XRootD
XrdSecztn Namespace Reference

Functions

bool isJWT (const char *)
 

Function Documentation

◆ isJWT()

bool XrdSecztn::isJWT ( const char *  b64data)

Definition at line 142 of file XrdSecztn.cc.

143 {
144  size_t inBytes, outBytes;
145  const char *dot;
146  char *key, *outData, inData[1024];
147 
148 // Skip over the header should it exist (sommetime it does sometimes not)
149 //
150  if (!strncmp(b64data, "Bearer%20", 9)) b64data += 9;
151 
152 // We are only interested in the header which must appear first and be
153 // separated by a dot from subsequent tokens. If it does not have the
154 // dot then we assume it's not returnable. Otherwise truncate it at the dot.
155 //
156  if (!(dot = index(b64data, '.'))) return false;
157 
158 // Copy out the token segment we wish to check. The JWT header can never be
159 // more than 1K long and that's being way generous.
160 //
161  inBytes = dot - b64data;
162  if (inBytes >= (int)sizeof(inData)) return false;
163  memcpy(inData, b64data, inBytes);
164  inData[inBytes] = 0;
165 
166 // Allocate a buffer large enough to hold the result. Get it from the stack.
167 //
168  outBytes = DecodeBytesNeeded(inBytes);
169  outData = (char *)alloca(outBytes);
170 
171 // If we can't decode what we have then indicate this is not returnable
172 //
173  if (DecodeUrl(inData, inBytes, outData, outBytes)) return false;
174 
175 // The json object must start/end with a brace and must contain the key:value
176 // of '"typ":"JWT"', other elements may change but not this one.
177 //
178  if (outBytes <= 0 || *outData != '{' || outData[outBytes-1] != '}')
179  return false;
180 
181 // Search for the key
182 //
183  if (!(key = strstr(outData, "\"typ\""))) return false;
184 
185 // Subsequently there should be a colon or spaces but nothing more
186 //
187  key += 5;
188  while(*key == ' ') key++;
189  if (*key != ':') return false;
190 
191 // There may be more spaces but anything else must be the expected value
192 //
193  key++;
194  while(*key == ' ') key++;
195  return strncmp(key, "\"JWT\"", 5) == 0;
196 }