none.go (1659B)
1 package jwt 2 3 // Implements the none signing method. This is required by the spec 4 // but you probably should never use it. 5 var SigningMethodNone *signingMethodNone 6 7 const UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed" 8 9 var NoneSignatureTypeDisallowedError error 10 11 type signingMethodNone struct{} 12 type unsafeNoneMagicConstant string 13 14 func init() { 15 SigningMethodNone = &signingMethodNone{} 16 NoneSignatureTypeDisallowedError = NewValidationError("'none' signature type is not allowed", ValidationErrorSignatureInvalid) 17 18 RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod { 19 return SigningMethodNone 20 }) 21 } 22 23 func (m *signingMethodNone) Alg() string { 24 return "none" 25 } 26 27 // Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key 28 func (m *signingMethodNone) Verify(signingString, signature string, key interface{}) (err error) { 29 // Key must be UnsafeAllowNoneSignatureType to prevent accidentally 30 // accepting 'none' signing method 31 if _, ok := key.(unsafeNoneMagicConstant); !ok { 32 return NoneSignatureTypeDisallowedError 33 } 34 // If signing method is none, signature must be an empty string 35 if signature != "" { 36 return NewValidationError( 37 "'none' signing method with non-empty signature", 38 ValidationErrorSignatureInvalid, 39 ) 40 } 41 42 // Accept 'none' signing method. 43 return nil 44 } 45 46 // Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key 47 func (m *signingMethodNone) Sign(signingString string, key interface{}) (string, error) { 48 if _, ok := key.(unsafeNoneMagicConstant); ok { 49 return "", nil 50 } 51 return "", NoneSignatureTypeDisallowedError 52 }