mjwt/verifier.go

package mjwt

import (
	"crypto/rsa"
	"errors"
	"github.com/1f349/rsa-helper/rsapublic"
	"github.com/golang-jwt/jwt/v4"
)

var ErrNoPublicKeyFound = errors.New("no public key found")
var ErrKIDInvalid = errors.New("kid invalid")
var ErrVerifierNil = errors.New("verifier nil")

// defaultMJwtVerifier implements Verifier and uses a rsa.PublicKey to validate
// MJWT tokens
type defaultMJwtVerifier struct {
	pub    *rsa.PublicKey
	kStore KeyStore
}

var _ Verifier = &defaultMJwtVerifier{}

// NewMJwtVerifier creates a new defaultMJwtVerifier using the rsa.PublicKey
func NewMJwtVerifier(key *rsa.PublicKey) Verifier {
	return NewMJwtVerifierWithKeyStore(key, NewMJwtKeyStore())
}

// NewMJwtVerifierWithKeyStore creates a new defaultMJwtVerifier using a rsa.PublicKey as the non kID key
// and a KeyStore for kID based keys
func NewMJwtVerifierWithKeyStore(defaultKey *rsa.PublicKey, kStore KeyStore) Verifier {
	return &defaultMJwtVerifier{pub: defaultKey, kStore: kStore}
}

// NewMJwtVerifierFromFile creates a new defaultMJwtVerifier using the path of a
// rsa.PublicKey file
func NewMJwtVerifierFromFile(file string) (Verifier, error) {
	return NewMJwtVerifierFromFileAndDirectory(file, "", "", "")
}

// NewMJwtVerifierFromDirectory creates a new defaultMJwtVerifier using the path of a directory to
// load the keys into a KeyStore; there is no default rsa.PublicKey
func NewMJwtVerifierFromDirectory(directory, prvExt, pubExt string) (Verifier, error) {
	return NewMJwtVerifierFromFileAndDirectory("", directory, prvExt, pubExt)
}

// NewMJwtVerifierFromFileAndDirectory creates a new defaultMJwtVerifier using the path of a rsa.PublicKey
// file as the non kID key and the path of a directory to load the keys into a KeyStore
func NewMJwtVerifierFromFileAndDirectory(file, directory, prvExt, pubExt string) (Verifier, error) {
	var err error

	// read key
	var pub *rsa.PublicKey = nil
	if file != "" {
		pub, err = rsapublic.Read(file)
		if err != nil {
			return nil, err
		}
	}

	// read KeyStore
	var kStore KeyStore = nil
	if directory != "" {
		kStore, err = NewMJwtKeyStoreFromDirectory(directory, prvExt, pubExt)
		if err != nil {
			return nil, err
		}
	}

	return NewMJwtVerifierWithKeyStore(pub, kStore), nil
}

// VerifyJwt validates and parses MJWT tokens and returns the claims
func (d *defaultMJwtVerifier) VerifyJwt(token string, claims baseTypeClaim) (*jwt.Token, error) {
	if d == nil {
		return nil, ErrVerifierNil
	}
	withClaims, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
		kIDI, exs := token.Header["kid"]
		if exs {
			kID, ok := kIDI.(string)
			if ok {
				key := d.kStore.GetKeyPublic(kID)
				if key == nil {
					return nil, ErrNoPublicKeyFound
				} else {
					return key, nil
				}
			} else {
				return nil, ErrKIDInvalid
			}
		}
		if d.pub == nil {
			return nil, ErrNoPublicKeyFound
		}
		return d.pub, nil
	})
	if err != nil {
		return nil, err
	}
	return withClaims, claims.Valid()
}

func (d *defaultMJwtVerifier) PublicKey() *rsa.PublicKey {
	if d == nil {
		return nil
	}
	return d.pub
}

func (d *defaultMJwtVerifier) PublicKeyOf(kID string) *rsa.PublicKey {
	if d == nil {
		return nil
	}
	return d.kStore.GetKeyPublic(kID)
}

func (d *defaultMJwtVerifier) GetKeyStore() KeyStore {
	if d == nil {
		return nil
	}
	return d.kStore
}
First commit 2022-12-04 13:42:35 +00:00			`package mjwt`

