jwt/token/verifytoken.go

94 lines
2.9 KiB
Go

// Copyright © 2018 ehlxr <ehlxr.me@gmail.com>
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
package token
import (
"fmt"
"os"
"regexp"
"github.com/dgrijalva/jwt-go"
"github.com/spf13/cobra"
)
// Verify a token and output the claims. This is a great example
// of how to verify and view a token.
func VerifyToken(cmd *cobra.Command) error {
flagToken := cmd.LocalFlags().Lookup("token").Value.String()
flagKey := cmd.LocalFlags().Lookup("key").Value.String()
flagCompact := promptCompact()
flagDebug := promptDebug()
flagAlg, err := promptAlg()
if err != nil {
return fmt.Errorf("Prompt flagAlg failed %v\n", err)
}
// get the token
tokData, err := loadData(flagToken)
if err != nil {
return fmt.Errorf("couldn't read token: %v", err)
}
// trim possible whitespace from token
tokData = regexp.MustCompile(`\s*$`).ReplaceAll(tokData, []byte{})
if flagDebug {
_, _ = fmt.Fprintf(os.Stderr, "Token len: %v bytes\n", len(tokData))
}
// Parse the token. Load the key from command line option
token, err := jwt.Parse(string(tokData), func(t *jwt.Token) (interface{}, error) {
data, err := loadData(flagKey)
if err != nil {
return nil, err
}
if isEs(flagAlg) {
return jwt.ParseECPublicKeyFromPEM(data)
} else if isRs(flagAlg) {
return jwt.ParseRSAPublicKeyFromPEM(data)
}
return data, nil
})
// Print some debug data
if flagDebug && token != nil {
_, _ = fmt.Fprintf(os.Stderr, "Header:\n%v\n", token.Header)
_, _ = fmt.Fprintf(os.Stderr, "Claims:\n%v\n", token.Claims)
}
// Print an error if we can't parse for some reason
if err != nil {
return fmt.Errorf("couldn't parse token: %v", err)
}
// Is token invalid?
if !token.Valid {
return fmt.Errorf("token is invalid")
}
// Print the token details
if err := printJSON(token.Claims, flagCompact); err != nil {
return fmt.Errorf("failed to output claims: %v", err)
}
return nil
}