blob: f04d189d067bec2c78f6214e0038e470a0ffe3d0 [file] [log] [blame]
khenaidooab1f7bd2019-11-14 14:00:27 -05001package jwt
2
3// Implements the none signing method. This is required by the spec
4// but you probably should never use it.
5var SigningMethodNone *signingMethodNone
6
7const UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed"
8
9var NoneSignatureTypeDisallowedError error
10
11type signingMethodNone struct{}
12type unsafeNoneMagicConstant string
13
14func init() {
15 SigningMethodNone = &signingMethodNone{}
16 NoneSignatureTypeDisallowedError = NewValidationError("'none' signature type is not allowed", ValidationErrorSignatureInvalid)
17
18 RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod {
19 return SigningMethodNone
20 })
21}
22
23func (m *signingMethodNone) Alg() string {
24 return "none"
25}
26
27// Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key
28func (m *signingMethodNone) Verify(signingString, signature string, key interface{}) (err error) {
29 // Key must be UnsafeAllowNoneSignatureType to prevent accidentally
30 // accepting 'none' signing method
31 if _, ok := key.(unsafeNoneMagicConstant); !ok {
32 return NoneSignatureTypeDisallowedError
33 }
34 // If signing method is none, signature must be an empty string
35 if signature != "" {
36 return NewValidationError(
37 "'none' signing method with non-empty signature",
38 ValidationErrorSignatureInvalid,
39 )
40 }
41
42 // Accept 'none' signing method.
43 return nil
44}
45
46// Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key
47func (m *signingMethodNone) Sign(signingString string, key interface{}) (string, error) {
48 if _, ok := key.(unsafeNoneMagicConstant); ok {
49 return "", nil
50 }
51 return "", NoneSignatureTypeDisallowedError
52}