diff options
Diffstat (limited to 'server/resty/jwt.lua')
| -rw-r--r-- | server/resty/jwt.lua | 959 |
1 files changed, 959 insertions, 0 deletions
diff --git a/server/resty/jwt.lua b/server/resty/jwt.lua new file mode 100644 index 0000000..accba11 --- /dev/null +++ b/server/resty/jwt.lua @@ -0,0 +1,959 @@ +local cjson = require "cjson.safe" + +local evp = require "resty.evp" +local hmac = require "resty.hmac" +local resty_random = require "resty.random" +local cipher = require "resty.openssl.cipher" + +local _M = { _VERSION = "0.2.3" } + +local mt = { + __index = _M +} + +local string_rep = string.rep +local string_format = string.format +local string_sub = string.sub +local string_char = string.char +local table_concat = table.concat +local ngx_encode_base64 = ngx.encode_base64 +local ngx_decode_base64 = ngx.decode_base64 +local cjson_encode = cjson.encode +local cjson_decode = cjson.decode +local tostring = tostring +local error = error +local ipairs = ipairs +local type = type +local pcall = pcall +local assert = assert +local setmetatable = setmetatable +local pairs = pairs + +-- define string constants to avoid string garbage collection +local str_const = { + invalid_jwt= "invalid jwt string", + regex_join_msg = "%s.%s", + regex_join_delim = "([^%s]+)", + regex_split_dot = "%.", + regex_jwt_join_str = "%s.%s.%s", + raw_underscore = "raw_", + dash = "-", + empty = "", + dotdot = "..", + table = "table", + plus = "+", + equal = "=", + underscore = "_", + slash = "/", + header = "header", + typ = "typ", + JWT = "JWT", + JWE = "JWE", + payload = "payload", + signature = "signature", + encrypted_key = "encrypted_key", + alg = "alg", + enc = "enc", + kid = "kid", + exp = "exp", + nbf = "nbf", + iss = "iss", + full_obj = "__jwt", + x5c = "x5c", + x5u = 'x5u', + HS256 = "HS256", + HS512 = "HS512", + RS256 = "RS256", + ES256 = "ES256", + ES512 = "ES512", + RS512 = "RS512", + A128CBC_HS256 = "A128CBC-HS256", + A128CBC_HS256_CIPHER_MODE = "aes-128-cbc", + A256CBC_HS512 = "A256CBC-HS512", + A256CBC_HS512_CIPHER_MODE = "aes-256-cbc", + A256GCM = "A256GCM", + A256GCM_CIPHER_MODE = "aes-256-gcm", + RSA_OAEP_256 = "RSA-OAEP-256", + DIR = "dir", + reason = "reason", + verified = "verified", + number = "number", + string = "string", + funct = "function", + boolean = "boolean", + valid = "valid", + valid_issuers = "valid_issuers", + lifetime_grace_period = "lifetime_grace_period", + require_nbf_claim = "require_nbf_claim", + require_exp_claim = "require_exp_claim", + internal_error = "internal error", + everything_awesome = "everything is awesome~ :p" +} + +-- @function split string +local function split_string(str, delim) + local result = {} + local sep = string_format(str_const.regex_join_delim, delim) + for m in str:gmatch(sep) do + result[#result+1]=m + end + return result +end + +-- @function is nil or boolean +-- @return true if param is nil or true or false; false otherwise +local function is_nil_or_boolean(arg_value) + if arg_value == nil then + return true + end + + if type(arg_value) ~= str_const.boolean then + return false + end + + return true +end + +--@function get the raw part +--@param part_name +--@param jwt_obj +local function get_raw_part(part_name, jwt_obj) + local raw_part = jwt_obj[str_const.raw_underscore .. part_name] + if raw_part == nil then + local part = jwt_obj[part_name] + if part == nil then + error({reason="missing part " .. part_name}) + end + raw_part = _M:jwt_encode(part) + end + return raw_part +end + + +--@function decrypt payload +--@param secret_key to decrypt the payload +--@param encrypted payload +--@param encryption algorithm +--@param iv which was generated while encrypting the payload +--@param aad additional authenticated data (used when gcm mode is used) +--@param auth_tag authenticated tag (used when gcm mode is used) +--@return decrypted payloaf +local function decrypt_payload(secret_key, encrypted_payload, enc, iv_in, aad, auth_tag ) + local decrypted_payload, err + if enc == str_const.A128CBC_HS256 then + local aes_128_cbs_cipher = assert(cipher.new(str_const.A128CBC_HS256_CIPHER_MODE)) + decrypted_payload, err= aes_128_cbs_cipher:decrypt(secret_key, iv_in, encrypted_payload) + elseif enc == str_const.A256CBC_HS512 then + local aes_256_cbs_cipher = assert(cipher.new(str_const.A256CBC_HS512_CIPHER_MODE)) + decrypted_payload, err = aes_256_cbs_cipher:decrypt(secret_key, iv_in, encrypted_payload) + elseif enc == str_const.A256GCM then + local aes_256_gcm_cipher = assert(cipher.new(str_const.A256GCM_CIPHER_MODE)) + decrypted_payload, err = aes_256_gcm_cipher:decrypt(secret_key, iv_in, encrypted_payload, false, aad, auth_tag) + else + return nil, "unsupported enc: " .. enc + end + if not decrypted_payload or err then + return nil, err + end + return decrypted_payload +end + +-- @function encrypt payload using given secret +-- @param secret_key secret key to encrypt +-- @param message data to be encrypted. It could be lua table or string +-- @param enc algorithm to use for encryption +-- @param aad additional authenticated data (used when gcm mode is used) +local function encrypt_payload(secret_key, message, enc, aad ) + + if enc == str_const.A128CBC_HS256 then + local iv_rand = resty_random.bytes(16,true) + local aes_128_cbs_cipher = assert(cipher.new(str_const.A128CBC_HS256_CIPHER_MODE)) + local encrypted = aes_128_cbs_cipher:encrypt(secret_key, iv_rand, message) + return encrypted, iv_rand + + elseif enc == str_const.A256CBC_HS512 then + local iv_rand = resty_random.bytes(16,true) + local aes_256_cbs_cipher = assert(cipher.new(str_const.A256CBC_HS512_CIPHER_MODE)) + local encrypted = aes_256_cbs_cipher:encrypt(secret_key, iv_rand, message) + return encrypted, iv_rand + + elseif enc == str_const.A256GCM then + local iv_rand = resty_random.bytes(12,true) -- 96 bit IV is recommended for efficiency + local aes_256_gcm_cipher = assert(cipher.new(str_const.A256GCM_CIPHER_MODE)) + local encrypted = aes_256_gcm_cipher:encrypt(secret_key, iv_rand, message, false, aad) + local auth_tag = assert(aes_256_gcm_cipher:get_aead_tag()) + return encrypted, iv_rand, auth_tag + + else + return nil, nil , nil, "unsupported enc: " .. enc + end +end + +--@function hmac_digest : generate hmac digest based on key for input message +--@param mac_key +--@param input message +--@return hmac digest +local function hmac_digest(enc, mac_key, message) + if enc == str_const.A128CBC_HS256 then + return hmac:new(mac_key, hmac.ALGOS.SHA256):final(message) + elseif enc == str_const.A256CBC_HS512 then + return hmac:new(mac_key, hmac.ALGOS.SHA512):final(message) + else + error({reason="unsupported enc: " .. enc}) + end +end + +--@function dervice keys: it generates key if null based on encryption algorithm +--@param encryption type +--@param secret key +--@return secret key, mac key and encryption key +local function derive_keys(enc, secret_key) + local mac_key_len, enc_key_len = 16, 16 + + if enc == str_const.A256GCM then + mac_key_len, enc_key_len = 0, 32 -- we need 256 bit key + elseif enc == str_const.A128CBC_HS256 then + mac_key_len, enc_key_len = 16, 16 + elseif enc == str_const.A256CBC_HS512 then + mac_key_len, enc_key_len = 32, 32 + else + error({reason="unsupported payload encryption algorithm :" .. enc}) + end + + local secret_key_len = mac_key_len + enc_key_len + + if not secret_key then + secret_key = resty_random.bytes(secret_key_len, true) + end + + if #secret_key ~= secret_key_len then + error({reason="invalid pre-shared key"}) + end + + local mac_key = string_sub(secret_key, 1, mac_key_len) + local enc_key = string_sub(secret_key, mac_key_len + 1) + return secret_key, mac_key, enc_key +end + +local function get_payload_encoder(self) + return self.payload_encoder or cjson_encode +end + +local function get_payload_decoder(self) + return self.payload_decoder or cjson_decode +end + +--@function