Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT API for reading/writing JSON Web Tickets #50

Closed
michaelrsweet opened this issue Mar 22, 2023 · 5 comments
Closed

JWT API for reading/writing JSON Web Tickets #50

michaelrsweet opened this issue Mar 22, 2023 · 5 comments
Assignees
@michaelrsweet
Labels
enhancement New feature or request priority-high
Milestone
v3.0

Comments

@michaelrsweet
Copy link
Member

Add a JWT API for reading and writing JSON Web Tokens (JWT), JSON Web Encryption (JWE), and JSON Web Signatures (JWS).

Relevant standards:
@michaelrsweet michaelrsweet added enhancement New feature or request priority-high labels Mar 22, 2023
@michaelrsweet michaelrsweet added this to the v3.0 milestone Mar 22, 2023
@michaelrsweet michaelrsweet self-assigned this Mar 22, 2023
@michaelrsweet
Copy link
Member Author

Preliminary API (work-in-progress):

#define CUPS_JWT_AUD "aud" // JWT audience claim
#define CUPS_JWT_EXP "exp" // JWT expiration date/time claim
#define CUPS_JWT_IAT "iat" // JWT issued at date/time claim
#define CUPS_JWT_ISS "iss" // JWT issuer claim
#define CUPS_JWT_JTI "jti" // JWT unique identifier claim
#define CUPS_JWT_NBF "nbf" // JWT not before date/time claim
#define CUPS_JWT_SUB "sub" // JWT subject claim

typedef struct _cups_jwt_s cups_jwt_t; // JSON Web Token

extern void cupsJWTDelete(cups_jwt_t *jwt) _CUPS_PUBLIC;
extern char *cupsJWTExport(cups_jwt_t *jwt) _CUPS_PUBLIC;
extern cups_jwt_t *cupsJWTImport(const char *token) _CUPS_PUBLIC;
extern cups_jwt_t *cupsJWTNew(const char *type, const char *algorithm, cups_json_t *keys, size_t num_claims, cups_option_t *claims) _CUPS_PUBLIC;

michaelrsweet added a commit that referenced this issue Apr 4, 2023
@michaelrsweet
Save work on JWT additions (Issue #50)
868ace5
michaelrsweet added a commit that referenced this issue Apr 8, 2023
@michaelrsweet
JWT+RSA support (Issue #50)
00f35eb
michaelrsweet added a commit that referenced this issue Apr 9, 2023
@michaelrsweet
Add initial GNU TLS support code (Issue #50)
a95796d
michaelrsweet added a commit that referenced this issue Apr 9, 2023
@michaelrsweet
Fix up GNU TLS implementation (Issue #50)
9e57de0
@michaelrsweet
Copy link
Member Author

Latest API:

//
// Constants...
//

#define CUPS_JWT_AUD	"aud"		// JWT audience claim
#define CUPS_JWT_EXP	"exp"		// JWT expiration date/time claim
#define CUPS_JWT_IAT	"iat"		// JWT issued at date/time claim
#define CUPS_JWT_ISS	"iss"		// JWT issuer claim (authorization server)
#define CUPS_JWT_JTI	"jti"		// JWT unique identifier claim
#define CUPS_JWT_NAME	"name"		// OpenID display name
#define CUPS_JWT_NBF	"nbf"		// JWT not before date/time claim
#define CUPS_JWT_SUB	"sub"		// JWT subject claim (username/ID)


//
// Types...
//

typedef enum cups_jwa_e			// JSON Web Algorithms
{
  CUPS_JWA_NONE,			// No algorithm
  CUPS_JWA_HS256,			// HMAC using SHA-256
  CUPS_JWA_HS384,			// HMAC using SHA-384
  CUPS_JWA_HS512,			// HMAC using SHA-512
  CUPS_JWA_RS256,			// RSASSA-PKCS1-v1_5 using SHA-256
  CUPS_JWA_RS384,			// RSASSA-PKCS1-v1_5 using SHA-384
  CUPS_JWA_RS512,			// RSASSA-PKCS1-v1_5 using SHA-512
  CUPS_JWA_ES256,			// ECDSA using P-256 and SHA-256
  CUPS_JWA_ES384,			// ECDSA using P-384 and SHA-384
  CUPS_JWA_ES512,			// ECDSA using P-521 and SHA-512
  CUPS_JWA_MAX				// @private@ Maximum JWA value
} cups_jwa_t;

