minor tweeks from code review
This commit is contained in:
parent
fec3b3aeae
commit
3157b7d3ef
@ -60,21 +60,18 @@ void ArduinoJsonJWT::parseJWT(String jwt, JsonDocument &jsonDocument) {
|
|||||||
// clear json document before we begin, jsonDocument wil be null on failure
|
// clear json document before we begin, jsonDocument wil be null on failure
|
||||||
jsonDocument.clear();
|
jsonDocument.clear();
|
||||||
|
|
||||||
// must be of minimum length or greater
|
|
||||||
if (jwt.length() <= JWT_SIG_SIZE + JWT_HEADER_SIZE + 2) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
// must have the correct header and delimiter
|
// must have the correct header and delimiter
|
||||||
if (!jwt.startsWith(JWT_HEADER) || jwt.indexOf('.') != JWT_HEADER_SIZE) {
|
if (!jwt.startsWith(JWT_HEADER) || jwt.indexOf('.') != JWT_HEADER_SIZE) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// must have signature of correct length
|
|
||||||
int signatureDelimiterIndex = jwt.length() - JWT_SIG_SIZE - 1;
|
// check there is a signature delimieter
|
||||||
if (jwt.lastIndexOf('.') != signatureDelimiterIndex) {
|
int signatureDelimiterIndex = jwt.lastIndexOf('.');
|
||||||
|
if (signatureDelimiterIndex == JWT_HEADER_SIZE) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// signature must be correct
|
// check the signature is valid
|
||||||
String signature = jwt.substring(signatureDelimiterIndex + 1);
|
String signature = jwt.substring(signatureDelimiterIndex + 1);
|
||||||
jwt = jwt.substring(0, signatureDelimiterIndex);
|
jwt = jwt.substring(0, signatureDelimiterIndex);
|
||||||
if (sign(jwt) != signature){
|
if (sign(jwt) != signature){
|
||||||
|
@ -11,17 +11,14 @@
|
|||||||
#include <bearssl/bearssl_hmac.h>
|
#include <bearssl/bearssl_hmac.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define JWT_HEADER_SIZE 36
|
|
||||||
#define JWT_SIG_SIZE 43
|
|
||||||
|
|
||||||
class ArduinoJsonJWT {
|
class ArduinoJsonJWT {
|
||||||
|
|
||||||
private:
|
private:
|
||||||
String _secret;
|
String _secret;
|
||||||
|
|
||||||
// {"alg": "HS256", "typ": "JWT"}
|
|
||||||
const String JWT_HEADER = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
|
const String JWT_HEADER = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
|
||||||
|
const size_t JWT_HEADER_SIZE = JWT_HEADER.length();
|
||||||
|
|
||||||
String sign(String &value);
|
String sign(String &value);
|
||||||
|
|
||||||
static String encode(const char *cstr, int len);
|
static String encode(const char *cstr, int len);
|
||||||
|
Loading…
Reference in New Issue
Block a user