From: Remi Tricot-Le Breton Date: Fri, 1 Oct 2021 13:36:55 +0000 (+0200) Subject: MINOR: jwt: JWT tokenizing helper function X-Git-Tag: v2.5-dev10~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0d3c0008690b9fa076172d8c31bf0e1d383cd55;p=thirdparty%2Fhaproxy.git MINOR: jwt: JWT tokenizing helper function This helper function splits a JWT under Compact Serialization format (dot-separated base64-url encoded strings) into its different sub strings. Since we do not want to manage more than JWS for now, which can only have at most three subparts, any JWT that has strictly more than two dots is considered invalid. --- diff --git a/include/haproxy/jwt-t.h b/include/haproxy/jwt-t.h index ecd05f509e..6ac68b166e 100644 --- a/include/haproxy/jwt-t.h +++ b/include/haproxy/jwt-t.h @@ -40,6 +40,27 @@ enum jwt_alg { JWS_ALG_PS384, JWS_ALG_PS512, }; + +struct jwt_item { + char *start; + size_t length; +}; + +struct jwt_ctx { + enum jwt_alg alg; + struct jwt_item jose; + struct jwt_item claims; + struct jwt_item signature; + char *key; + unsigned int key_length; +}; + +enum jwt_elt { + JWT_ELT_JOSE = 0, + JWT_ELT_CLAIMS, + JWT_ELT_SIG, + JWT_ELT_MAX +}; #endif /* USE_OPENSSL */ diff --git a/include/haproxy/jwt.h b/include/haproxy/jwt.h index e1abdb5e5c..b24cc28cf7 100644 --- a/include/haproxy/jwt.h +++ b/include/haproxy/jwt.h @@ -27,6 +27,7 @@ #ifdef USE_OPENSSL enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len); +int jwt_tokenize(const struct buffer *jwt, struct jwt_item *items, unsigned int *item_num); #endif /* USE_OPENSSL */ #endif /* _HAPROXY_JWT_H */ diff --git a/src/jwt.c b/src/jwt.c index 3d75368523..9f39a89fe8 100644 --- a/src/jwt.c +++ b/src/jwt.c @@ -77,4 +77,47 @@ enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len) return alg; } + + +/* + * Split a JWT into its separate dot-separated parts. + * Since only JWS following the Compact Serialization format are managed for + * now, we don't need to manage more than three subparts in the tokens. + * See section 3.1 of RFC7515 for more information about JWS Compact + * Serialization. + * Returns 0 in case of success. + */ +int jwt_tokenize(const struct buffer *jwt, struct jwt_item *items, unsigned int *item_num) +{ + char *ptr = jwt->area; + char *jwt_end = jwt->area + jwt->data; + unsigned int index = 0; + unsigned int length = 0; + + if (index < *item_num) { + items[index].start = ptr; + items[index].length = 0; + } + + while (index < *item_num && ptr < jwt_end) { + if (*ptr++ == '.') { + items[index++].length = length; + + if (index == *item_num) + return -1; + items[index].start = ptr; + items[index].length = 0; + length = 0; + } else + ++length; + } + + if (index < *item_num) + items[index].length = length; + + *item_num = (index+1); + + return (ptr != jwt_end); +} + #endif /* USE_OPENSSL */