additional verification, better key matching

This commit is contained in:
Moon Man 2024-12-03 14:32:07 -05:00
parent f0e1a7d0e5
commit 9764aa3292
1 changed files with 10 additions and 3 deletions

View File

@ -10,7 +10,7 @@ defmodule BallsPDS.JWT do
generate_jwk(raw_private_key) generate_jwk(raw_private_key)
end end
def generate_jwk(raw_private_key) when is_binary(raw_private_key) do def generate_jwk(<<raw_private_key::binary-size(32)>>) do
public_key = :crypto.generate_key(:eddsa, :ed25519, raw_private_key) |> elem(0) public_key = :crypto.generate_key(:eddsa, :ed25519, raw_private_key) |> elem(0)
%{ %{
@ -91,11 +91,18 @@ defmodule BallsPDS.JWT do
public_jwk = Map.drop(jwk, ["d"]) public_jwk = Map.drop(jwk, ["d"])
signer = Joken.Signer.create("EdDSA", public_jwk) signer = Joken.Signer.create("EdDSA", public_jwk)
Logger.debug("KID: #{get_kid(jwt)}")
case Joken.verify_and_validate(public_jwk, jwt, signer) do case Joken.verify_and_validate(public_jwk, jwt, signer) do
{:ok, claims} -> {:ok, claims} {:ok, claims} -> {:ok, claims}
{:error, reason} -> {:error, reason} {:error, reason} -> {:error, reason}
end end
end end
def verify_jwt(jwt, jwk, subject) when is_binary(subject) do
case verify_jwt(jwt, jwk) do
{:ok, claims = %{"sub" => ^subject}} -> {:ok, claims}
{:ok, %{"sub" => _wrong_subject}} -> {:error, :wrong_subject}
{:ok, _claims} -> {:error, :missing_subject}
error = {:error, _} -> error
end
end
end end