tvl-depot/net/alcoholic_jwt/src/lib.rs
Caranatar 618e5540c2 fix(alcoholic_jwt): Support multiple values in jwt audience claim
Per https://tools.ietf.org/html/rfc7519#section-4.1.3, the audience
claim can consist of either a single string or an array of strings.
The latter currently causes an error due to the type of aud in
PartialClaims.

Message-Id: <87r1toex8n.fsf@riseup.net>
Change-Id: I6e00791d0ba56cb1e3c029e1b8617c33000d2ab1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/946
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-06 21:50:05 +00:00

465 lines
17 KiB
Rust

// Copyright (C) 2018 Aprila Bank ASA
//
// alcoholic_jwt is free software: you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//! Implements a library for for **validation** of **RS256** JWTs
//! using keys from a JWKS. Nothing more, nothing less.
//!
//! The name of the library stems from the potential side-effects of
//! trying to use the other Rust libraries that are made for similar
//! purposes.
//!
//! This library is specifically aimed at developers that consume
//! tokens from services which provide their RSA public keys in
//! [JWKS][] format.
//!
//! ## Usage example (token with `kid`-claim)
//!
//! ```rust
//! # extern crate serde_json;
//! extern crate alcoholic_jwt;
//!
//! use alcoholic_jwt::{JWKS, Validation, validate, token_kid};
//!
//! # fn some_token_fetching_function() -> &'static str {
//! # "eyJraWQiOiI4ckRxOFB3MEZaY2FvWFdURVZRbzcrVGYyWXpTTDFmQnhOS1BDZWJhYWk0PSIsImFsZyI6IlJTMjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJhdXRoLnRlc3QuYXByaWxhLm5vIiwiaWF0IjoxNTM2MDUwNjkzLCJleHAiOjE1MzYwNTQyOTMsInN1YiI6IjQyIiwiZXh0Ijoic21va2V0ZXN0IiwicHJ2IjoiYXJpc3RpIiwic2NwIjoicHJvY2VzcyJ9.gOLsv98109qLkmRK6Dn7WWRHLW7o8W78WZcWvFZoxPLzVO0qvRXXRLYc9h5chpfvcWreLZ4f1cOdvxv31_qnCRSQQPOeQ7r7hj_sPEDzhKjk-q2aoNHaGGJg1vabI--9EFkFsGQfoS7UbMMssS44dgR68XEnKtjn0Vys-Vzbvz_CBSCH6yQhRLik2SU2jR2L7BoFvh4LGZ6EKoQWzm8Z-CHXLGLUs4Hp5aPhF46dGzgAzwlPFW4t9G4DciX1uB4vv1XnfTc5wqJch6ltjKMde1GZwLR757a8dJSBcmGWze3UNE2YH_VLD7NCwH2kkqr3gh8rn7lWKG4AUIYPxsw9CB"
//! # }
//!
//! # fn jwks_fetching_function() -> JWKS {
//! # let jwks_json = "{\"keys\":[{\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"kid\":\"8rDq8Pw0FZcaoXWTEVQo7+Tf2YzSL1fBxNKPCebaai4=\",\"n\":\"l4UTgk1zr-8C8utt0E57DtBV6qqAPWzVRrIuQS2j0_hp2CviaNl5XzGRDnB8gwk0Hx95YOhJupAe6RNq5ok3fDdxL7DLvppJNRLz3Ag9CsmDLcbXgNEQys33fBJaPw1v3GcaFC4tisU5p-o1f5RfWwvwdBtdBfGiwT1GRvbc5sFx6M4iYjg9uv1lNKW60PqSJW4iDYrfqzZmB0zF1SJ0BL_rnQZ1Wi_UkFmNe9arM8W9tI9T3Ie59HITFuyVSTCt6qQEtSfa1e5PiBaVuV3qoFI2jPBiVZQ6LPGBWEDyz4QtrHLdECPPoTF30NN6TSVwwlRbCuUUrdNdXdjYe2dMFQ\",\"e\":\"DhaD5zC7mzaDvHO192wKT_9sfsVmdy8w8T8C9VG17_b1jG2srd3cmc6Ycw-0blDf53Wrpi9-KGZXKHX6_uIuJK249WhkP7N1SHrTJxO0sUJ8AhK482PLF09Qtu6cUfJqY1X1y1S2vACJZItU4Vjr3YAfiVGQXeA8frAf7Sm4O1CBStCyg6yCcIbGojII0jfh2vSB-GD9ok1F69Nmk-R-bClyqMCV_Oq-5a0gqClVS8pDyGYMgKTww2RHgZaFSUcG13KeLMQsG2UOB2OjSC8FkOXK00NBlAjU3d0Vv-IamaLIszO7FQBY3Oh0uxNOvIE9ofQyCOpB-xIK6V9CTTphxw\"}]}";
//! # serde_json::from_str(jwks_json).unwrap()
//! # }
//! #
//! // The function implied here would usually perform an HTTP-GET
//! // on the JWKS-URL for an authentication provider and deserialize
//! // the result into the `alcoholic_jwt::JWKS`-struct.
