🏟️ Add verify context trait template specialization (#229)

* Add verify context template specialization Co-authored-by: sirzooro <[email protected]> * add `verify_context` to all defaults Co-authored-by: sirzooro <[email protected]>
Thalhammer · May 18, 2022 · 6aabc2e · 6aabc2e
1 parent d7e0936
commit 6aabc2e
Show file tree

Hide file tree

Showing 7 changed files with 124 additions and 0 deletions.
diff --git a/example/CMakeLists.txt b/example/CMakeLists.txt
@@ -28,3 +28,6 @@ target_link_libraries(jwks-verify jwt-cpp::jwt-cpp)
 
 add_executable(es256k es256k.cpp)
 target_link_libraries(es256k jwt-cpp::jwt-cpp)
+
+add_executable(partial-claim-verifier partial-claim-verifier.cpp)
+target_link_libraries(partial-claim-verifier jwt-cpp::jwt-cpp)
diff --git a/example/partial-claim-verifier.cpp b/example/partial-claim-verifier.cpp
@@ -0,0 +1,91 @@
+#include "jwt-cpp/traits/nlohmann-json/defaults.h"
+
+#include <iostream>
+
+int main() {
+	std::string rsa_priv_key = R"(-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4ZtdaIrd1BPIJ
+tfnF0TjIK5inQAXZ3XlCrUlJdP+XHwIRxdv1FsN12XyMYO/6ymLmo9ryoQeIrsXB
+XYqlET3zfAY+diwCb0HEsVvhisthwMU4gZQu6TYW2s9LnXZB5rVtcBK69hcSlA2k
+ZudMZWxZcj0L7KMfO2rIvaHw/qaVOE9j0T257Z8Kp2CLF9MUgX0ObhIsdumFRLaL
+DvDUmBPr2zuh/34j2XmWwn1yjN/WvGtdfhXW79Ki1S40HcWnygHgLV8sESFKUxxQ
+mKvPUTwDOIwLFL5WtE8Mz7N++kgmDcmWMCHc8kcOIu73Ta/3D4imW7VbKgHZo9+K
+3ESFE3RjAgMBAAECggEBAJTEIyjMqUT24G2FKiS1TiHvShBkTlQdoR5xvpZMlYbN
+tVWxUmrAGqCQ/TIjYnfpnzCDMLhdwT48Ab6mQJw69MfiXwc1PvwX1e9hRscGul36
+ryGPKIVQEBsQG/zc4/L2tZe8ut+qeaK7XuYrPp8bk/X1e9qK5m7j+JpKosNSLgJj
+NIbYsBkG2Mlq671irKYj2hVZeaBQmWmZxK4fw0Istz2WfN5nUKUeJhTwpR+JLUg4
+ELYYoB7EO0Cej9UBG30hbgu4RyXA+VbptJ+H042K5QJROUbtnLWuuWosZ5ATldwO
+u03dIXL0SH0ao5NcWBzxU4F2sBXZRGP2x/jiSLHcqoECgYEA4qD7mXQpu1b8XO8U
+6abpKloJCatSAHzjgdR2eRDRx5PMvloipfwqA77pnbjTUFajqWQgOXsDTCjcdQui
+wf5XAaWu+TeAVTytLQbSiTsBhrnoqVrr3RoyDQmdnwHT8aCMouOgcC5thP9vQ8Us
+rVdjvRRbnJpg3BeSNimH+u9AHgsCgYEA0EzcbOltCWPHRAY7B3Ge/AKBjBQr86Kv
+TdpTlxePBDVIlH+BM6oct2gaSZZoHbqPjbq5v7yf0fKVcXE4bSVgqfDJ/sZQu9Lp
+PTeV7wkk0OsAMKk7QukEpPno5q6tOTNnFecpUhVLLlqbfqkB2baYYwLJR3IRzboJ
+FQbLY93E8gkCgYB+zlC5VlQbbNqcLXJoImqItgQkkuW5PCgYdwcrSov2ve5r/Acz
+FNt1aRdSlx4176R3nXyibQA1Vw+ztiUFowiP9WLoM3PtPZwwe4bGHmwGNHPIfwVG
+m+exf9XgKKespYbLhc45tuC08DATnXoYK7O1EnUINSFJRS8cezSI5eHcbQKBgQDC
+PgqHXZ2aVftqCc1eAaxaIRQhRmY+CgUjumaczRFGwVFveP9I6Gdi+Kca3DE3F9Pq
+PKgejo0SwP5vDT+rOGHN14bmGJUMsX9i4MTmZUZ5s8s3lXh3ysfT+GAhTd6nKrIE
+kM3Nh6HWFhROptfc6BNusRh1kX/cspDplK5x8EpJ0QKBgQDWFg6S2je0KtbV5PYe
+RultUEe2C0jYMDQx+JYxbPmtcopvZQrFEur3WKVuLy5UAy7EBvwMnZwIG7OOohJb
+vkSpADK6VPn9lbqq7O8cTedEHttm6otmLt8ZyEl3hZMaL3hbuRj6ysjmoFKx6CrX
+rK0/Ikt5ybqUzKCMJZg2VKGTxg==
+-----END PRIVATE KEY-----)";
+
+	auto role_claim = nlohmann::json{{"my-service", {{"roles", {"foo", "bar", "baz"}}}}};
+
+	auto token = jwt::create()
+					 .set_issuer("auth0")
+					 .set_type("JWT")
+					 .set_id("rsa-create-example")
+					 .set_issued_at(std::chrono::system_clock::now())
+					 .set_expires_at(std::chrono::system_clock::now() + std::chrono::seconds{36000})
+					 .set_payload_claim("resource-access", role_claim)
+					 .sign(jwt::algorithm::rs256("", rsa_priv_key, "", ""));
+
+	std::cout << "token: " << token << std::endl;
+
+	std::string rsa_pub_key = R"(-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGbXWiK3dQTyCbX5xdE4
+yCuYp0AF2d15Qq1JSXT/lx8CEcXb9RbDddl8jGDv+spi5qPa8qEHiK7FwV2KpRE9
+83wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVs
+WXI9C+yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT
+69s7of9+I9l5lsJ9cozf1rxrXX4V1u/SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8
+AziMCxS+VrRPDM+zfvpIJg3JljAh3PJHDiLu902v9w+Iplu1WyoB2aPfitxEhRN0
+YwIDAQAB
+-----END PUBLIC KEY-----)";
+
+	auto decoded = jwt::decode(token);
+
+	for (const auto& e : decoded.get_payload_claims())
+		std::cout << e.first << " = " << e.second << std::endl;
+
+	std::cout << std::endl;
+
+	auto role_verifier = [](const jwt::verify_context& ctx, std::error_code& ec) {
+		using error = jwt::error::token_verification_error;
+
+		auto c = ctx.get_claim(false, ec);
+		if (ec) return;
+		if (c.get_type() == jwt::json::type::object) {
+			auto obj = c.to_json();
+			try {
+				auto roles = obj["my-service"]["roles"].get<nlohmann::json::array_t>();
+				if (roles.end() == std::find(roles.begin(), roles.end(), "foo")) ec = error::claim_value_missmatch;
+			} catch (const std::exception& ex) { ec = error::claim_value_missmatch; }
+		} else
+			ec = error::claim_type_missmatch;
+	};
+
+	auto verifier = jwt::verify()
+						.allow_algorithm(jwt::algorithm::rs256(rsa_pub_key, "", "", ""))
+						.with_issuer("auth0")
+						.with_claim("resource-access", role_verifier);
+
+	try {
+		verifier.verify(decoded);
+		std::cout << "Success!" << std::endl;
+	} catch (const std::exception& ex) { std::cout << "Error: " << ex.what() << std::endl; }
+
+	return 0;
+}
diff --git a/include/jwt-cpp/traits/boost-json/defaults.h b/include/jwt-cpp/traits/boost-json/defaults.h
@@ -77,6 +77,12 @@ namespace jwt {
 	inline jwks<traits::boost_json> parse_jwks(const traits::boost_json::string_type& token) {
 		return jwks<traits::boost_json>(token);
 	}
+
+	/**
+	 * This type is the specialization of the \ref verify_ops::verify_context class which
+	 * uses the standard template types.
+	 */
+	using verify_context = verify_ops::verify_context<traits::boost_json>;
 } // namespace jwt
 