typedef struct _cups_jwt_s cups_jwt_t;	// JSON Web Token


//
// Functions...
//

extern void		cupsJWTDelete(cups_jwt_t *jwt) _CUPS_PUBLIC;
extern char		*cupsJWTExportString(cups_jwt_t *jwt) _CUPS_PUBLIC;
extern cups_jwa_t	cupsJWTGetAlgorithm(cups_jwt_t *jwt) _CUPS_PUBLIC;
extern double		cupsJWTGetClaimNumber(cups_jwt_t *jwt, const char *claim) _CUPS_PUBLIC;
extern const char	*cupsJWTGetClaimString(cups_jwt_t *jwt, const char *claim) _CUPS_PUBLIC;
extern cups_jtype_t	cupsJWTGetClaimType(cups_jwt_t *jwt, const char *claim) _CUPS_PUBLIC;
extern cups_json_t	*cupsJWTGetClaimValue(cups_jwt_t *jwt, const char *claim) _CUPS_PUBLIC;
extern cups_json_t	*cupsJWTGetClaims(cups_jwt_t *jwt) _CUPS_PUBLIC;
extern bool		cupsJWTHasValidSignature(cups_jwt_t *jwt, cups_json_t *keys) _CUPS_PUBLIC;
extern cups_jwt_t	*cupsJWTImportString(const char *token) _CUPS_PUBLIC;
extern cups_jwt_t	*cupsJWTNew(const char *type) _CUPS_PUBLIC;
extern void		cupsJWTSetClaimNumber(cups_jwt_t *jwt, const char *claim, double value) _CUPS_PUBLIC;
extern void		cupsJWTSetClaimString(cups_jwt_t *jwt, const char *claim, const char *value) _CUPS_PUBLIC;
extern void		cupsJWTSetClaimValue(cups_jwt_t *jwt, const char *claim, cups_json_t *value) _CUPS_PUBLIC;
extern bool		cupsJWTSign(cups_jwt_t *jwt, cups_jwa_t alg, cups_json_t *keys) _CUPS_PUBLIC;

@michaelrsweet
Copy link
Member Author

michaelrsweet commented Apr 9, 2023
edited
Loading

Todo:

  • Basic JWT API - creation, import, export, examination
  • Support for HMAC (HS256/384/512) JSON Web Signatures
  • Support for RSASSA-PKCS1-v1_5 (RS256/384/512) JSON Web Signatures
  • Support for ECDSA using P-256/384/521 (ES256/384/512) JSON Web Signatures
  • Support for loading JSON Web Key Sets
  • Support for generating JSON Web Key Sets for all supported signing methods

@michaelrsweet
Copy link
Member Author

Still working on ECDSA support - the code is there but currently the unit tests are failing with the JWS examples.

Also want to provide reliable JWK generation.

michaelrsweet added a commit that referenced this issue Apr 10, 2023
@michaelrsweet
Implement OpenSSL key generation and unit tests (Issue #50)
900db19
michaelrsweet added a commit that referenced this issue Apr 10, 2023
@michaelrsweet
Fix EC signature handling for OpenSSL (Issue #50)
c331184
michaelrsweet added a commit that referenced this issue Apr 10, 2023
@michaelrsweet
Hopefully fix GNU TLS key generation and EC signatures (Issue #50)
be95c9b
michaelrsweet added a commit that referenced this issue Apr 10, 2023
@michaelrsweet
Fix GNU TLS compile issues (Issue #50)
dfe3371
michaelrsweet added a commit that referenced this issue Apr 10, 2023
@michaelrsweet
Save work on GNU TLS changes (Issue #50)
9f392b3
michaelrsweet added a commit that referenced this issue Apr 10, 2023
@michaelrsweet
GNU TLS + ECDSA now working! (Issue #50)
59a4947
@michaelrsweet
Copy link
Member Author

Looks like everything is working as needed. New APIs for generating private and public JSON Web Keys:

extern cups_json_t	*cupsJWTMakePrivateKey(cups_jwa_t alg) _CUPS_PUBLIC;
extern cups_json_t	*cupsJWTMakePublicKey(cups_json_t *jwk) _CUPS_PUBLIC;

michaelrsweet added a commit that referenced this issue Apr 10, 2023
@michaelrsweet
Changelog and fix hash list for GNU TLS (Issue #50)
6579b3c
michaelrsweet added a commit that referenced this issue Apr 10, 2023
@michaelrsweet
Changelog and fix hash list for GNU TLS (Issue #50)
95bced9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelrsweet michaelrsweet

Labels
enhancement New feature or request priority-high
Projects
None yet
Milestone
v3.0
Development

No branches or pull requests
1 participant
@michaelrsweet