jfinn
/
jitsi_mod
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

allows override of asap key server in token utility

master
Aaron van Meerten 5 years ago
parent
2a8fafdd36
commit
41e0d782ce
1 changed files with 14 additions and 5 deletions
Unified View Show Diff Stats
  1. 14
    5
      resources/prosody-plugins/token/util.lib.lua

+ 14
- 5
resources/prosody-plugins/token/util.lib.lua View File

103 
 --- Returns the public key by keyID
 103 
 --- Returns the public key by keyID
104 
 -- @param keyId the key ID to request
 104 
 -- @param keyId the key ID to request
105 
 -- @return the public key (the content of requested resource) or nil
 105 
 -- @return the public key (the content of requested resource) or nil
106 
-function Util:get_public_key(keyId)
106 
+function Util:get_public_key(keyId,asapKeyServer)
107 
+    if asapKeyServer == "" then
108 
+        asapKeyServer = self.asapKeyServer)
109 
+    end
107 
     local content = cache:get(keyId);
 110 
     local content = cache:get(keyId);
108 
     if content == nil then
 111 
     if content == nil then
109 
         -- If the key is not found in the cache.
 112 
         -- If the key is not found in the cache.
117 
             end
 120 
             end
118 
             done();
 121 
             done();
119 
         end
 122 
         end
120 
-        local keyurl = path.join(self.asapKeyServer, hex.to(sha256(keyId))..'.pem');
123 
+        local keyurl = path.join(asapKeyServer, hex.to(sha256(keyId))..'.pem');
121 
         module:log("debug", "Fetching public key from: "..keyurl);
 124 
         module:log("debug", "Fetching public key from: "..keyurl);
122
125
123 
         -- We hash the key ID to work around some legacy behavior and make
 126 
         -- We hash the key ID to work around some legacy behavior and make
239 
 -- @param session the current session
 242 
 -- @param session the current session
240 
 -- @return false and error
 243 
 -- @return false and error
241 
 function Util:process_and_verify_token(session)
 244 
 function Util:process_and_verify_token(session)
245 
+    return self:process_and_verify_token_with_keyserver(session,"")
246 
+end
247 
+function Util:process_and_verify_token_with_keyserver(session,asapKeyServer)
248 
+    if asapKeyServer == "" then
249 
+        asapKeyServer = self.asapKeyServer
250 
+    end
242
251
243 
     if session.auth_token == nil then
 252 
     if session.auth_token == nil then
244 
         if self.allowEmptyToken then
 253 
         if self.allowEmptyToken then
249 
     end
 258 
     end
250
259
251 
     local pubKey;
 260 
     local pubKey;
252 
-    if self.asapKeyServer and session.auth_token ~= nil then
261 
+    if asapKeyServer and session.auth_token ~= nil then
253 
         local dotFirst = session.auth_token:find("%.");
 262 
         local dotFirst = session.auth_token:find("%.");
254 
         if not dotFirst then return nil, "Invalid token" end
 263 
         if not dotFirst then return nil, "Invalid token" end
255 
         local header = json.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));
 264 
         local header = json.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));
257 
         if kid == nil then
 266 
         if kid == nil then
258 
             return false, "not-allowed", "'kid' claim is missing";
 267 
             return false, "not-allowed", "'kid' claim is missing";
259 
         end
 268 
         end
260 
-        pubKey = self:get_public_key(kid);
269 
+        pubKey = self:get_public_key(kid,asapKeyServer);
261 
         if pubKey == nil then
 270 
         if pubKey == nil then
262 
             return false, "not-allowed", "could not obtain public key";
 271 
             return false, "not-allowed", "could not obtain public key";
263 
         end
 272 
         end
265
274
266 
     -- now verify the whole token
 275 
     -- now verify the whole token
267 
     local claims, msg;
 276 
     local claims, msg;
268 
-    if self.asapKeyServer then
277 
+    if asapKeyServer then
269 
         claims, msg = self:verify_token(session.auth_token, pubKey);
 278 
         claims, msg = self:verify_token(session.auth_token, pubKey);
270 
     else
 279 
     else
271 
         claims, msg = self:verify_token(session.auth_token, self.appSecret);
 280 
         claims, msg = self:verify_token(session.auth_token, self.appSecret);

Write Preview
Loading…
Cancel
Save