48 lines
1 KiB
Go
48 lines
1 KiB
Go
|
package jwt
|
||
|
|
||
|
func verifyPrincipals(pcpls, auds []string) bool {
|
||
|
// "Each principal intended to process the JWT MUST
|
||
|
// identify itself with a value in the audience claim."
|
||
|
// - https://tools.ietf.org/html/rfc7519#section-4.1.3
|
||
|
|
||
|
found := -1
|
||
|
for i, p := range pcpls {
|
||
|
for _, v := range auds {
|
||
|
if p == v {
|
||
|
found++
|
||
|
break
|
||
|
}
|
||
|
}
|
||
|
if found != i {
|
||
|
return false
|
||
|
}
|
||
|
}
|
||
|
return true
|
||
|
}
|
||
|
|
||
|
// ValidAudience returns true iff:
|
||
|
// - a and b are strings and a == b
|
||
|
// - a is string, b is []string and a is in b
|
||
|
// - a is []string, b is []string and all of a is in b
|
||
|
// - a is []string, b is string and len(a) == 1 and a[0] == b
|
||
|
func ValidAudience(a, b interface{}) bool {
|
||
|
s1, ok := a.(string)
|
||
|
if ok {
|
||
|
if s2, ok := b.(string); ok {
|
||
|
return s1 == s2
|
||
|
}
|
||
|
a2, ok := b.([]string)
|
||
|
return ok && verifyPrincipals([]string{s1}, a2)
|
||
|
}
|
||
|
|
||
|
a1, ok := a.([]string)
|
||
|
if !ok {
|
||
|
return false
|
||
|
}
|
||
|
if a2, ok := b.([]string); ok {
|
||
|
return verifyPrincipals(a1, a2)
|
||
|
}
|
||
|
s2, ok := b.(string)
|
||
|
return ok && len(a1) == 1 && a1[0] == s2
|
||
|
}
|