5 år sedan · 41e0d782ce
--- a/resources/prosody-plugins/token/util.lib.lua
+++ b/resources/prosody-plugins/token/util.lib.lua
@@ -103,7 +103,10 @@ end
 
				
				 --- Returns the public key by keyID
			
 
				
				 -- @param keyId the key ID to request
			
 
				
				 -- @return the public key (the content of requested resource) or nil
			
 
				
				-function Util:get_public_key(keyId)
			
 
				
				+function Util:get_public_key(keyId,asapKeyServer)
			
 
				
				+    if asapKeyServer == "" then
			
 
				
				+        asapKeyServer = self.asapKeyServer)
			
 
				
				+    end
			
 
				
				     local content = cache:get(keyId);
			
 
				
				     if content == nil then
			
 
				
				         -- If the key is not found in the cache.
			
@@ -117,7 +120,7 @@ function Util:get_public_key(keyId)
 
				
				             end
			
 
				
				             done();
			
 
				
				         end
			
 
				
				-        local keyurl = path.join(self.asapKeyServer, hex.to(sha256(keyId))..'.pem');
			
 
				
				+        local keyurl = path.join(asapKeyServer, hex.to(sha256(keyId))..'.pem');
			
 
				
				         module:log("debug", "Fetching public key from: "..keyurl);
			
 
				
				 
			
 
				
				         -- We hash the key ID to work around some legacy behavior and make
			
@@ -239,6 +242,12 @@ end
 
				
				 -- @param session the current session
			
 
				
				 -- @return false and error
			
 
				
				 function Util:process_and_verify_token(session)
			
 
				
				+    return self:process_and_verify_token_with_keyserver(session,"")
			
 
				
				+end
			
 
				
				+function Util:process_and_verify_token_with_keyserver(session,asapKeyServer)
			
 
				
				+    if asapKeyServer == "" then
			
 
				
				+        asapKeyServer = self.asapKeyServer
			
 
				
				+    end
			
 
				
				 
			
 
				
				     if session.auth_token == nil then
			
 
				
				         if self.allowEmptyToken then
			
@@ -249,7 +258,7 @@ function Util:process_and_verify_token(session)
 
				
				     end
			
 
				
				 
			
 
				
				     local pubKey;
			
 
				
				-    if self.asapKeyServer and session.auth_token ~= nil then
			
 
				
				+    if asapKeyServer and session.auth_token ~= nil then
			
 
				
				         local dotFirst = session.auth_token:find("%.");
			
 
				
				         if not dotFirst then return nil, "Invalid token" end
			
 
				
				         local header = json.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));
			
@@ -257,7 +266,7 @@ function Util:process_and_verify_token(session)
 
				
				         if kid == nil then
			
 
				
				             return false, "not-allowed", "'kid' claim is missing";
			
 
				
				         end
			
 
				
				-        pubKey = self:get_public_key(kid);
			
 
				
				+        pubKey = self:get_public_key(kid,asapKeyServer);
			
 
				
				         if pubKey == nil then
			
 
				
				             return false, "not-allowed", "could not obtain public key";
			
 
				
				         end
			
@@ -265,7 +274,7 @@ function Util:process_and_verify_token(session)
 
				
				 
			
 
				
				     -- now verify the whole token
			
 
				
				     local claims, msg;
			
 
				
				-    if self.asapKeyServer then
			
 
				
				+    if asapKeyServer then
			
 
				
				         claims, msg = self:verify_token(session.auth_token, pubKey);
			
 
				
				     else
			
 
				
				         claims, msg = self:verify_token(session.auth_token, self.appSecret);