Handle all errors in validate_jwt
This commit is contained in:
Sebastian H. Gabrielli
parent
08de228a3e
commit
7fe7d62c52
43
src/main.rs
43
src/main.rs
@ -44,7 +44,7 @@ struct JwtInfo {
|
|||||||
public_keys: HashMap<String, String>,
|
public_keys: HashMap<String, String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
fn validate_jwt(token: &str, jwt_info: &JwtInfo) -> Result<MyClaims> {
|
fn validate_jwt(token: &str, jwt_info: &mut JwtInfo) -> Result<MyClaims> {
|
||||||
// Decode the header to give info about the crypto
|
// Decode the header to give info about the crypto
|
||||||
let jwt_header = decode_header(token)?;
|
let jwt_header = decode_header(token)?;
|
||||||
|
|
||||||
@ -54,10 +54,39 @@ fn validate_jwt(token: &str, jwt_info: &JwtInfo) -> Result<MyClaims> {
|
|||||||
validation.set_audience(&jwt_info.audience);
|
validation.set_audience(&jwt_info.audience);
|
||||||
validation.set_issuer(&jwt_info.issuer);
|
validation.set_issuer(&jwt_info.issuer);
|
||||||
|
|
||||||
// Fetch the JWT kid
|
// Extract the JWT kid
|
||||||
let kid = jwt_header.kid.unwrap();
|
let kid: String;
|
||||||
|
match jwt_header.kid {
|
||||||
|
Some(fetched_kid) => kid = fetched_kid,
|
||||||
|
None => {
|
||||||
|
eprintln!("Unable to extract KID from jwt header");
|
||||||
|
return Err(jsonwebtoken::errors::ErrorKind::InvalidToken.into());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Fetch the corresponding public key
|
// Fetch the corresponding public key
|
||||||
let public_key_pem = jwt_info.public_keys.get(&kid).unwrap();
|
let public_key_pem: &String;
|
||||||
|
match jwt_info.public_keys.get(&kid) {
|
||||||
|
Some(key) => public_key_pem = key,
|
||||||
|
None => {
|
||||||
|
// If the key doesn't exist look up the keys again
|
||||||
|
match fetch_jwt_certificates(jwt_info) {
|
||||||
|
Some(key_map) => jwt_info.public_keys = key_map,
|
||||||
|
None => {
|
||||||
|
eprintln!("Failed to fetch jwt pem certificates");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Try to get the keys once more
|
||||||
|
match jwt_info.public_keys.get(&kid) {
|
||||||
|
Some(key) => public_key_pem = key,
|
||||||
|
None => {
|
||||||
|
eprintln!("Failed to fetch find matching certificates for given KID. {}", kid);
|
||||||
|
return Err(jsonwebtoken::errors::ErrorKind::InvalidToken.into());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Decode the JWT token
|
// Decode the JWT token
|
||||||
let token_data: TokenData<MyClaims>;
|
let token_data: TokenData<MyClaims>;
|
||||||
@ -65,14 +94,14 @@ fn validate_jwt(token: &str, jwt_info: &JwtInfo) -> Result<MyClaims> {
|
|||||||
Algorithm::RS256 => {
|
Algorithm::RS256 => {
|
||||||
token_data = decode::<MyClaims>(
|
token_data = decode::<MyClaims>(
|
||||||
token,
|
token,
|
||||||
&DecodingKey::from_rsa_pem(public_key_pem.as_bytes()).unwrap(),
|
&DecodingKey::from_rsa_pem(public_key_pem.as_bytes())?,
|
||||||
&validation,
|
&validation,
|
||||||
)?;
|
)?;
|
||||||
},
|
},
|
||||||
Algorithm::ES256 => {
|
Algorithm::ES256 => {
|
||||||
token_data = decode::<MyClaims>(
|
token_data = decode::<MyClaims>(
|
||||||
token,
|
token,
|
||||||
&DecodingKey::from_ec_pem(public_key_pem.as_bytes()).unwrap(),
|
&DecodingKey::from_ec_pem(public_key_pem.as_bytes())?,
|
||||||
&validation,
|
&validation,
|
||||||
)?;
|
)?;
|
||||||
},
|
},
|
||||||
@ -102,7 +131,7 @@ fn fetch_jwt_certificates(jwt_info: &JwtInfo) -> Option<HashMap<String, String>>
|
|||||||
// Extract the x5c key data
|
// Extract the x5c key data
|
||||||
let x5c = key.x5c.get(0).unwrap();
|
let x5c = key.x5c.get(0).unwrap();
|
||||||
|
|
||||||
// Append the PEM info in to the x5c
|
// Add the PEM info in to the x5c
|
||||||
let pem_data = format!(
|
let pem_data = format!(
|
||||||
"-----BEGIN CERTIFICATE-----\n{}\n-----END CERTIFICATE-----",
|
"-----BEGIN CERTIFICATE-----\n{}\n-----END CERTIFICATE-----",
|
||||||
x5c
|
x5c
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user