1507843008

Committed 13 Sep 2024 11:01AM UTC coverage: 81.326%. Remained the same

Build # 1507843008

Build Type

push

gitlab-ci

Committed by

web-flow

Commit Message

Merge pull request #727 from mzedel/chore/deprecate

Chore/deprecate

Run Details

4834 of 5944 relevant lines covered (81.33%)

42.77 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

92.5

/jwt/jwt_rsa.go

// Copyright 2023 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package jwt

import (
        "crypto/rsa"

        "github.com/golang-jwt/jwt/v4"
        "github.com/pkg/errors"
)

// JWTHandlerRS256 is an RS256-specific JWTHandler
type JWTHandlerRS256 struct {
        privKey *rsa.PrivateKey
}

func NewJWTHandlerRS256(privKey *rsa.PrivateKey) *JWTHandlerRS256 {
        return &JWTHandlerRS256{
                privKey: privKey,
        }
}

func (j *JWTHandlerRS256) ToJWT(token *Token) (string, error) {
        //generate
        jt := jwt.NewWithClaims(jwt.SigningMethodRS256, &token.Claims)

        //sign
        data, err := jt.SignedString(j.privKey)
        return data, err
}

func (j *JWTHandlerRS256) FromJWT(tokstr string) (*Token, error) {
        parser := jwt.NewParser(jwt.WithoutClaimsValidation())
        jwttoken, _, err := parser.ParseUnverified(tokstr, &Claims{})
        if err == nil {
                token := Token{}
                if claims, ok := jwttoken.Claims.(*Claims); ok {
                        token.Claims = *claims
                        return &token, nil
                }
        }

        return nil, ErrTokenInvalid
}

func (j *JWTHandlerRS256) Validate(tokstr string) error {
        jwttoken, err := jwt.ParseWithClaims(tokstr, &Claims{},
                func(token *jwt.Token) (interface{}, error) {
                        if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
                                return nil, errors.New("unexpected signing method: " + token.Method.Alg())
                        }
                        return &j.privKey.PublicKey, nil
                },
        )

        // our Claims return Mender-specific validation errors
        // go-jwt will wrap them in a generic ValidationError - unwrap and return directly
        if jwttoken != nil && !jwttoken.Valid {
                return ErrTokenInvalid
        } else if err != nil {
                err, ok := err.(*jwt.ValidationError)
                if ok && err.Inner != nil {
                        return err.Inner
                } else {
                        return err
                }
        }

        return nil
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package jwt
15
16	import (
17	"crypto/rsa"
18
19	"github.com/golang-jwt/jwt/v4"
20	"github.com/pkg/errors"
21	)
22
23	// JWTHandlerRS256 is an RS256-specific JWTHandler
24	type JWTHandlerRS256 struct {
25	privKey *rsa.PrivateKey
26	}
27
28	func NewJWTHandlerRS256(privKey rsa.PrivateKey) JWTHandlerRS256 {	14✔
29	return &JWTHandlerRS256{	14✔
30	privKey: privKey,	14✔
31	}	14✔
32	}	14✔
33
34	func (j JWTHandlerRS256) ToJWT(token Token) (string, error) {	3✔
35	//generate	3✔
36	jt := jwt.NewWithClaims(jwt.SigningMethodRS256, &token.Claims)	3✔
37		3✔
38	//sign	3✔
39	data, err := jt.SignedString(j.privKey)	3✔
40	return data, err	3✔
41	}	3✔
42
43	func (j JWTHandlerRS256) FromJWT(tokstr string) (Token, error) {	4✔
44	parser := jwt.NewParser(jwt.WithoutClaimsValidation())	4✔
45	jwttoken, _, err := parser.ParseUnverified(tokstr, &Claims{})	4✔
46	if err == nil {	7✔
47	token := Token{}	3✔
48	if claims, ok := jwttoken.Claims.(*Claims); ok {	6✔
49	token.Claims = *claims	3✔
50	return &token, nil	3✔
51	}	3✔
52	}
53
54	return nil, ErrTokenInvalid	2✔
55	}
56
57	func (j *JWTHandlerRS256) Validate(tokstr string) error {	6✔
58	jwttoken, err := jwt.ParseWithClaims(tokstr, &Claims{},	6✔
59	func(token *jwt.Token) (interface{}, error) {	11✔
60	if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {	5✔
61	return nil, errors.New("unexpected signing method: " + token.Method.Alg())	×
62	}	×
63	return &j.privKey.PublicKey, nil	5✔
64	},
65	)
66
67	// our Claims return Mender-specific validation errors
68	// go-jwt will wrap them in a generic ValidationError - unwrap and return directly
69	if jwttoken != nil && !jwttoken.Valid {	9✔
70	return ErrTokenInvalid	3✔
71	} else if err != nil {	8✔
72	err, ok := err.(*jwt.ValidationError)	1✔
73	if ok && err.Inner != nil {	1✔
74	return err.Inner	×
75	} else {	1✔
76	return err	1✔
77	}	1✔
78	}
79
80	return nil	3✔
81	}

mendersoftware / deviceauth / 1507843008

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous