-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathjwtLib.brs
207 lines (181 loc) · 5.55 KB
/
jwtLib.brs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
' readJWT
' Read a JWT and returns the body
'
' @param jwtData, JWT parts in string
' @param key, Secret key string used to sign the JWT
' @return AssocArray JWT Body
function readJWT(jwtData, key)
jwtDataSplit = jwtData.split(".")
if jwtDataSplit.count() < 3 then
?"Invalid JWT, Missing section"
return Invalid
end if
jwtHeader = CreateObject("roByteArray")
jwtHeader.FromBase64String(base64UrlToBase64(jwtDataSplit[0]))
header = parseJSON(jwtHeader.ToAsciiString())
if header = Invalid then
?"Header is Invalid JSON"
return Invalid
end if
jwtBody = CreateObject("roByteArray")
jwtBody.FromBase64String(base64UrlToBase64(jwtDataSplit[1]))
body = parseJSON(jwtBody.ToAsciiString())
?body
if body = Invalid then
?"Body is Invalid JSON"
return Invalid
end if
if validateJWT(header.alg, jwtDataSplit[0], jwtDataSplit[1], base64UrlToBase64(jwtDataSplit[2]), key) = true then
?"Valid JWT"; body
if body.exp <> Invalid then 'Validate expiry if it exists
expires = createObject("roDateTime")
expires.fromSeconds(body.exp)
? expires; createObject("roDateTime")
if expires.AsSeconds() < createObject("roDateTime").AsSeconds() then
?"Token Expired"
return Invalid
else 'Valid Token
return body
end if
else
return body
end if
else
?"Invalid JWT"
return Invalid
end if
end function
' writeJWT
' Write a JWT using Algorithm, Body and key
'
' @param String algorithm, Algorithm to use for signing
' @param AssocArray body, Data to add as JWT body
' @param String key, Secret key string used to sign the JWT
' @return String JWT returned
function writeJWT(algorithm, header, body, key)
if algorithm = "SHA256" then
digest = "HS256"
else if algorithm = "SHA384" then
digest = "HS384"
else if algorithm = "SHA512" then
digest = "HS512"
else if algorithm = "ASHA256" then
digest = "RS256"
else if algorithm = "ASHA384" then
digest = "RS384"
else if algorithm = "ASHA512" then
digest = "RS512"
else
?"Unknown Algorithm"; algorithm
return false
end if
defaultHeader = {
"alg": digest,
"typ": "JWT"
}
header.Append(defaultHeader)
headerJSON = FormatJSON(header)
jwtHeader = CreateObject("roByteArray")
jwtHeader.FromAsciiString(headerJSON)
jwtBody = CreateObject("roByteArray")
jwtBody.FromAsciiString(FormatJSON(body))
jwtHeaderUrl = base64ToBase64Url(jwtHeader.ToBase64String())
jwtBodyUrl = base64ToBase64Url(jwtBody.ToBase64String())
signature_key = CreateObject("roByteArray")
signature_key.fromAsciiString(key)
message = CreateObject("roByteArray")
message.fromAsciiString(jwtHeaderUrl + "." + jwtBodyUrl)
if algorithm = "ASHA256" OR algorithm = "ASHA384" OR algorithm = "ASHA512" then
digest = CreateObject("roEVPDigest")
digest.Setup(right(algorithm, 6))
hashString = digest.Process(message)
hashBA = CreateObject("roByteArray")
hashBA.FromHexString(hashString)
rsa = CreateObject("roRSA")
res = rsa.SetPrivateKey(key)
rsa.SetDigestAlgorithm(right(algorithm, 6))
signature = rsa.Sign(hashBA)
if Invalid <> signature
resultUrl = base64ToBase64Url(signature.ToBase64String())
return jwtHeaderUrl + "." + jwtBodyUrl + "." + resultUrl
else
return Invalid
end if
else
hmac = CreateObject("roHMAC")
if hmac.setup(algorithm, signature_key) = 0 then
result = hmac.process(message)
resultUrl = base64ToBase64Url(result.ToBase64String())
return jwtHeaderUrl + "." + jwtBodyUrl + "." + resultUrl
else
?"HMAC Setup failed"
return Invalid
end if
end if
end function
' validateJWT
' Validates the Hash or Certificate for the jwt
'
' @param algorithm, Algorithm from the JWT header JSON
' @param jwtHeader, JWT Header in base64 string
' @param jwtBody, JWT Body in base64 string
' @param jwtSig, JWT Signature in base64 string
' @param key, Secret Key string used to sign JWT
' @return Bool if JWT is valid
function validateJWT(algorithm, jwtHeader, jwtBody, jwtSig, key)
if algorithm = "HS256" then
digest = "SHA256"
else if algorithm = "HS384" then
digest = "SHA384"
else if algorithm = "HS512" then
digest = "SHA512"
else
?"Unknown Algorithm"; algorithm
return false
end if
hmac = CreateObject("roHMAC")
signature_key = CreateObject("roByteArray")
signature_key.fromAsciiString(key)
if hmac.setup(digest, signature_key) = 0 then
message = CreateObject("roByteArray")
message.fromAsciiString(jwtHeader + "." + jwtBody)
result = hmac.process(message)
sig = CreateObject("roByteArray")
sig.FromBase64String(jwtSig)
index = 0
for each sigVal in sig
if sigVal <> result[index] then
return false
end if
index++
end for
return true
else
?"HMAC setup failed!"
return false
end If
end function
' base64ToBase64Url
' Convert base64 to base64url
'
' @param base64, base64 to convert to base64url
' @return Converted base64url
function base64ToBase64Url (base64)
return base64.replace("+", "-").replace("/", "_").replace("=", "") ' + to -, / to _ and remove optional padding
end function
' base64UrlToBase64
' Convert base64url to base64
'
' @param base64url, base64URL to convert to base64
' @return Converted base64
function base64UrlToBase64 (base64url)
base64 = base64Url.replace("-", "+").replace("_","/")
length = base64.len() mod 4
' Add required padding, optional in base64url
if length < 3 then
base64 = base64 + "=="
else if length < 4 then
base64 = base64 + "="
end if
return base64
end function