From 3157b7d3efb755615f8b658276a3e597c6b3fb7e Mon Sep 17 00:00:00 2001 From: Rick Watson Date: Mon, 3 Jun 2019 21:05:02 +0100 Subject: [PATCH] minor tweeks from code review --- src/ArduinoJsonJWT.cpp | 13 +++++-------- src/ArduinoJsonJWT.h | 7 ++----- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/src/ArduinoJsonJWT.cpp b/src/ArduinoJsonJWT.cpp index 807127f..1018e52 100644 --- a/src/ArduinoJsonJWT.cpp +++ b/src/ArduinoJsonJWT.cpp @@ -60,21 +60,18 @@ void ArduinoJsonJWT::parseJWT(String jwt, JsonDocument &jsonDocument) { // clear json document before we begin, jsonDocument wil be null on failure jsonDocument.clear(); - // must be of minimum length or greater - if (jwt.length() <= JWT_SIG_SIZE + JWT_HEADER_SIZE + 2) { - return; - } // must have the correct header and delimiter if (!jwt.startsWith(JWT_HEADER) || jwt.indexOf('.') != JWT_HEADER_SIZE) { return; } - // must have signature of correct length - int signatureDelimiterIndex = jwt.length() - JWT_SIG_SIZE - 1; - if (jwt.lastIndexOf('.') != signatureDelimiterIndex) { + + // check there is a signature delimieter + int signatureDelimiterIndex = jwt.lastIndexOf('.'); + if (signatureDelimiterIndex == JWT_HEADER_SIZE) { return; } - // signature must be correct + // check the signature is valid String signature = jwt.substring(signatureDelimiterIndex + 1); jwt = jwt.substring(0, signatureDelimiterIndex); if (sign(jwt) != signature){ diff --git a/src/ArduinoJsonJWT.h b/src/ArduinoJsonJWT.h index 8d29e39..fdaeb0b 100644 --- a/src/ArduinoJsonJWT.h +++ b/src/ArduinoJsonJWT.h @@ -11,17 +11,14 @@ #include #endif -#define JWT_HEADER_SIZE 36 -#define JWT_SIG_SIZE 43 - class ArduinoJsonJWT { private: String _secret; - // {"alg": "HS256", "typ": "JWT"} const String JWT_HEADER = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"; - + const size_t JWT_HEADER_SIZE = JWT_HEADER.length(); + String sign(String &value); static String encode(const char *cstr, int len);