none.go raw

   1  package jwt
   2  
   3  // SigningMethodNone implements the none signing method.  This is required by the spec
   4  // but you probably should never use it.
   5  var SigningMethodNone *signingMethodNone
   6  
   7  const UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed"
   8  
   9  var NoneSignatureTypeDisallowedError error
  10  
  11  type signingMethodNone struct{}
  12  type unsafeNoneMagicConstant string
  13  
  14  func init() {
  15  	SigningMethodNone = &signingMethodNone{}
  16  	NoneSignatureTypeDisallowedError = NewValidationError("'none' signature type is not allowed", ValidationErrorSignatureInvalid)
  17  
  18  	RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod {
  19  		return SigningMethodNone
  20  	})
  21  }
  22  
  23  func (m *signingMethodNone) Alg() string {
  24  	return "none"
  25  }
  26  
  27  // Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key
  28  func (m *signingMethodNone) Verify(signingString, signature string, key interface{}) (err error) {
  29  	// Key must be UnsafeAllowNoneSignatureType to prevent accidentally
  30  	// accepting 'none' signing method
  31  	if _, ok := key.(unsafeNoneMagicConstant); !ok {
  32  		return NoneSignatureTypeDisallowedError
  33  	}
  34  	// If signing method is none, signature must be an empty string
  35  	if signature != "" {
  36  		return NewValidationError(
  37  			"'none' signing method with non-empty signature",
  38  			ValidationErrorSignatureInvalid,
  39  		)
  40  	}
  41  
  42  	// Accept 'none' signing method.
  43  	return nil
  44  }
  45  
  46  // Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key
  47  func (m *signingMethodNone) Sign(signingString string, key interface{}) (string, error) {
  48  	if _, ok := key.(unsafeNoneMagicConstant); ok {
  49  		return "", nil
  50  	}
  51  	return "", NoneSignatureTypeDisallowedError
  52  }
  53