2019-05-06 14:50:19 +00:00
|
|
|
#include "ArduinoJsonJWT.h"
|
|
|
|
|
|
|
|
ArduinoJsonJWT::ArduinoJsonJWT(String secret) : _secret(secret) { }
|
|
|
|
|
|
|
|
void ArduinoJsonJWT::setSecret(String secret){
|
2019-05-29 22:48:16 +00:00
|
|
|
_secret = secret;
|
|
|
|
}
|
|
|
|
|
|
|
|
String ArduinoJsonJWT::getSecret(){
|
|
|
|
return _secret;
|
2019-05-06 14:50:19 +00:00
|
|
|
}
|
|
|
|
|
2019-05-06 21:40:24 +00:00
|
|
|
/*
|
|
|
|
* ESP32 uses mbedtls, ESP2866 uses bearssl.
|
|
|
|
*
|
|
|
|
* Both come with decent HMAC implmentations supporting sha256, as well as others.
|
|
|
|
*
|
|
|
|
* No need to pull in additional crypto libraries - lets use what we already have.
|
|
|
|
*/
|
|
|
|
String ArduinoJsonJWT::sign(String &payload) {
|
2019-05-25 16:41:27 +00:00
|
|
|
unsigned char hmacResult[32];
|
2019-05-06 21:40:24 +00:00
|
|
|
{
|
|
|
|
#if defined(ESP_PLATFORM)
|
|
|
|
mbedtls_md_context_t ctx;
|
|
|
|
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
|
|
|
|
mbedtls_md_init(&ctx);
|
|
|
|
mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 1);
|
|
|
|
mbedtls_md_hmac_starts(&ctx, (unsigned char *) _secret.c_str(), _secret.length());
|
|
|
|
mbedtls_md_hmac_update(&ctx, (unsigned char *) payload.c_str(), payload.length());
|
|
|
|
mbedtls_md_hmac_finish(&ctx, hmacResult);
|
|
|
|
mbedtls_md_free(&ctx);
|
|
|
|
#else
|
|
|
|
br_hmac_key_context keyCtx;
|
|
|
|
br_hmac_key_init(&keyCtx, &br_sha256_vtable, _secret.c_str(), _secret.length());
|
|
|
|
br_hmac_context hmacCtx;
|
|
|
|
br_hmac_init(&hmacCtx, &keyCtx, 0);
|
|
|
|
br_hmac_update(&hmacCtx, payload.c_str(), payload.length());
|
|
|
|
br_hmac_out(&hmacCtx, hmacResult);
|
|
|
|
#endif
|
|
|
|
}
|
2019-05-25 16:41:27 +00:00
|
|
|
return encode((char *) hmacResult, 32);
|
2019-05-06 14:50:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
String ArduinoJsonJWT::buildJWT(JsonObject &payload) {
|
|
|
|
// serialize, then encode payload
|
|
|
|
String jwt;
|
|
|
|
serializeJson(payload, jwt);
|
2019-05-25 16:41:27 +00:00
|
|
|
jwt = encode(jwt.c_str(), jwt.length());
|
2019-05-06 14:50:19 +00:00
|
|
|
|
|
|
|
// add the header to payload
|
|
|
|
jwt = JWT_HEADER + '.' + jwt;
|
2019-05-06 21:40:24 +00:00
|
|
|
|
2019-05-06 14:50:19 +00:00
|
|
|
// add signature
|
|
|
|
jwt += '.' + sign(jwt);
|
|
|
|
|
|
|
|
return jwt;
|
|
|
|
}
|
|
|
|
|
|
|
|
void ArduinoJsonJWT::parseJWT(String jwt, JsonDocument &jsonDocument) {
|
|
|
|
// clear json document before we begin, jsonDocument wil be null on failure
|
|
|
|
jsonDocument.clear();
|
|
|
|
|
|
|
|
// must have the correct header and delimiter
|
|
|
|
if (!jwt.startsWith(JWT_HEADER) || jwt.indexOf('.') != JWT_HEADER_SIZE) {
|
|
|
|
return;
|
|
|
|
}
|
2019-06-03 20:05:02 +00:00
|
|
|
|
|
|
|
// check there is a signature delimieter
|
|
|
|
int signatureDelimiterIndex = jwt.lastIndexOf('.');
|
|
|
|
if (signatureDelimiterIndex == JWT_HEADER_SIZE) {
|
2019-05-06 14:50:19 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2019-06-03 20:05:02 +00:00
|
|
|
