MINOR: jwt: JWT tokenizing helper function

This helper function splits a JWT under Compact Serialization format
(dot-separated base64-url encoded strings) into its different sub
strings. Since we do not want to manage more than JWS for now, which can
only have at most three subparts, any JWT that has strictly more than
two dots is considered invalid.

diff --git a/include/haproxy/jwt-t.h b/include/haproxy/jwt-t.h
index ecd05f509e7ebe681369713b6d1588999236f0a7..6ac68b166e6e6a94bd89899c5c986bcb794b267c 100644 (file)
--- a/include/haproxy/jwt-t.h
+++ b/include/haproxy/jwt-t.h
@@ -40,6 +40,27 @@ enum jwt_alg {
        JWS_ALG_PS384,
        JWS_ALG_PS512,
 };
+
+struct jwt_item {
+       char *start;
+       size_t length;
+};
+
+struct jwt_ctx {
+       enum jwt_alg alg;
+       struct jwt_item jose;
+       struct jwt_item claims;
+       struct jwt_item signature;
+       char *key;
+       unsigned int key_length;
+};
+
+enum jwt_elt {
+       JWT_ELT_JOSE = 0,
+       JWT_ELT_CLAIMS,
+       JWT_ELT_SIG,
+       JWT_ELT_MAX
+};
 #endif /* USE_OPENSSL */
 
 

diff --git a/include/haproxy/jwt.h b/include/haproxy/jwt.h
index e1abdb5e5c9192ac103ae4a1adb2a34169cc39fb..b24cc28cf7770940ea29a054dde35bef1074260c 100644 (file)
--- a/include/haproxy/jwt.h
+++ b/include/haproxy/jwt.h
@@ -27,6 +27,7 @@
 
 #ifdef USE_OPENSSL
 enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len);
+int jwt_tokenize(const struct buffer *jwt, struct jwt_item *items, unsigned int *item_num);
 #endif /* USE_OPENSSL */
 
 #endif /* _HAPROXY_JWT_H */

diff --git a/src/jwt.c b/src/jwt.c
index 3d75368523c71d44ce4de9f7e2e7e69bf7377ad6..9f39a89fe8dc19691b4c65161ebacf7228606254 100644 (file)
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -77,4 +77,47 @@ enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len)
 
        return alg;
 }
+
+
+/*
+ * Split a JWT into its separate dot-separated parts.
+ * Since only JWS following the Compact Serialization format are managed for
+ * now, we don't need to manage more than three subparts in the tokens.
+ * See section 3.1 of RFC7515 for more information about JWS Compact
+ * Serialization.
+ * Returns 0 in case of success.
+ */
+int jwt_tokenize(const struct buffer *jwt, struct jwt_item *items, unsigned int *item_num)
+{
+       char *ptr = jwt->area;
+       char *jwt_end = jwt->area + jwt->data;
+       unsigned int index = 0;
+       unsigned int length = 0;
+
+       if (index < *item_num) {
+               items[index].start = ptr;
+               items[index].length = 0;
+       }
+
+       while (index < *item_num && ptr < jwt_end) {
+               if (*ptr++ == '.') {
+                       items[index++].length = length;
+
+                       if (index == *item_num)
+                               return -1;
+                       items[index].start = ptr;
+                       items[index].length = 0;
+                       length = 0;
+               } else
+                       ++length;
+       }
+
+       if (index < *item_num)
+               items[index].length = length;
+
+       *item_num = (index+1);
+
+       return (ptr != jwt_end);
+}
+
 #endif /* USE_OPENSSL */