parse_jwe +--@param pre-shared key +--@encoded-header +local function parse_jwe(self, preshared_key, encoded_header, encoded_encrypted_key, encoded_iv, encoded_cipher_text, encoded_auth_tag) + + + local header = _M:jwt_decode(encoded_header, true) + if not header then + error({reason="invalid header: " .. encoded_header}) + end + + local alg = header.alg + if alg ~= str_const.DIR and alg ~= str_const.RSA_OAEP_256 then + error({reason="invalid algorithm: " .. alg}) + end + + local key, enc_key + if alg == str_const.DIR then + if not preshared_key then + error({reason="preshared key must not be null"}) + end + key, _, enc_key = derive_keys(header.enc, preshared_key) + elseif alg == str_const.RSA_OAEP_256 then + if not preshared_key then + error({reason="rsa private key must not be null"}) + end + local rsa_decryptor, err = evp.RSADecryptor:new(preshared_key, nil, evp.CONST.RSA_PKCS1_OAEP_PADDING, evp.CONST.SHA256_DIGEST) + if err then + error({reason="failed to create rsa object: ".. err}) + end + local secret_key, err = rsa_decryptor:decrypt(_M:jwt_decode(encoded_encrypted_key)) + if err or not secret_key then + error({reason="failed to decrypt key: " .. err}) + end + key, _, enc_key = derive_keys(header.enc, secret_key) + end + + local cipher_text = _M:jwt_decode(encoded_cipher_text) + local iv = _M:jwt_decode(encoded_iv) + local signature_or_tag = _M:jwt_decode(encoded_auth_tag) + local basic_jwe = { + internal = { + encoded_header = encoded_header, + cipher_text = cipher_text, + key = key, + iv = iv + }, + header = header, + signature = signature_or_tag + } + + local payload, err = decrypt_payload(enc_key, cipher_text, header.enc, iv, encoded_header, signature_or_tag) + if err then + error({reason="failed to decrypt payload: " .. err}) + + else + basic_jwe.payload = get_payload_decoder(self)(payload) + basic_jwe.internal.json_payload=payload + end + return basic_jwe +end + +-- @function parse_jwt +-- @param encoded header +-- @param encoded +-- @param signature +-- @return jwt table +local function parse_jwt(encoded_header, encoded_payload, signature) + local header = _M:jwt_decode(encoded_header, true) + if not header then + error({reason="invalid header: " .. encoded_header}) + end + + local payload = _M:jwt_decode(encoded_payload, true) + if not payload then + error({reason="invalid payload: " .. encoded_payload}) + end + + local basic_jwt = { + raw_header=encoded_header, + raw_payload=encoded_payload, + header=header, + payload=payload, + signature=signature + } + return basic_jwt + +end + +-- @function parse token - this can be JWE or JWT token +-- @param token string +-- @return jwt/jwe tables +local function parse(self, secret, token_str) + local tokens = split_string(token_str, str_const.regex_split_dot) + local num_tokens = #tokens + if num_tokens == 3 then + return parse_jwt(tokens[1], tokens[2], tokens[3]) + elseif num_tokens == 4 then + return parse_jwe(self, secret, tokens[1], nil, tokens[2], tokens[3], tokens[4]) + elseif num_tokens == 5 then + return parse_jwe(self, secret, tokens[1], tokens[2], tokens[3], tokens[4], tokens[5]) + else + error({reason=str_const.invalid_jwt}) + end +end + +--@function jwt encode : it converts into base64 encoded string. if input is a table, it convets into +-- json before converting to base64 string +--@param payloaf +--@return base64 encoded payloaf +function _M.jwt_encode(self, ori, is_payload) + if type(ori) == str_const.table then + ori = is_payload and get_payload_encoder(self)(ori) or cjson_encode(ori) + end + local res = ngx_encode_base64(ori):gsub(str_const.plus, str_const.dash):gsub(str_const.slash, str_const.underscore):gsub(str_const.equal, str_const.empty) + return res +end + + + +--@function jwt decode : decode bas64 encoded string +function _M.jwt_decode(self, b64_str, json_decode, is_payload) + b64_str = b64_str:gsub(str_const.dash, str_const.plus):gsub(str_const.underscore, str_const.slash) + + local