//! let jwks: JWKS = jwks_fetching_function();
//!
//! let token = some_token_fetching_function();
//!
//! // Several types of built-in validations are provided:
//! let validations = vec![
//! Validation::Issuer("auth.test.aprila.no".into()),
//! Validation::SubjectPresent,
//! ];
//!
//! // If a JWKS contains multiple keys, the correct KID first
//! // needs to be fetched from the token headers.
//! let kid = token_kid(&token)
//! .expect("Failed to decode token headers")
//! .expect("No 'kid' claim present in token");
//!
//! let jwk = jwks.find(&kid).expect("Specified key not found in set");
//!
//! validate(token, jwk, validations).expect("Token validation has failed!");
//! ```
//!
//! [JWKS]: https://tools.ietf.org/html/rfc7517
#[macro_use] extern crate serde_derive;
extern crate base64;
extern crate openssl;
extern crate serde;
extern crate serde_json;
use base64::{URL_SAFE_NO_PAD, Config, DecodeError};
use openssl::bn::BigNum;
use openssl::error::ErrorStack;
use openssl::hash::MessageDigest;
use openssl::pkey::{Public, PKey};
use openssl::rsa::Rsa;
use openssl::sign::Verifier;
use serde::de::DeserializeOwned;
use serde_json::Value;
use std::time::{UNIX_EPOCH, Duration, SystemTime};
#[cfg(test)]
mod tests;
/// URL-safe character set without padding that allows trailing bits,
/// which appear in some JWT implementations.
///
/// Note: The functions on `base64::Config` are not marked `const`,
/// and the constructors are not exported, which is why this is
/// implemented as a function.
fn jwt_forgiving() -> Config {
URL_SAFE_NO_PAD.decode_allow_trailing_bits(true)
}
/// JWT algorithm used. The only supported algorithm is currently
/// RS256.
#[derive(Clone, Deserialize, Debug)]
enum KeyAlgorithm { RS256 }
/// Type of key contained in a JWT. The only supported key type is
/// currently RSA.
#[derive(Clone, Deserialize, Debug)]
enum KeyType { RSA }
/// Representation of a single JSON Web Key. See [RFC
/// 7517](https://tools.ietf.org/html/rfc7517#section-4).
#[allow(dead_code)] // kty & alg only constrain deserialisation, but aren't used
#[derive(Clone, Debug, Deserialize)]
pub struct JWK {
kty: KeyType,
alg: Option<KeyAlgorithm>,
kid: Option<String>,
// Shared modulus
n: String,
// Public key exponent
e: String,
}
/// Representation of a set of JSON Web Keys. See [RFC
/// 7517](https://tools.ietf.org/html/rfc7517#section-5).
#[derive(Clone, Debug, Deserialize)]
pub struct JWKS {
// This is a vector instead of some kind of map-like structure
// because key IDs are in fact optional.
//
// Technically having multiple keys with the same KID would not
// violate the JWKS-definition either, but behaviour in that case
// is unspecified.
keys: Vec<JWK>,
}
impl JWKS {
/// Attempt to find a JWK by its key ID.
pub fn find(&self, kid: &str) -> Option<&JWK> {
self.keys.iter().find(|jwk| jwk.kid == Some(kid.into()))
}
}
/// Representation of an undecoded JSON Web Token. See [RFC
/// 7519](https://tools.ietf.org/html/rfc7519).
struct JWT<'a> (&'a str);
/// Representation of a decoded and validated JSON Web Token.
///
/// Specific claim fields are only decoded internally in the library
/// for validation purposes, while it is generally up to the consumer
/// of the validated JWT what structure they would like to impose.
pub struct ValidJWT {
/// JOSE header of the JSON Web Token. Certain fields are
/// guaranteed to be present in this header, consult section 5 of
/// RFC7519 for more information.
pub headers: Value,
/// Claims (i.e. primary data) contained in the JSON Web Token.
