From 269455efb3827c9700f85715113b1757508b9767 Mon Sep 17 00:00:00 2001 From: Daniel-Constantin Mierla Date: Wed, 23 Nov 2022 10:32:40 +0100 Subject: [PATCH] jwt: renamed parameter to indicate is a path to file --- src/modules/jwt/jwt_mod.c | 76 ++++++++++++++++++++++++--------------- 1 file changed, 48 insertions(+), 28 deletions(-) diff --git a/src/modules/jwt/jwt_mod.c b/src/modules/jwt/jwt_mod.c index d533b88a152..0afedd237c0 100644 --- a/src/modules/jwt/jwt_mod.c +++ b/src/modules/jwt/jwt_mod.c @@ -44,7 +44,7 @@ static void mod_destroy(void); static int w_jwt_generate_4(sip_msg_t* msg, char* pkey, char* palg, char* pclaims, char* pheaders); static int w_jwt_generate_3(sip_msg_t* msg, char* pkey, char* palg, char* pclaims); -static int w_jwt_verify(sip_msg_t* msg, char* pkey, char* palg, char* pclaims, +static int w_jwt_verify(sip_msg_t* msg, char* pkeypath, char* palg, char* pclaims, char *pjwtval); static int _jwt_key_mode = 0; @@ -418,16 +418,13 @@ static int w_jwt_generate_4(sip_msg_t* msg, char* pkey, char* palg, char* pclaim /** * */ -static int ki_jwt_verify(sip_msg_t* msg, str *key, str *alg, str *claims, +static int ki_jwt_verify_key(sip_msg_t* msg, str *key, str *alg, str *claims, str *jwtval) { str dupclaims = STR_NULL; jwt_alg_t valg = JWT_ALG_NONE; str kdata = STR_NULL; time_t iat; - FILE *fpk = NULL; - unsigned char keybuf[10240]; - size_t keybuf_len = 0; param_t* params_list = NULL; param_hooks_t phooks; param_t *pit = NULL; @@ -446,6 +443,8 @@ static int ki_jwt_verify(sip_msg_t* msg, str *key, str *alg, str *claims, _jwt_verify_status = 0; + kdata = *key; + trim(&kdata); valg = jwt_str_alg(alg->s); if (valg == JWT_ALG_INVAL) { LM_ERR("not supported algorithm: %s\n", alg->s); @@ -455,25 +454,6 @@ static int ki_jwt_verify(sip_msg_t* msg, str *key, str *alg, str *claims, LM_ERR("failed to duplicate claims\n"); return -1; } - jwt_fcache_get(key, &kdata); - if(kdata.s==NULL) { - fpk= fopen(key->s, "r"); - if(fpk==NULL) { - LM_ERR("failed to read key file: %s\n", key->s); - goto error; - } - keybuf_len = fread(keybuf, 1, sizeof(keybuf), fpk); - fclose(fpk); - if(keybuf_len==0) { - LM_ERR("unable to read key file content: %s\n", key->s); - goto error; - } - kdata.s = (char*)keybuf; - kdata.len = (int)keybuf_len; - trim(&kdata); - kdata.s[keybuf_len] = '\0'; - jwt_fcache_add(key, &kdata); - } sparams = dupclaims; if(sparams.s[sparams.len-1]==';') { sparams.len--; @@ -548,15 +528,55 @@ static int ki_jwt_verify(sip_msg_t* msg, str *key, str *alg, str *claims, /** * */ -static int w_jwt_verify(sip_msg_t* msg, char* pkey, char* palg, char* pclaims, +static int ki_jwt_verify(sip_msg_t* msg, str *keypath, str *alg, str *claims, + str *jwtval) +{ + str kdata = STR_NULL; + FILE *fpk = NULL; + unsigned char keybuf[10240]; + size_t keybuf_len = 0; + + if(keypath==NULL || keypath->s==NULL || alg==NULL || alg->s==NULL + || claims==NULL || claims->s==NULL || claims->len<=0 + || jwtval==NULL || jwtval->s==NULL || jwtval->len<=0) { + LM_ERR("invalid parameters\n"); + return -1; + } + + jwt_fcache_get(keypath, &kdata); + if(kdata.s==NULL) { + fpk= fopen(keypath->s, "r"); + if(fpk==NULL) { + LM_ERR("failed to read key file: %s\n", keypath->s); + return -1; + } + keybuf_len = fread(keybuf, 1, sizeof(keybuf), fpk); + fclose(fpk); + if(keybuf_len==0) { + LM_ERR("unable to read key file content: %s\n", keypath->s); + return -1; + } + kdata.s = (char*)keybuf; + kdata.len = (int)keybuf_len; + trim(&kdata); + kdata.s[keybuf_len] = '\0'; + jwt_fcache_add(keypath, &kdata); + } + return ki_jwt_verify_key(msg, &kdata, alg, claims, jwtval); +} + +/** + * + */ +static int w_jwt_verify(sip_msg_t* msg, char* pkeypath, char* palg, char* pclaims, char *pjwtval) { - str skey = STR_NULL; + str skeypath = STR_NULL; str salg = STR_NULL; str sclaims = STR_NULL; str sjwtval = STR_NULL; - if (fixup_get_svalue(msg, (gparam_t*)pkey, &skey) != 0) { + if (fixup_get_svalue(msg, (gparam_t*)pkeypath, &skeypath) != 0) { LM_ERR("cannot get path to the key file\n"); return -1; } @@ -573,7 +593,7 @@ static int w_jwt_verify(sip_msg_t* msg, char* pkey, char* palg, char* pclaims, return -1; } - return ki_jwt_verify(msg, &skey, &salg, &sclaims, &sjwtval); + return ki_jwt_verify(msg, &skeypath, &salg, &sclaims, &sjwtval); } /**