			`import (`
			`"crypto/rsa"`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`"errors"`
Upgrade to using github.com/1f349/rsa-helper Add key_store implementation. 2024-06-08 15:02:49 +01:00			`"github.com/1f349/rsa-helper/rsapublic"`
First commit 2022-12-04 13:42:35 +00:00			`"github.com/golang-jwt/jwt/v4"`
			`)`

Finish up tests (mjwt_test). Fix MJwt func naming. Move seperate errors.New to a global var 2024-06-09 19:31:12 +01:00			`var ErrNoPublicKeyFound = errors.New("no public key found")`
			`var ErrKIDInvalid = errors.New("kid invalid")`
			`var ErrVerifierNil = errors.New("verifier nil")`

Add test for NewMJwtVerifierFromFile 2023-06-19 11:40:28 +01:00			`// defaultMJwtVerifier implements Verifier and uses a rsa.PublicKey to validate`
Add comments to all of this 2023-06-18 18:09:49 +01:00			`// MJWT tokens`
First commit 2022-12-04 13:42:35 +00:00			`type defaultMJwtVerifier struct {`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`pub *rsa.PublicKey`
			`kStore KeyStore`
First commit 2022-12-04 13:42:35 +00:00			`}`

Thunder and lightning caused a powercut just committing my progress before continuing 2023-06-18 13:03:41 +01:00			`var _ Verifier = &defaultMJwtVerifier{}`
First commit 2022-12-04 13:42:35 +00:00
Add comments to all of this 2023-06-18 18:09:49 +01:00			`// NewMJwtVerifier creates a new defaultMJwtVerifier using the rsa.PublicKey`
Thunder and lightning caused a powercut just committing my progress before continuing 2023-06-18 13:03:41 +01:00			`func NewMJwtVerifier(key *rsa.PublicKey) Verifier {`
Finish up tests (mjwt_test). Fix MJwt func naming. Move seperate errors.New to a global var 2024-06-09 19:31:12 +01:00			`return NewMJwtVerifierWithKeyStore(key, NewMJwtKeyStore())`
First commit 2022-12-04 13:42:35 +00:00			`}`

Finish up tests (mjwt_test). Fix MJwt func naming. Move seperate errors.New to a global var 2024-06-09 19:31:12 +01:00			`// NewMJwtVerifierWithKeyStore creates a new defaultMJwtVerifier using a rsa.PublicKey as the non kID key`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`// and a KeyStore for kID based keys`
Finish up tests (mjwt_test). Fix MJwt func naming. Move seperate errors.New to a global var 2024-06-09 19:31:12 +01:00			`func NewMJwtVerifierWithKeyStore(defaultKey *rsa.PublicKey, kStore KeyStore) Verifier {`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`return &defaultMJwtVerifier{pub: defaultKey, kStore: kStore}`
First commit 2022-12-04 13:42:35 +00:00			`}`

Add comments to all of this 2023-06-18 18:09:49 +01:00			`// NewMJwtVerifierFromFile creates a new defaultMJwtVerifier using the path of a`
			`// rsa.PublicKey file`
Thunder and lightning caused a powercut just committing my progress before continuing 2023-06-18 13:03:41 +01:00			`func NewMJwtVerifierFromFile(file string) (Verifier, error) {`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`return NewMJwtVerifierFromFileAndDirectory(file, "", "", "")`
			`}`

			`// NewMJwtVerifierFromDirectory creates a new defaultMJwtVerifier using the path of a directory to`
			`// load the keys into a KeyStore; there is no default rsa.PublicKey`
			`func NewMJwtVerifierFromDirectory(directory, prvExt, pubExt string) (Verifier, error) {`
			`return NewMJwtVerifierFromFileAndDirectory("", directory, prvExt, pubExt)`
			`}`