// check the signature is valid
|
2019-06-02 22:15:56 +00:00
|
|
|
String signature = jwt.substring(signatureDelimiterIndex + 1);
|
|
|
|
jwt = jwt.substring(0, signatureDelimiterIndex);
|
2019-05-06 14:50:19 +00:00
|
|
|
if (sign(jwt) != signature){
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// decode payload
|
|
|
|
jwt = jwt.substring(JWT_HEADER_SIZE + 1);
|
2019-05-11 14:11:11 +00:00
|
|
|
jwt = decode(jwt);
|
2019-05-06 14:50:19 +00:00
|
|
|
|
|
|
|
// parse payload, clearing json document after failure
|
|
|
|
DeserializationError error = deserializeJson(jsonDocument, jwt);
|
|
|
|
if (error != DeserializationError::Ok || !jsonDocument.is<JsonObject>()){
|
|
|
|
jsonDocument.clear();
|
|
|
|
}
|
|
|
|
}
|
2019-05-11 14:11:11 +00:00
|
|
|
|
2019-05-25 16:41:27 +00:00
|
|
|
String ArduinoJsonJWT::encode(const char *cstr, int inputLen) {
|
2019-05-11 14:11:11 +00:00
|
|
|
// prepare encoder
|
|
|
|
base64_encodestate _state;
|
|
|
|
#if defined(ESP8266)
|
|
|
|
base64_init_encodestate_nonewlines(&_state);
|
2019-05-25 16:41:27 +00:00
|
|
|
size_t encodedLength = base64_encode_expected_len_nonewlines(inputLen) + 1;
|
2019-05-11 14:11:11 +00:00
|
|
|
#elif defined(ESP_PLATFORM)
|
|
|
|
base64_init_encodestate(&_state);
|
2019-05-25 16:41:27 +00:00
|
|
|
size_t encodedLength = base64_encode_expected_len(inputLen) + 1;
|
2019-05-11 14:11:11 +00:00
|
|
|
#endif
|
2019-06-02 22:31:00 +00:00
|
|
|
// prepare buffer of correct length, returning an empty string on failure
|
|
|
|
char* buffer = (char*) malloc(encodedLength * sizeof(char));
|
|
|
|
if (buffer == nullptr) {
|
|
|
|
return "";
|
|
|
|
}
|
2019-05-11 14:11:11 +00:00
|
|
|
|
|
|
|
// encode to buffer
|
2019-05-25 16:41:27 +00:00
|
|
|
int len = base64_encode_block(cstr, inputLen, &buffer[0], &_state);
|
2019-05-11 14:11:11 +00:00
|
|
|
len += base64_encode_blockend(&buffer[len], &_state);
|
|
|
|
buffer[len] = 0;
|
|
|
|
|
2019-06-02 22:31:00 +00:00
|
|
|
// convert to arduino string, freeing buffer
|
2019-05-25 16:41:27 +00:00
|
|
|
String value = String(buffer);
|
2019-06-02 22:31:00 +00:00
|
|
|
free(buffer);
|
|
|
|
buffer=nullptr;
|
2019-05-11 14:11:11 +00:00
|
|
|
|
|
|
|
// remove padding and convert to URL safe form
|
2019-06-02 22:15:56 +00:00
|
|
|
while (value.length() > 0 && value.charAt(value.length() - 1) == '='){
|
2019-05-11 14:11:11 +00:00
|
|
|
value.remove(value.length() - 1);
|
|
|
|
}
|
|
|
|
value.replace('+', '-');
|
|
|
|
value.replace('/', '_');
|
|
|
|
|
|
|
|
// return as string
|
|
|
|
return value;
|
|
|
|
}
|
|
|
|
|
|
|
|
String ArduinoJsonJWT::decode(String value) {
|
|
|
|
// convert to standard base64
|
|
|
|
value.replace('-', '+');
|
|
|
|
value.replace( '_', '/');
|
|
|
|
|
|
|
|
// prepare buffer of correct length
|
|
|
|
char buffer[base64_decode_expected_len(value.length()) + 1];
|
|
|
|
|
|
|
|
// decode
|
|
|
|
int len = base64_decode_chars(value.c_str(), value.length(), &buffer[0]);
|
|
|
|
buffer[len] = 0;
|
|
|
|
|
|
|
|
// return as string
|
|
|
|
return String(buffer);
|
|
|
|
}
|