/// While there are several registered and recommended headers
/// (consult section 4.1 of RFC7519), the presence of no field is
/// guaranteed in these.
pub claims: Value,
}
/// Possible token claim validations. This enumeration only covers
/// common use-cases, for other types of validations the user is
/// encouraged to inspect the claim set manually.
pub enum Validation {
/// Validate that the issuer ("iss") claim matches a specified
/// value.
Issuer(String),
/// Validate that the audience ("aud") claim matches a specified
/// value.
Audience(String),
/// Validate that a subject value is present.
SubjectPresent,
/// Validate that the expiry time of the token ("exp"-claim) has
/// not yet been reached.
NotExpired,
}
/// Possible results of a token validation.
#[derive(Debug)]
pub enum ValidationError {
/// Invalid number of token components (not a JWT?)
InvalidComponents,
/// Token segments had invalid base64-encoding.
InvalidBase64(DecodeError),
/// Decoding of the provided JWK failed.
InvalidJWK,
/// Signature validation failed, i.e. because of a non-matching
/// public key.
InvalidSignature,
/// An OpenSSL operation failed along the way at a point at which
/// a more specific error variant could not be constructed.
OpenSSL(ErrorStack),
/// JSON decoding into a provided type failed.
JSON(serde_json::Error),
/// One or more claim validations failed. This variant contains
/// human-readable validation errors.
InvalidClaims(Vec<&'static str>),
}
type JWTResult<T> = Result<T, ValidationError>;
impl From<ErrorStack> for ValidationError {
fn from(err: ErrorStack) -> Self { ValidationError::OpenSSL(err) }
}
impl From<serde_json::Error> for ValidationError {
fn from(err: serde_json::Error) -> Self { ValidationError::JSON(err) }
}
impl From<DecodeError> for ValidationError {
fn from(err: DecodeError) -> Self { ValidationError::InvalidBase64(err) }
}
/// Attempt to extract the `kid`-claim out of a JWT's header claims.
///
/// This function is normally used when a token provider has multiple
/// public keys in rotation at the same time that could all still have
/// valid tokens issued under them.
///
/// This is only safe if the key set containing the currently allowed
/// key IDs is fetched from a trusted source.
pub fn token_kid(token: &str) -> JWTResult<Option<String>> {
// Fetch the header component of the JWT by splitting it out and
// dismissing the rest.
let parts: Vec<&str> = token.splitn(2, '.').collect();
if parts.len() != 2 {
return Err(ValidationError::InvalidComponents);
}
// Decode only the first part of the token into a specialised
// representation:
#[derive(Deserialize)]
struct KidOnly {
kid: Option<String>,
}
let kid_only: KidOnly = deserialize_part(parts[0])?;
Ok(kid_only.kid)
}
/// Validate the signature of a JSON Web Token and optionally apply
/// claim validations. Signatures are always verified before claims,
/// and if a signature verification passes *all* claim validations are
/// run and returned.
///
/// If validation succeeds a representation of the token is returned
/// that contains the header and claims as simple JSON values.
///
/// It is the user's task to ensure that the correct JWK is passed in
/// for validation.
pub fn validate(token: &str,
jwk: &JWK,
validations: Vec<Validation>) -> JWTResult<ValidJWT> {
let jwt = JWT(token);
let public_key = public_key_from_jwk(&jwk)?;
validate_jwt_signature(&jwt, public_key)?;
// Split out all three parts of the JWT this time, deserialising
// the first and second as appropriate.
let parts: Vec<&str> = jwt.0.splitn(3, '.').collect();
if parts.len() != 3 {
// This is unlikely considering that validation has already
// been performed at this point, but better safe than sorry.
return Err(ValidationError::InvalidComponents)
}
// Perform claim validations before constructing the valid token:
let partial_claims = deserialize_part(parts[1])?;
validate_claims(partial_claims, validations)?;
let headers = deserialize_part(parts[0])?;
let claims = deserialize_part(parts[1])?;
let valid_jwt = ValidJWT { headers, claims };
Ok(valid_jwt)
}
// Internal implementation
//
// The functions in the following section are not part of the public
// API of this library.