			`// NewMJwtVerifierFromFileAndDirectory creates a new defaultMJwtVerifier using the path of a rsa.PublicKey`
			`// file as the non kID key and the path of a directory to load the keys into a KeyStore`
			`func NewMJwtVerifierFromFileAndDirectory(file, directory, prvExt, pubExt string) (Verifier, error) {`
			`var err error`

Upgrade to using github.com/1f349/rsa-helper Add key_store implementation. 2024-06-08 15:02:49 +01:00			`// read key`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`var pub *rsa.PublicKey = nil`
			`if file != "" {`
			`pub, err = rsapublic.Read(file)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

			`// read KeyStore`
			`var kStore KeyStore = nil`
			`if directory != "" {`
			`kStore, err = NewMJwtKeyStoreFromDirectory(directory, prvExt, pubExt)`
			`if err != nil {`
			`return nil, err`
			`}`
First commit 2022-12-04 13:42:35 +00:00			`}`

Finish up tests (mjwt_test). Fix MJwt func naming. Move seperate errors.New to a global var 2024-06-09 19:31:12 +01:00			`return NewMJwtVerifierWithKeyStore(pub, kStore), nil`
Add SignJwt to Provider 2022-12-09 13:22:10 +00:00			`}`

Add comments to all of this 2023-06-18 18:09:49 +01:00			`// VerifyJwt validates and parses MJWT tokens and returns the claims`
First commit 2022-12-04 13:42:35 +00:00			`func (d defaultMJwtVerifier) VerifyJwt(token string, claims baseTypeClaim) (jwt.Token, error) {`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`if d == nil {`
Finish up tests (mjwt_test). Fix MJwt func naming. Move seperate errors.New to a global var 2024-06-09 19:31:12 +01:00			`return nil, ErrVerifierNil`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`}`
First commit 2022-12-04 13:42:35 +00:00			`withClaims, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`kIDI, exs := token.Header["kid"]`
			`if exs {`
			`kID, ok := kIDI.(string)`
			`if ok {`
			`key := d.kStore.GetKeyPublic(kID)`
			`if key == nil {`
Finish up tests (mjwt_test). Fix MJwt func naming. Move seperate errors.New to a global var 2024-06-09 19:31:12 +01:00			`return nil, ErrNoPublicKeyFound`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`} else {`
			`return key, nil`
			`}`
			`} else {`
Finish up tests (mjwt_test). Fix MJwt func naming. Move seperate errors.New to a global var 2024-06-09 19:31:12 +01:00			`return nil, ErrKIDInvalid`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`}`
			`}`
			`if d.pub == nil {`
Finish up tests (mjwt_test). Fix MJwt func naming. Move seperate errors.New to a global var 2024-06-09 19:31:12 +01:00			`return nil, ErrNoPublicKeyFound`
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`}`
First commit 2022-12-04 13:42:35 +00:00			`return d.pub, nil`
			`})`
			`if err != nil {`
			`return nil, err`
			`}`
			`return withClaims, claims.Valid()`
			`}`
Allow access to public and private keys 2023-10-25 17:37:55 +01:00
Fix key_store tests Add key_store support to signer and verifier 2024-06-09 16:49:57 +01:00			`func (d defaultMJwtVerifier) PublicKey() rsa.PublicKey {`
			`if d == nil {`
			`return nil`
			`}`
			`return d.pub`
			`}`

			`func (d defaultMJwtVerifier) PublicKeyOf(kID string) rsa.PublicKey {`
			`if d == nil {`
			`return nil`
			`}`
			`return d.kStore.GetKeyPublic(kID)`
			`}`

			`func (d *defaultMJwtVerifier) GetKeyStore() KeyStore {`
			`if d == nil {`
			`return nil`
			`}`
			`return d.kStore`
			`}`