reminder = #b64_str % 4 + if reminder > 0 then + b64_str = b64_str .. string_rep(str_const.equal, 4 - reminder) + end + local data = ngx_decode_base64(b64_str) + if not data then + return nil + end + if json_decode then + data = is_payload and get_payload_decoder(self)(data) or cjson_decode(data) + end + return data +end + +--- Initialize the trusted certs +-- During RS256 verify, we'll make sure the +-- cert was signed by one of these +function _M.set_trusted_certs_file(self, filename) + self.trusted_certs_file = filename +end +_M.trusted_certs_file = nil + +--- Set a whitelist of allowed algorithms +-- E.g., jwt:set_alg_whitelist({RS256=1,HS256=1}) +-- +-- @param algorithms - A table with keys for the supported algorithms +-- If the table is non-nil, during +-- verify, the alg must be in the table +function _M.set_alg_whitelist(self, algorithms) + self.alg_whitelist = algorithms +end + +_M.alg_whitelist = nil + + +--- Returns the list of default validations that will be +--- applied upon the verification of a jwt. +function _M.get_default_validation_options(self, jwt_obj) + return { + [str_const.require_exp_claim]=jwt_obj[str_const.payload].exp ~= nil, + [str_const.require_nbf_claim]=jwt_obj[str_const.payload].nbf ~= nil + } +end + +--- Set a function used to retrieve the content of x5u urls +-- +-- @param retriever_function - A pointer to a function. This function should be +-- defined to accept three string parameters. First one +-- will be the value of the 'x5u' attribute. Second +-- one will be the value of the 'iss' attribute, would +-- it be defined in the jwt. Third one will be the value +-- of the 'iss' attribute, would it be defined in the jwt. +-- This function should return the matching certificate. +function _M.set_x5u_content_retriever(self, retriever_function) + if type(retriever_function) ~= str_const.funct then + error("'retriever_function' is expected to be a function", 0) + end + self.x5u_content_retriever = retriever_function +end + +_M.x5u_content_retriever = nil + +-- https://tools.ietf.org/html/rfc7516#appendix-B.3 +-- TODO: do it in lua way +local function binlen(s) + if type(s) ~= 'string' then return end + + local len = 8 * #s + + return string_char(len / 0x0100000000000000 % 0x100) + .. string_char(len / 0x0001000000000000 % 0x100) + .. string_char(len / 0x0000010000000000 % 0x100) + .. string_char(len / 0x0000000100000000 % 0x100) + .. string_char(len / 0x0000000001000000 % 0x100) + .. string_char(len / 0x0000000000010000 % 0x100) + .. string_char(len / 0x0000000000000100 % 0x100) + .. string_char(len / 0x0000000000000001 % 0x100) +end + +--@function sign jwe payload +--@param secret key : if used pre-shared or RSA key +--@param jwe payload +--@return jwe token +local function sign_jwe(self, secret_key, jwt_obj) + local header = jwt_obj.header + local enc = header.enc + local alg = header.alg + + -- remove type + if header.typ then + header.typ = nil + end + + -- TODO: implement logic for creating enc key and mac key and then encrypt key + local key, encrypted_key, mac_key, enc_key + local encoded_header = _M:jwt_encode(header) + local payload_to_encrypt = get_payload_encoder(self)(jwt_obj.payload) + if alg == str_const.DIR then + _, mac_key, enc_key = derive_keys(enc, secret_key) + encrypted_key = "" + elseif alg == str_const.RSA_OAEP_256 then + local cert, err + if secret_key:find("CERTIFICATE") then + cert, err = evp.Cert:new(secret_key) + elseif secret_key:find("PUBLIC KEY") then + cert, err = evp.PublicKey:new(secret_key) + end + if not cert then + error({reason="Decode secret is not a valid cert/public key: " .. (err and err or secret_key)}) + end + local rsa_encryptor = evp.RSAEncryptor:new(cert, evp.CONST.RSA_PKCS1_OAEP_PADDING, evp.CONST.SHA256_DIGEST) + if err then + error("failed to create rsa object for encryption ".. err) + end + key, mac_key, enc_key = derive_keys(enc) + encrypted_key, err = rsa_encryptor:encrypt(key) + if err or not encrypted_key then + error({reason="failed to encrypt key " .. (err or "")}) + end + else + error({reason="unsupported alg: " .. alg}) + end + + local cipher_text, iv, auth_tag, err = encrypt_payload(enc_key, payload_to_encrypt, enc, encoded_header) + if err then + error({reason="error while encrypting payload. Error: " .. err}) + end + + if not auth_tag then + local encoded_header_length = binlen(encoded_header) + local mac_input = table_concat({encoded_header , iv, cipher_text , encoded_header_length}) + local mac = hmac_digest(enc, mac_key, mac_input) + auth_tag = string_sub(mac, 1, #mac/2) + end + + local jwe_table = {encoded_header, _M:jwt_encode(encrypted_key), _M:jwt_encode(iv), + _M:jwt_encode(cipher_text), _M:jwt_encode(auth_tag)} + return table_concat(jwe_table, ".", 1, 5) +end + +--@function get_secret_str : returns the secret if it is a string, or the result of a function +--@param either the string secret or a function that takes a string parameter and returns a string or nil +--@param jwt payload +--@return the secret as a string or as a function +local function get_secret_str(secret_or_function, jwt_obj) + if type(secret_or_function) == str_const.funct then + -- Only use with hmac algorithms + local alg = jwt_obj[str_const.header][str_const.alg] + if alg ~= str_const.HS256 and alg ~= str_const.HS512 then + error({reason="secret function can only be used with hmac alg: " .. alg}) + end + + -- Pull out the kid value from the header + local kid_val = jwt_obj[str_const.header][str_const.kid] + if kid_val == nil then + error({reason="secret function specified without kid in header"}) + end + + -- Call the function + return secret_or_function(kid_val) or error({reason="function returned nil for kid: " .. kid_val}) + elseif type(secret_or_function) == str_const.string then + -- Just return the string + return secret_or_function + else + -- Throw an error + error({reason="invalid secret type (must be string or function)"}) + end +end + +--@function sign : create a jwt/jwe signature from jwt_object +--@param secret key +--@param jwt/jwe payload +function _M.sign(self, secret_key, jwt_obj) + -- header typ check + local typ = jwt_obj[str_const.header][str_const.typ] + -- Optional header typ check [See http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-5.1] + if typ ~= nil then + if typ ~= str_const.JWT and typ ~= str_const.JWE then + error({reason="invalid typ: " .. typ}) + end + end + + if typ == str_const.JWE or jwt_obj.header.enc then + return sign_jwe(self, secret_key, jwt_obj) + end + -- header alg check + local raw_header = get_raw_part(str_const.header, jwt_obj) + local raw_payload = get_raw_part(str_const.payload, jwt_obj) + local message = string_format(str_const.regex_join_msg, raw_header, raw_payload) + local alg = jwt_obj[str_const.header][str_const.alg] + local signature = "" + if alg == str_const.HS256 then + local secret_str = get_secret_str(secret_key, jwt_obj) + signature = hmac:new(secret_str, hmac.ALGOS.SHA256):final(message) + elseif alg == str_const.HS512 then + local secret_str = get_secret_str(secret_key, jwt_obj) + signature = hmac:new(secret_str, hmac.ALGOS.SHA512):final(message) + elseif alg == str_const.RS256 or alg == str_const.RS512 then + local signer, err = evp.RSASigner:new(secret_key) + if not signer then + error({reason="signer error: " .. err}) + end + if alg == str_const.RS256 then + signature = signer:sign(message, evp.CONST.SHA256_DIGEST) + elseif alg == str_const.RS512 then + signature = signer:sign(message, evp.CONST.SHA512_DIGEST) + end + elseif alg == str_const.ES256 or alg == str_const.ES512 then + local signer, err = evp.ECSigner:new(secret_key) + if not signer then + error({reason="signer error: " .. err}) + end + -- OpenSSL will generate a DER encoded signature that needs to be converted + local der_signature = "" + if alg == str_const.ES256 then + der_signature = signer:sign(message, evp.CONST.SHA256_DIGEST) + elseif alg == str_const.ES512 then + der_signature = signer:sign(message, evp.CONST.SHA512_DIGEST) + end + -- Perform DER to RAW signature conversion + signature, err = signer:get_raw_sig(der_signature) + if not signature then + error({reason="signature error: " .. err}) + end + else + error({reason="unsupported alg: " .. alg}) + end + -- return full jwt string + return string_format(str_const.regex_join_msg, message , _M:jwt_encode(signature)) + +end + +--@function load jwt +--@param jwt string token +--@param secret +function _M.load_jwt(self, jwt_str, secret) + local success, ret = pcall(parse, self, secret, jwt_str) + if not success then + return { + valid=false, + verified=false, + reason=ret[str_const.reason] or str_const.invalid_jwt + } + end + + local jwt_obj = ret + jwt_obj[str_const.verified] = false + jwt_obj[str_const.valid] = true + return jwt_obj +end + +--@function verify jwe object +--@param jwt object +--@return jwt object with reason whether verified or not +local function verify_jwe_obj(jwt_obj) + + if jwt_obj[str_const.header][str_const.enc] ~= str_const.A256GCM then -- tag gets authenticated during decryption + local _, mac_key, _ = derive_keys(jwt_obj.header.enc, jwt_obj.internal.key) + local encoded_header = jwt_obj.internal.encoded_header + + local encoded_header_length = binlen(encoded_header) + local mac_input = table_concat({encoded_header , jwt_obj.internal.iv, jwt_obj.internal.cipher_text, + encoded_header_length}) + local mac = hmac_digest(jwt_obj.header.enc, mac_key, mac_input) + local auth_tag = string_sub(mac, 1, #mac/2) + + if auth_tag ~= jwt_obj.signature then + jwt_obj[str_const.reason] = "signature mismatch: " .. + tostring(jwt_obj[str_const.signature]) + end + end + + jwt_obj.internal = nil + jwt_obj.signature = nil + + if not jwt_obj[str_const.reason] then + jwt_obj[str_const.verified] = true + jwt_obj[str_const.reason] = str_const.everything_awesome + end + + return jwt_obj +end + +--@function extract certificate +--@param jwt object +--@return decoded certificate +local function extract_certificate(jwt_obj, x5u_content_retriever) + local x5c = jwt_obj[str_const.header][str_const.x5c] + if x5c ~= nil and x5c[1] ~= nil then + -- TODO Might want to add support for intermediaries that we + -- don't have in our trusted chain (items 2... if present) + + local cert_str = ngx_decode_base64(x5c[1]) + if not cert_str then + jwt_obj[str_const.reason] = "Malformed x5c header" + end + + return cert_str + end + + local x5u = jwt_obj[str_const.header][str_const.x5u] + if x5u ~= nil then + -- TODO Ensure the url starts with https:// + -- cf. https://tools.ietf.org/html/rfc7517#section-4.6 + + if x5u_content_retriever == nil then + jwt_obj[str_const.reason] = "No function has been provided to retrieve the content pointed at by the 'x5u'." + return nil + end + + -- TODO Maybe validate the url against an optional list whitelisted url prefixes? + -- cf. https://news.ycombinator.com/item?id=9302394 + + local iss = jwt_obj[str_const.payload][str_const.iss] + local kid = jwt_obj[str_const.header][str_const.kid] + local success, ret = pcall(x5u_content_retriever, x5u, iss, kid) + + if not success then + jwt_obj[str_const.reason] = "An error occured while invoking the x5u_content_retriever function." + return nil + end + + return ret + end + + -- TODO When both x5c and x5u are defined, the implementation should + -- ensure their content match + -- cf. https://tools.ietf.org/html/rfc7517#section-4.6 + + jwt_obj[str_const.reason] = "Unsupported RS256 key model" + return nil + -- TODO - Implement jwk and kid based models... +end + +local function get_claim_spec_from_legacy_options(self, options) + local claim_spec = { } + local jwt_validators = require "resty.jwt-validators" + + if options[str_const.valid_issuers] ~= nil then + claim_spec[str_const.iss] = jwt_validators.equals_any_of(options[str_const.valid_issuers]) + end + + if options[str_const.lifetime_grace_period] ~= nil then + jwt_validators.set_system_leeway(options[str_const.lifetime_grace_period] or 0) + + -- If we have a leeway set, then either an NBF or an EXP should also exist requireds are added below + if options[str_const.require_nbf_claim] ~= true and options[str_const.require_exp_claim] ~= true then + claim_spec[str_const.full_obj] = jwt_validators.require_one_of({ str_const.nbf, str_const.exp }) + end + end + + if not is_nil_or_boolean(options[str_const.require_nbf_claim]) then + error(string.format("'%s' validation option is expected to be a boolean.", str_const.require_nbf_claim), 0) + end + + if not is_nil_or_boolean(options[str_const.require_exp_claim]) then + error(string.format("'%s' validation option is expected to be a boolean.", str_const.require_exp_claim), 0) + end + + if options[str_const.lifetime_grace_period] ~= nil or options[str_const.require_nbf_claim] ~= nil or options[str_const.require_exp_claim] ~= nil then + if options[str_const.require_nbf_claim] == true then + claim_spec[str_const.nbf] = jwt_validators.is_not_before() + else + claim_spec[str_const.nbf] = jwt_validators.opt_is_not_before() + end + + if options[str_const.require_exp_claim] == true then + claim_spec[str_const.exp] = jwt_validators.is_not_expired() + else + claim_spec[str_const.exp] = jwt_validators.opt_is_not_expired() + end + end + + return claim_spec +end + +local function is_legacy_validation_options(options) + + -- Validation options MUST be a table + if type(options) ~= str_const.table then + return false + end + + -- Validation options MUST have at least one of these, and must ONLY have these + local legacy_options = { } + legacy_options[str_const.valid_issuers]=1 + legacy_options[str_const.lifetime_grace_period]=1 + legacy_options[str_const.require_nbf_claim]=1 + legacy_options[str_const.require_exp_claim]=1 + + local is_legacy = false + for k in pairs(options) do + if legacy_options[k] ~= nil then + is_legacy = true + else + return false + end + end + return is_legacy +end + +-- Validates the claims for the given (parsed) object +local function validate_claims(self, jwt_obj, ...) + local claim_specs = {...} + if #claim_specs == 0 then + table.insert(claim_specs, _M:get_default_validation_options(jwt_obj)) + end + + if jwt_obj[str_const.reason] ~= nil then + return false + end + + -- Encode the current jwt_obj and use it when calling the individual validation functions + local jwt_json = cjson_encode(jwt_obj) + + -- Validate all our specs + for _, claim_spec in ipairs(claim_specs) do + if is_legacy_validation_options(claim_spec) then + claim_spec = get_claim_spec_from_legacy_options(self, claim_spec) + end + for claim, fx in pairs(claim_spec) do + if type(fx) ~= str_const.funct then + error("Claim spec value must be a function - see jwt-validators.lua for helper functions", 0) + end + + local val = claim == str_const.full_obj and cjson_decode(jwt_json) or jwt_obj.payload[claim] + local success, ret = pcall(fx, val, claim, jwt_json) + if not success then + jwt_obj[str_const.reason] = ret.reason or string.gsub(ret, "^.-:%d-: ", "") + return false + elseif ret == false then + jwt_obj[str_const.reason] = string.format("Claim '%s' ('%s') returned failure", claim, val) + return false + end + end + end + + -- Everything was good + return true +end + +--@function verify jwt object +--@param secret +--@param jwt_object +--@leeway +--@return verified jwt payload or jwt object with error code +function _M.verify_jwt_obj(self, secret, jwt_obj, ...) + if not jwt_obj.valid then + return jwt_obj + end + + -- validate any claims that have been passed in + if not validate_claims(self, jwt_obj, ...) then + return jwt_obj + end + + -- if jwe, invoked verify jwe + if jwt_obj[str_const.header][str_const.enc] then + return verify_jwe_obj(jwt_obj) + end + + local alg = jwt_obj[str_const.header][str_const.alg] + + local