/// Decode a single key fragment (base64-url encoded integer) to an
/// OpenSSL BigNum.
fn decode_fragment(fragment: &str) -> JWTResult<BigNum> {
let bytes = base64::decode_config(fragment, jwt_forgiving())
.map_err(|_| ValidationError::InvalidJWK)?;
BigNum::from_slice(&bytes).map_err(Into::into)
}
/// Decode an RSA public key from a JWK by constructing it directly
/// from the public RSA key fragments.
fn public_key_from_jwk(jwk: &JWK) -> JWTResult<Rsa<Public>> {
let jwk_n = decode_fragment(&jwk.n)?;
let jwk_e = decode_fragment(&jwk.e)?;
Rsa::from_public_components(jwk_n, jwk_e).map_err(Into::into)
}
/// Decode a base64-URL encoded string and deserialise the resulting
/// JSON.
fn deserialize_part<T: DeserializeOwned>(part: &str) -> JWTResult<T> {
let json = base64::decode_config(part, jwt_forgiving())?;
serde_json::from_slice(&json).map_err(Into::into)
}
/// Validate the signature on a JWT using a provided public key.
///
/// A JWT is made up of three components (headers, claims, signature)
/// - only the first two are part of the signed data.
fn validate_jwt_signature(jwt: &JWT, key: Rsa<Public>) -> JWTResult<()> {
let key = PKey::from_rsa(key)?;
let mut verifier = Verifier::new(MessageDigest::sha256(), &key)?;
// Split the token from the back to a maximum of two elements.
// There are technically three components using the same separator
// ('.'), but we are interested in the first two together and
// splitting them is unnecessary.
let token_parts: Vec<&str> = jwt.0.rsplitn(2, '.').collect();
if token_parts.len() != 2 {
return Err(ValidationError::InvalidComponents);
}
// Second element of the vector will be the signed payload.
let data = token_parts[1];
// First element of the vector will be the (encoded) signature.
let sig_b64 = token_parts[0];
let sig = base64::decode_config(sig_b64, jwt_forgiving())?;
// Verify signature by inserting the payload data and checking it
// against the decoded signature.
verifier.update(data.as_bytes())?;
match verifier.verify(&sig)? {
true => Ok(()),
false => Err(ValidationError::InvalidSignature),
}
}
/// Internal helper enum for PartialClaims that supports single or
/// multiple audiences
#[derive(Deserialize)]
#[serde(untagged)]
enum Audience {
Single(String),
Multi(Vec<String>)
}
/// Internal helper struct for claims that are relevant for claim
/// validations.
#[derive(Deserialize)]
struct PartialClaims {
aud: Option<Audience>,
iss: Option<String>,
sub: Option<String>,
exp: Option<u64>,
}
/// Apply a single validation to the claim set of a token.
fn apply_validation(claims: &PartialClaims,
validation: Validation) -> Result<(), &'static str> {
match validation {
// Validate that an 'iss' claim is present and matches the
// supplied value.
Validation::Issuer(iss) => {
match claims.iss {
None => Err("'iss' claim is missing"),
Some(ref claim) => if *claim == iss {
Ok(())
} else {
Err("'iss' claim does not match")
}
}
},
// Validate that an 'aud' claim is present and matches the
// supplied value.
Validation::Audience(aud) => {
match claims.aud {
None => Err("'aud' claim is missing"),
Some(Audience::Single(ref claim)) => if *claim == aud {
Ok(())
} else {
Err("'aud' claim does not match")
},
Some(Audience::Multi(ref claims)) => if claims.contains(&aud) {
Ok(())
} else {
Err("'aud' claim does not match")
}
}
},
Validation::SubjectPresent => match claims.sub {
Some(_) => Ok(()),
None => Err("'sub' claim is missing"),
},
Validation::NotExpired => match claims.exp {
None => Err("'exp' claim is missing"),
Some(exp) => {
// Determine the current timestamp in seconds since
// the UNIX epoch.
let now = SystemTime::now()
.duration_since(UNIX_EPOCH)
// this is an unrecoverable, critical error. There
// aren't many ways this can occur, other than
// system time being set into the far future or
// this library being used in some sort of future
// museum.
.expect("system time is likely incorrect");
// Convert the expiry time (which is also in epoch
// seconds) to a duration.
let exp_duration = Duration::from_secs(exp);
// The token has not expired if the expiry duration is
// larger than (i.e. in the future from) the current
// time.
if exp_duration > now {
Ok(())
} else {
Err("token has expired")
}
}
},
}
}
/// Apply all requested validations to a partial claim set.
fn validate_claims(claims: PartialClaims,
validations: Vec<Validation>) -> JWTResult<()> {
let validation_errors: Vec<_> = validations.into_iter()
.map(|v| apply_validation(&claims, v))
.filter_map(|result| match result {
Ok(_) => None,
Err(err) => Some(err),
})
.collect();
if validation_errors.is_empty() {
Ok(())
} else {
Err(ValidationError::InvalidClaims(validation_errors))
}
}