_value);
ret = r_jwt_set_claim_json_t_value(jwt, "amr", j_value);
} else {
if (json_is_array(j_value)) {
json_array_append_new(j_value, json_string(str_value));
ret = r_jwt_set_claim_json_t_value(jwt, "amr", j_value);
} else {
ret = RHN_ERROR_PARAM;
}
}
json_decref(j_value);
j_value = NULL;
} else {
ret = RHN_ERROR_PARAM;
}
break;
default:
ret = RHN_ERROR_PARAM;
break;
Expand Down

0 comments on commit 84cebbd

Please sign in to comment.