forked from SermoDigital/jose
-
Notifications
You must be signed in to change notification settings - Fork 0
/
eq.go
47 lines (43 loc) · 1.01 KB
/
eq.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package jwt
func verifyPrincipals(pcpls, auds []string) bool {
// "Each principal intended to process the JWT MUST
// identify itself with a value in the audience claim."
// - https://tools.ietf.org/html/rfc7519#section-4.1.3
found := -1
for i, p := range pcpls {
for _, v := range auds {
if p == v {
found++
break
}
}
if found != i {
return false
}
}
return true
}
// ValidAudience returns true iff:
// - a and b are strings and a == b
// - a is string, b is []string and a is in b
// - a is []string, b is []string and all of a is in b
// - a is []string, b is string and len(a) == 1 and a[0] == b
func ValidAudience(a, b interface{}) bool {
s1, ok := a.(string)
if ok {
if s2, ok := b.(string); ok {
return s1 == s2
}
a2, ok := b.([]string)
return ok && verifyPrincipals([]string{s1}, a2)
}
a1, ok := a.([]string)
if !ok {
return false
}
if a2, ok := b.([]string); ok {
return verifyPrincipals(a1, a2)
}
s2, ok := b.(string)
return ok && len(a1) == 1 && a1[0] == s2
}