 #endif // JWT_CPP_BOOST_JSON_DEFAULTS_H
diff --git a/include/jwt-cpp/traits/danielaparker-jsoncons/defaults.h b/include/jwt-cpp/traits/danielaparker-jsoncons/defaults.h
@@ -77,6 +77,12 @@ namespace jwt {
 	inline jwks<traits::danielaparker_jsoncons> parse_jwks(const traits::danielaparker_jsoncons::string_type& token) {
 		return jwks<traits::danielaparker_jsoncons>(token);
 	}
+
+	/**
+	 * This type is the specialization of the \ref verify_ops::verify_context class which
+	 * uses the standard template types.
+	 */
+	using verify_context = verify_ops::verify_context<traits::danielaparker_jsoncons>;
 } // namespace jwt
 
 #endif // JWT_CPP_DANIELAPARKER_JSONCONS_DEFAULTS_H
diff --git a/include/jwt-cpp/traits/defaults.h.mustache b/include/jwt-cpp/traits/defaults.h.mustache
@@ -79,6 +79,12 @@ namespace jwt {
 	inline jwks<traits::{{traits_name}}> parse_jwks(const traits::{{traits_name}}::string_type& token) {
 		return jwks<traits::{{traits_name}}>(token);
 	}
+
+	/**
+	 * This type is the specialization of the \ref verify_ops::verify_context class which
+	 * uses the standard template types.
+	 */
+	using verify_context = verify_ops::verify_context<traits::{{traits_name}}>;
 } // namespace jwt
 
 #endif // JWT_CPP_{{traits_name_upper}}_DEFAULTS_H
diff --git a/include/jwt-cpp/traits/kazuho-picojson/defaults.h b/include/jwt-cpp/traits/kazuho-picojson/defaults.h
@@ -73,6 +73,12 @@ namespace jwt {
 	inline jwks<traits::kazuho_picojson> parse_jwks(const traits::kazuho_picojson::string_type& token) {
 		return jwks<traits::kazuho_picojson>(token);
 	}
+
+	/**
+	 * This type is the specialization of the \ref verify_ops::verify_context class which
+	 * uses the standard template types.
+	 */
+	using verify_context = verify_ops::verify_context<traits::kazuho_picojson>;
 } // namespace jwt
 
 #endif // JWT_CPP_KAZUHO_PICOJSON_DEFAULTS_H
diff --git a/include/jwt-cpp/traits/nlohmann-json/defaults.h b/include/jwt-cpp/traits/nlohmann-json/defaults.h
@@ -77,6 +77,12 @@ namespace jwt {
 	inline jwks<traits::nlohmann_json> parse_jwks(const traits::nlohmann_json::string_type& token) {
 		return jwks<traits::nlohmann_json>(token);
 	}
+
+	/**
+	 * This type is the specialization of the \ref verify_ops::verify_context class which
+	 * uses the standard template types.
+	 */
+	using verify_context = verify_ops::verify_context<traits::nlohmann_json>;
 } // namespace jwt
 
 #endif // JWT_CPP_NLOHMANN_JSON_DEFAULTS_H