jwt_str = string_format(str_const.regex_jwt_join_str, jwt_obj.raw_header , jwt_obj.raw_payload , jwt_obj.signature) + + if self.alg_whitelist ~= nil then + if self.alg_whitelist[alg] == nil then + return {verified=false, reason="whitelist unsupported alg: " .. alg} + end + end + + if alg == str_const.HS256 or alg == str_const.HS512 then + local success, ret = pcall(_M.sign, self, secret, jwt_obj) + if not success then + -- syntax check + jwt_obj[str_const.reason] = ret[str_const.reason] or str_const.internal_error + elseif jwt_str ~= ret then + -- signature check + jwt_obj[str_const.reason] = "signature mismatch: " .. jwt_obj[str_const.signature] + end + elseif alg == str_const.RS256 or alg == str_const.RS512 or alg == str_const.ES256 or alg == str_const.ES512 then + local cert, err + if self.trusted_certs_file ~= nil then + local cert_str = extract_certificate(jwt_obj, self.x5u_content_retriever) + if not cert_str then + return jwt_obj + end + cert, err = evp.Cert:new(cert_str) + if not cert then + jwt_obj[str_const.reason] = "Unable to extract signing cert from JWT: " .. err + return jwt_obj + end + -- Try validating against trusted CA's, then a cert passed as secret + local trusted = cert:verify_trust(self.trusted_certs_file) + if not trusted then + jwt_obj[str_const.reason] = "Cert used to sign the JWT isn't trusted: " .. err + return jwt_obj + end + elseif secret ~= nil then + if secret:find("CERTIFICATE") then + cert, err = evp.Cert:new(secret) + elseif secret:find("PUBLIC KEY") then + cert, err = evp.PublicKey:new(secret) + end + if not cert then + jwt_obj[str_const.reason] = "Decode secret is not a valid cert/public key" + return jwt_obj + end + else + jwt_obj[str_const.reason] = "No trusted certs loaded" + return jwt_obj + end + local verifier = '' + if alg == str_const.RS256 or alg == str_const.RS512 then + verifier = evp.RSAVerifier:new(cert) + elseif alg == str_const.ES256 or alg == str_const.ES512 then + verifier = evp.ECVerifier:new(cert) + end + if not verifier then + -- Internal error case, should not happen... + jwt_obj[str_const.reason] = "Failed to build verifier " .. err + return jwt_obj + end + + -- assemble jwt parts + local raw_header = get_raw_part(str_const.header, jwt_obj) + local raw_payload = get_raw_part(str_const.payload, jwt_obj) + + local message =string_format(str_const.regex_join_msg, raw_header , raw_payload) + local sig = _M:jwt_decode(jwt_obj[str_const.signature], false) + + if not sig then + jwt_obj[str_const.reason] = "Wrongly encoded signature" + return jwt_obj + end + + local verified = false + err = "verify error: reason unknown" + + if alg == str_const.RS256 or alg == str_const.ES256 then + verified, err = verifier:verify(message, sig, evp.CONST.SHA256_DIGEST) + elseif alg == str_const.RS512 or alg == str_const.ES512 then + verified, err = verifier:verify(message, sig, evp.CONST.SHA512_DIGEST) + end + if not verified then + jwt_obj[str_const.reason] = err + end + else + jwt_obj[str_const.reason] = "Unsupported algorithm " .. alg + end + + if not jwt_obj[str_const.reason] then + jwt_obj[str_const.verified] = true + jwt_obj[str_const.reason] = str_const.everything_awesome + end + return jwt_obj + +end + + +function _M.verify(self, secret, jwt_str, ...) + local jwt_obj = _M.load_jwt(self, jwt_str, secret) + if not jwt_obj.valid then + return {verified=false, reason=jwt_obj[str_const.reason]} + end + return _M.verify_jwt_obj(self, secret, jwt_obj, ...) + +end + +function _M.set_payload_encoder(self, encoder) + if type(encoder) ~= "function" then + error({reason="payload encoder must be function"}) + end + self.payload_encoder = encoder +end + + +function _M.set_payload_decoder(self, decoder) + if type(decoder) ~= "function" then + error({reason="payload decoder must be function"}) + end + self.payload_decoder= decoder +end + + +function _M.new() + return setmetatable({}, mt) +end + +return _M |