You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by jr...@apache.org on 2019/01/08 23:29:12 UTC
[trafficserver] branch master updated: Repurpose sub claim and add
cdniuc support
This is an automated email from the ASF dual-hosted git repository.
jrushford pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new ee16b64 Repurpose sub claim and add cdniuc support
ee16b64 is described below
commit ee16b64cfe56ee4ac30128a6dc465d9238a5f42f
Author: Dylan Souza <dy...@comcast.com>
AuthorDate: Tue Nov 13 21:52:24 2018 +0000
Repurpose sub claim and add cdniuc support
---
plugins/experimental/uri_signing/jwt.c | 14 +++++---------
plugins/experimental/uri_signing/jwt.h | 3 ++-
plugins/experimental/uri_signing/parse.c | 2 +-
3 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/plugins/experimental/uri_signing/jwt.c b/plugins/experimental/uri_signing/jwt.c
index 0942c84..9324ca8 100644
--- a/plugins/experimental/uri_signing/jwt.c
+++ b/plugins/experimental/uri_signing/jwt.c
@@ -63,6 +63,7 @@ parse_jwt(json_t *raw)
jwt->cdniv = parse_integer_default(json_object_get(raw, "cdniv"), 1);
jwt->cdnicrit = json_string_value(json_object_get(raw, "cdnicrit"));
jwt->cdniip = json_string_value(json_object_get(raw, "cdniip"));
+ jwt->cdniuc = json_string_value(json_object_get(raw, "cdniuc"));
jwt->cdniets = json_integer_value(json_object_get(raw, "cdniets"));
jwt->cdnistt = json_integer_value(json_object_get(raw, "cdnistt"));
jwt->cdnistd = parse_integer_default(json_object_get(raw, "cdnistd"), 0);
@@ -114,13 +115,8 @@ jwt_validate(struct jwt *jwt)
return false;
}
- if (!jwt->sub) { /* Mandatory claim. Will be validated after key verification. */
- PluginDebug("Initial JWT Failure: missing sub");
- return false;
- }
-
if (!unsupported_string_claim(jwt->aud)) {
- PluginDebug("Initial JWT Failure: missing sub");
+ PluginDebug("Initial JWT Failure: aud unsupported");
return false;
}
@@ -163,17 +159,17 @@ jwt_validate(struct jwt *jwt)
}
bool
-jwt_check_uri(const char *sub, const char *uri)
+jwt_check_uri(const char *cdniuc, const char *uri)
{
static const char CONT_URI_STR[] = "uri";
static const char CONT_URI_PATTERN_STR[] = "uri-pattern";
static const char CONT_URI_REGEX_STR[] = "uri-regex";
- if (!sub || !*sub || !uri) {
+ if (!cdniuc || !*cdniuc || !uri) {
return false;
}
- const char *kind = sub, *container = sub;
+ const char *kind = cdniuc, *container = cdniuc;
while (*container && *container != ':') {
++container;
}
diff --git a/plugins/experimental/uri_signing/jwt.h b/plugins/experimental/uri_signing/jwt.h
index f0bd67a..5e09f02 100644
--- a/plugins/experimental/uri_signing/jwt.h
+++ b/plugins/experimental/uri_signing/jwt.h
@@ -31,6 +31,7 @@ struct jwt {
int cdniv;
const char *cdnicrit;
const char *cdniip;
+ const char *cdniuc;
int cdniets;
int cdnistt;
int cdnistd;
@@ -38,7 +39,7 @@ struct jwt {
struct jwt *parse_jwt(json_t *raw);
void jwt_delete(struct jwt *jwt);
bool jwt_validate(struct jwt *jwt);
-bool jwt_check_uri(const char *sub, const char *uri);
+bool jwt_check_uri(const char *cdniuc, const char *uri);
struct _cjose_jwk_int;
char *renew(struct jwt *jwt, const char *iss, struct _cjose_jwk_int *jwk, const char *alg, const char *package);
diff --git a/plugins/experimental/uri_signing/parse.c b/plugins/experimental/uri_signing/parse.c
index 6f7d421..a53c60f 100644
--- a/plugins/experimental/uri_signing/parse.c
+++ b/plugins/experimental/uri_signing/parse.c
@@ -184,7 +184,7 @@ validate_jws(cjose_jws_t *jws, struct config *cfg, const char *uri, size_t uri_c
}
}
- if (!jwt_check_uri(jwt->sub, uri)) {
+ if (!jwt_check_uri(jwt->cdniuc, uri)) {
PluginDebug("Valid key for %16p that does not match uri.", jws);
goto jwt_fail;
}