additional verification, better key matching
This commit is contained in:
parent
f0e1a7d0e5
commit
9764aa3292
|
@ -10,7 +10,7 @@ defmodule BallsPDS.JWT do
|
||||||
generate_jwk(raw_private_key)
|
generate_jwk(raw_private_key)
|
||||||
end
|
end
|
||||||
|
|
||||||
def generate_jwk(raw_private_key) when is_binary(raw_private_key) do
|
def generate_jwk(<<raw_private_key::binary-size(32)>>) do
|
||||||
public_key = :crypto.generate_key(:eddsa, :ed25519, raw_private_key) |> elem(0)
|
public_key = :crypto.generate_key(:eddsa, :ed25519, raw_private_key) |> elem(0)
|
||||||
|
|
||||||
%{
|
%{
|
||||||
|
@ -91,11 +91,18 @@ defmodule BallsPDS.JWT do
|
||||||
public_jwk = Map.drop(jwk, ["d"])
|
public_jwk = Map.drop(jwk, ["d"])
|
||||||
signer = Joken.Signer.create("EdDSA", public_jwk)
|
signer = Joken.Signer.create("EdDSA", public_jwk)
|
||||||
|
|
||||||
Logger.debug("KID: #{get_kid(jwt)}")
|
|
||||||
|
|
||||||
case Joken.verify_and_validate(public_jwk, jwt, signer) do
|
case Joken.verify_and_validate(public_jwk, jwt, signer) do
|
||||||
{:ok, claims} -> {:ok, claims}
|
{:ok, claims} -> {:ok, claims}
|
||||||
{:error, reason} -> {:error, reason}
|
{:error, reason} -> {:error, reason}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def verify_jwt(jwt, jwk, subject) when is_binary(subject) do
|
||||||
|
case verify_jwt(jwt, jwk) do
|
||||||
|
{:ok, claims = %{"sub" => ^subject}} -> {:ok, claims}
|
||||||
|
{:ok, %{"sub" => _wrong_subject}} -> {:error, :wrong_subject}
|
||||||
|
{:ok, _claims} -> {:error, :missing_subject}
|
||||||
|
error = {:error, _} -> error
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue