none.go raw

   1  package jwt
   2  
   3  // SigningMethodNone implements the none signing method.  This is required by the spec
   4  // but you probably should never use it.
   5  var SigningMethodNone *signingMethodNone
   6  
   7  const UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed"
   8  
   9  var NoneSignatureTypeDisallowedError error
  10  
  11  type signingMethodNone struct{}
  12  type unsafeNoneMagicConstant string
  13  
  14  func init() {
  15  	SigningMethodNone = &signingMethodNone{}
  16  	NoneSignatureTypeDisallowedError = newError("'none' signature type is not allowed", ErrTokenUnverifiable)
  17  
  18  	RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod {
  19  		return SigningMethodNone
  20  	})
  21  }
  22  
  23  func (m *signingMethodNone) Alg() string {
  24  	return "none"
  25  }
  26  
  27  // Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key
  28  func (m *signingMethodNone) Verify(signingString string, sig []byte, key any) (err error) {
  29  	// Key must be UnsafeAllowNoneSignatureType to prevent accidentally
  30  	// accepting 'none' signing method
  31  	if _, ok := key.(unsafeNoneMagicConstant); !ok {
  32  		return NoneSignatureTypeDisallowedError
  33  	}
  34  	// If signing method is none, signature must be an empty string
  35  	if len(sig) != 0 {
  36  		return newError("'none' signing method with non-empty signature", ErrTokenUnverifiable)
  37  	}
  38  
  39  	// Accept 'none' signing method.
  40  	return nil
  41  }
  42  
  43  // Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key
  44  func (m *signingMethodNone) Sign(signingString string, key any) ([]byte, error) {
  45  	if _, ok := key.(unsafeNoneMagicConstant); ok {
  46  		return []byte{}, nil
  47  	}
  48  
  49  	return nil, NoneSignatureTypeDisallowedError
  50  }
  51