aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/github.com/dgrijalva/jwt-go/none.go
blob: f04d189d067bec2c78f6214e0038e470a0ffe3d0 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package jwt

// Implements the none signing method.  This is required by the spec
// but you probably should never use it.
var SigningMethodNone *signingMethodNone

const UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed"

var NoneSignatureTypeDisallowedError error

type signingMethodNone struct{}
type unsafeNoneMagicConstant string

func init() {
    SigningMethodNone = &signingMethodNone{}
    NoneSignatureTypeDisallowedError = NewValidationError("'none' signature type is not allowed", ValidationErrorSignatureInvalid)

    RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod {
        return SigningMethodNone
    })
}

func (m *signingMethodNone) Alg() string {
    return "none"
}

// Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key
func (m *signingMethodNone) Verify(signingString, signature string, key interface{}) (err error) {
    // Key must be UnsafeAllowNoneSignatureType to prevent accidentally
    // accepting 'none' signing method
    if _, ok := key.(unsafeNoneMagicConstant); !ok {
        return NoneSignatureTypeDisallowedError
    }
    // If signing method is none, signature must be an empty string
    if signature != "" {
        return NewValidationError(
            "'none' signing method with non-empty signature",
            ValidationErrorSignatureInvalid,
        )
    }

    // Accept 'none' signing method.
    return nil
}

// Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key
func (m *signingMethodNone) Sign(signingString string, key interface{}) (string, error) {
    if _, ok := key.(unsafeNoneMagicConstant); ok {
        return "", nil
    }
    return "", NoneSignatureTypeDisallowedError
}