git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
jose
1
0
Fork 0
Files
Tree: d08aaf3756
Branches Tags
jose
/
cmd
/
jws
/
ver.c

ver.c 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172 
  1. /* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
    2. 

  2. /*
    3. 

  3.  * Copyright 2016 Red Hat, Inc.
    4. 

  4.  *
    5. 

  5.  * Licensed under the Apache License, Version 2.0 (the "License");
    6. 

  6.  * you may not use this file except in compliance with the License.
    7. 

  7.  * You may obtain a copy of the License at
    8. 

  8.  *
    9. 

  9.  *     http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10.  *
    11. 

  11.  * Unless required by applicable law or agreed to in writing, software
    12. 

  12.  * distributed under the License is distributed on an "AS IS" BASIS,
    13. 

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14. 

  14.  * See the License for the specific language governing permissions and
    15. 

  15.  * limitations under the License.
    16. 

  16.  */
    17. 

  17. 

  18. #include "jws.h"
    19. 

  19. #include <string.h>
    20. 

  20. #include <unistd.h>
    21. 

  21. 

  22. #define BLOCKS 1024
    23. 

  23. #define SUMMARY "Verifies a JWS using the supplied JWKs and outputs payload"
    24. 

  24. 

  25. typedef struct {
    26. 

  26.     jcmd_opt_io_t io;
    27. 

  27.     json_t *keys;
    28. 

  28.     bool all;
    29. 

  29. } jcmd_opt_t;
    30. 

  30. 

  31. static const char *prefix =
    32. 

  32. "jose jws ver -i JWS [-I PAY] -k JWK [-a] [-O PAY]\n\n" SUMMARY;
    33. 

  33. 

  34. static const jcmd_doc_t doc_all[] = {
    35. 

  35.     { .doc="Ensure the JWS validates with all keys" },
    36. 

  36.     {}
    37. 

  37. };
    38. 

  38. 

  39. static const jcmd_doc_t doc_detach[] = {
    40. 

  40.     { .arg = "FILE", .doc="Decode payload to FILE" },
    41. 

  41.     { .arg = "-",    .doc="Decode payload to standard output" },
    42. 

  42.     {}
    43. 

  43. };
    44. 

  44. 

  45. static const jcmd_cfg_t cfgs[] = {
    46. 

  46.     {
    47. 

  47.         .opt = { "input", required_argument, .val = 'i' },
    48. 

  48.         .off = offsetof(jcmd_opt_t, io),
    49. 

  49.         .set = jcmd_opt_io_set_input,
    50. 

  50.         .doc = jcmd_jws_doc_input,
    51. 

  51.     },
    52. 

  52.     {
    53. 

  53.         .opt = { "detached", required_argument, .val = 'I' },
    54. 

  54.         .off = offsetof(jcmd_opt_t, io.detached),
    55. 

  55.         .set = jcmd_opt_set_ifile,
    56. 

  56.         .doc = jcmd_jws_doc_detached,
    57. 

  57.     },
    58. 

  58.     {
    59. 

  59.         .opt = { "key", required_argument, .val = 'k' },
    60. 

  60.         .off = offsetof(jcmd_opt_t, keys),
    61. 

  61.         .set = jcmd_opt_set_jwks,
    62. 

  62.         .doc = jcmd_doc_key,
    63. 

  63.     },
    64. 

  64.     {
    65. 

  65.         .opt = { "detach", required_argument, .val = 'O' },
    66. 

  66.         .off = offsetof(jcmd_opt_t, io.detach),
    67. 

  67.         .set = jcmd_opt_set_ofile,
    68. 

  68.         .doc = doc_detach,
    69. 

  69.     },
    70. 

  70.     {
    71. 

  71.         .opt = { "all", no_argument, .val = 'a' },
    72. 

  72.         .off = offsetof(jcmd_opt_t, all),
    73. 

  73.         .set = jcmd_opt_set_flag,
    74. 

  74.         .doc = doc_all,
    75. 

  75.     },
    76. 

  76.     {}
    77. 

  77. };
    78. 

  78. 

  79. static void
    80. 

  80. jcmd_opt_cleanup(jcmd_opt_t *sig)
    81. 

  81. {
    82. 

  82.     jcmd_opt_io_cleanup(&sig->io);
    83. 

  83.     json_decref(sig->keys);
    84. 

  84. }
    85. 

  85. 

  86. static bool
    87. 

  87. validate_input(const jcmd_opt_t *opt, json_t **sigs)
    88. 

  88. {
    89. 

  89.     if (json_array_size(opt->keys) == 0) {
    90. 

  90.         fprintf(stderr, "MUST specify a JWK(Set)!\n");
    91. 

  91.         return false;
    92. 

  92.     }
    93. 

  93. 

  94.     if (!opt->io.obj) {
    95. 

  95.         fprintf(stderr, "Invalid JWS!\n");
    96. 

  96.         return false;
    97. 

  97.     }
    98. 

  98. 

  99.     *sigs = json_incref(json_object_get(opt->io.obj, "signatures"));
    100. 

  100.     if (!*sigs)
    101. 

  101.         *sigs = json_pack("[O]", opt->io.obj);
    102. 

  102.     if (!json_is_array(*sigs)) {
    103. 

  103.         fprintf(stderr, "Signatures value must be an array!\n");
    104. 

  104.         return false;
    105. 

  105.     }
    106. 

  106. 

  107.     return true;
    108. 

  108. }
    109. 

  109. 

  110. static int
    111. 

  111. jcmd_jws_ver(int argc, char *argv[])
    112. 

  112. {
    113. 

  113.     jcmd_opt_auto_t opt = { .io.fields = jcmd_jws_fields };
    114. 

  114.     jose_io_auto_t *io = NULL;
    115. 

  115.     json_auto_t *sigs = NULL;
    116. 

  116. 

  117.     if (!jcmd_opt_parse(argc, argv, cfgs, &opt, prefix))
    118. 

  118.         return EXIT_FAILURE;
    119. 

  119. 

  120.     if (!validate_input(&opt, &sigs))
    121. 

  121.         return EXIT_FAILURE;
    122. 

  122. 

  123.     io = jose_jws_ver_io(NULL, opt.io.obj, NULL, opt.keys, opt.all);
    124. 

  124.     io = jcmd_jws_prep_io(&opt.io, io);
    125. 

  125.     if (!io) {
    126. 

  126.         fprintf(stderr, "Error initializing signature context!\n");
    127. 

  127.         return EXIT_FAILURE;
    128. 

  128.     }
    129. 

  129. 

  130.     if (opt.io.detached || opt.io.input) {
    131. 

  131.         FILE *f = opt.io.detached ? opt.io.detached : opt.io.input;
    132. 

  132. 

  133.         for (int c = fgetc(f); c != EOF; c = fgetc(f)) {
    134. 

  134.             uint8_t b = c;
    135. 

  135. 

  136.             if (!opt.io.detached && b == '.')
    137. 

  137.                 break;
    138. 

  138. 

  139.             if (!io->feed(io, &b, sizeof(b)))
    140. 

  140.                 return EXIT_FAILURE;
    141. 

  141.         }
    142. 

  142. 

  143.         for (int c = 0; opt.io.detached && opt.io.input && c != EOF && c != '.'; )
    144. 

  144.             c = fgetc(opt.io.input);
    145. 

  145.     } else {
    146. 

  146.         const char *pay = NULL;
    147. 

  147.         size_t payl = 0;
    148. 

  148. 

  149.         if (json_unpack(opt.io.obj, "{s?s%}", "payload", &pay, &payl) < 0)
    150. 

  150.             return EXIT_FAILURE;
    151. 

  151. 

  152.         if (!io->feed(io, pay ? pay : "", payl))
    153. 

  153.             return EXIT_FAILURE;
    154. 

  154.     }
    155. 

  155. 

  156.     if (opt.io.input) {
    157. 

  157.         if (json_object_set_new(opt.io.obj, "signature",
    158. 

  158.                                 jcmd_compact_field(opt.io.input)) < 0) {
    159. 

  159.             fprintf(stderr, "Error reading last compact field!\n");
    160. 

  160.             return EXIT_FAILURE;
    161. 

  161.         }
    162. 

  162.     }
    163. 

  163. 

  164.     if (!io->done(io)) {
    165. 

  165.         fprintf(stderr, "Signature validation failed!\n");
    166. 

  166.         return EXIT_FAILURE;
    167. 

  167.     }
    168. 

  168. 

  169.     return EXIT_SUCCESS;
    170. 

  170. }
    171. 

  171. 

  172. JCMD_REGISTER(SUMMARY, jcmd_jws_ver, "jws", "ver")
    173.