Skip to content

Commit

Permalink
fix: Close #27, #28. Fix token validation.
Browse files Browse the repository at this point in the history
  • Loading branch information
@me-viper
me-viper committed Jan 23, 2024
1 parent 2eb1190 commit 3833e2d
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 5 deletions.
18 changes: 13 additions & 5 deletions src/OpaDotNet.Wasm/DefaultOpaImportsAbi.Jwt.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,14 @@ private object[] JwtDecodeVerify(string jwt, JwtConstraints? constraints)
else
{
var jwks = new JsonWebKeySet(constraints.Cert);
result.IssuerSigningKeys = jwks.Keys;

if (jwks.Keys.Count > 0)
result.IssuerSigningKeys = jwks.Keys;
else
{
var k = new JsonWebKey(constraints.Cert);
result.IssuerSigningKey = k;
}
}
}

Expand All @@ -119,7 +126,7 @@ private object[] JwtDecodeVerify(string jwt, JwtConstraints? constraints)
result.LifetimeValidator = (before, expires, _, _) =>
{
var now = Now();
return now.Date >= (before ?? now.Date) && now.Date <= (expires ?? now.Date);
return now.DateTime >= (before ?? now.DateTime) && now.DateTime <= (expires ?? now.DateTime);
};

if (constraints.Time != null)
Expand All @@ -128,9 +135,10 @@ private object[] JwtDecodeVerify(string jwt, JwtConstraints? constraints)

result.LifetimeValidator = (before, expires, _, _) =>
{
var ticks = (constraints.Time.Value / 100) + DateTimeOffset.UnixEpoch.Ticks;
var now = new DateTimeOffset(ticks, TimeSpan.Zero);
return now.Date >= (before ?? now.Date) && now.Date <= expires;
var beforeNs = before?.ToUniversalTime().Subtract(DateTimeOffset.UnixEpoch.DateTime).TotalNanoseconds;
var expiresNs = expires?.ToUniversalTime().Subtract(DateTimeOffset.UnixEpoch.DateTime).TotalNanoseconds;
var timeNs = (double)constraints.Time;
return (beforeNs == null || timeNs >= beforeNs) && (expiresNs == null || timeNs <= expiresNs);
};
}

Expand Down
43 changes: 43 additions & 0 deletions tests/SdkBuiltinsTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -514,12 +514,55 @@ public async Task JwtVerifyAud(string func, string expected)
$$"""io.jwt.decode_verify("{{JwtVerifyTimeToken}}", {"time": 1689055447000000000, "secret": "{{JwtVerifyTimeSecret}}"})""",
"""[true,{"alg":"HS512","typ":"JWT"},{"iss": "xxx", "exp": 1689141847, "nbf": 1688969047}]"""
)]
[InlineData(
$$"""io.jwt.decode_verify("{{JwtVerifyTimeToken}}", {"time": 1688969047000000001, "secret": "{{JwtVerifyTimeSecret}}"})""",
"""[true,{"alg":"HS512","typ":"JWT"},{"iss": "xxx", "exp": 1689141847, "nbf": 1688969047}]"""
)]
[InlineData(
$$"""io.jwt.decode_verify("{{JwtVerifyTimeToken}}", {"time": 1689141846999999999, "secret": "{{JwtVerifyTimeSecret}}"})""",
"""[true,{"alg":"HS512","typ":"JWT"},{"iss": "xxx", "exp": 1689141847, "nbf": 1688969047}]"""
)]
public async Task JwtVerifyTime(string func, string expected)
{
var result = await RunTestCase(func, expected);
Assert.True(result.Assert);
}

[Fact]
public async Task JwtNoTime()
{
var src = """
package sdk
s := {
"kty": "oct",
"k": "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
}
t := io.jwt.encode_sign(
{
"typ": "JWT",
"alg": "HS256",
},
{
"iss": "joe",
},
s,
)
x := io.jwt.decode_verify(t, {"time": 1300819379000000000, "cert": json.marshal(s)})
r := x[0]
""";
using var eval = await Build(src, "sdk");

var result = eval.EvaluateValue(
new { r = false, },
"sdk"
);

Assert.True(result.r);
}

[Fact]
public async Task JwtJwkCerts()
{
Expand Down

0 comments on commit 3833e2d

Please # to comment.