Commit graph

16 commits

Author SHA1 Message Date
Vincent Ambo
64a480ccb7 fix: validate() does not require ownership of the token string
Thanks to @bvs for pointing this out.
2018-09-04 13:01:14 +02:00
Vincent Ambo
89af12444a chore: License under GPL-3.0-or-later 2018-09-04 12:48:11 +02:00
Vincent Ambo
29dfb6826f docs: Update README to match new library API 2018-09-04 12:48:11 +02:00
Vincent Ambo
dd527ecdf1 feat: Implement claim validation
Implements initial validations of token claims. The included
validations are:

* validation of token issuer
* validation of token audience
* validation that a subject is set
* validation that a token is not expired
2018-09-04 12:45:27 +02:00
Vincent Ambo
ae409995ca fix: Handle warning about unused kty & alg fields
These fields are only used to constrain deserialisation to the
supported values, but have no further effect.

`rustc` throws warnings about them not being used, which this commit
disables.
2018-09-04 12:45:27 +02:00
Vincent Ambo
5f8f252f68 test: Ensure library doctest compiles & runs correctly 2018-09-04 12:45:27 +02:00
Vincent Ambo
7c99220723 refactor: Pass 'String' to token_kid instead of internal type 2018-09-04 12:45:27 +02:00
Vincent Ambo
b6eedbfe16 feat: Initial implementation of 'validate' function
Implements the logic for validating a token signature and returning
its decoded headers and claims.

This does not yet apply claim validations, as those have not been
specified yet.
2018-09-04 12:45:27 +02:00
Vincent Ambo
37652545b4 feat: Introduce ValidJWT type to represent validated & decoded JWT
Introduces a new struct type which contains the token's headers and
claims as JSON values. This is constructed by validating a token and
allows library users to deal with the deserialised values as they
please.
2018-09-04 12:45:27 +02:00
Vincent Ambo
b3e8f7a91f refactor: Introduce helper for deserialising token parts
There are multiple points in the code where a token part needs to be
deserialised (i.e. first base64-decoded, then JSON-deserialised). This
is extracted to a helper function in this commit.
2018-09-04 12:45:27 +02:00
Vincent Ambo
33c122f10e feat: Implement extraction of KIDs from unvalidated tokens 2018-09-04 12:45:27 +02:00
Vincent Ambo
5bd7a91d10 test: Add simple test for working JWT validation 2018-09-04 12:45:27 +02:00
Vincent Ambo
4b5dc17fc8 feat: Introduce validation of JWT signatures
Introduces the internal function for validating JWT signatures. The
process is relatively straightforward:

1. Create an OpenSSL signature verifier using the public key from the
   JWK.

2. Split the JWT into the data (header + claims) and signature parts.

3. Validate the data against the signature using the verifier from (1)

OpenSSL "cleanly" returns a boolean in case of an invalid signature,
but an otherwise successful operation.

This is represented differently in the returned error variant, with an
invalid signature being represented as `InvalidSignature`, and other
errors as the `OpenSSL` error variant which wraps the underlying
OpenSSL issue.

Successful validation returns an empty `Ok` result.
2018-09-04 12:45:27 +02:00
Vincent Ambo
17e3a6560a refactor: Move tests to separate file 2018-09-04 12:45:27 +02:00
Vincent Ambo
d3b200e820 refactor: Use error enum + result type alias for failures
This makes the library slightly more "rusty". Instead of returning a
validation result which also represents potential success, use an enum
representing the error variants and the standard library's
`Result`-type to represent success/failure.
2018-09-04 12:45:27 +02:00
Vincent Ambo
0f8231e990 feat: Add initial public API skeleton 2018-09-04 12:45:27 +02:00