line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Mojar::Auth::Jwt; |
2
|
4
|
|
|
4
|
|
22038
|
use Mojo::Base -base; |
|
4
|
|
|
|
|
5
|
|
|
4
|
|
|
|
|
34
|
|
3
|
|
|
|
|
|
|
|
4
|
|
|
|
|
|
|
our $VERSION = 0.032; |
5
|
|
|
|
|
|
|
|
6
|
4
|
|
|
4
|
|
739
|
use Carp 'croak'; |
|
4
|
|
|
|
|
6
|
|
|
4
|
|
|
|
|
174
|
|
7
|
4
|
|
|
4
|
|
1774
|
use Crypt::OpenSSL::RSA (); |
|
4
|
|
|
|
|
12067
|
|
|
4
|
|
|
|
|
85
|
|
8
|
4
|
|
|
4
|
|
1609
|
use MIME::Base64 (); |
|
4
|
|
|
|
|
1913
|
|
|
4
|
|
|
|
|
93
|
|
9
|
4
|
|
|
4
|
|
1441
|
use Mojar::ClassShare 'have'; |
|
4
|
|
|
|
|
1654
|
|
|
4
|
|
|
|
|
37
|
|
10
|
4
|
|
|
4
|
|
1624
|
use Mojo::JSON 'encode_json', 'decode_json'; |
|
4
|
|
|
|
|
331480
|
|
|
4
|
|
|
|
|
4526
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
# Attributes |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
# JWT Header |
15
|
|
|
|
|
|
|
has typ => 'JWT'; |
16
|
|
|
|
|
|
|
has alg => 'RS256'; |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
# JWT Claim Set |
19
|
|
|
|
|
|
|
has 'iss'; |
20
|
|
|
|
|
|
|
has scope => sub { q{https://www.googleapis.com/auth/analytics.readonly} }; |
21
|
|
|
|
|
|
|
has aud => q{https://accounts.google.com/o/oauth2/token}; |
22
|
|
|
|
|
|
|
has iat => sub { time }; |
23
|
|
|
|
|
|
|
has duration => 60*60; # 1 hour |
24
|
|
|
|
|
|
|
has exp => sub { time + $_[0]->duration }; |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
# JWT Signature |
27
|
|
|
|
|
|
|
has 'private_key'; |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
# Mogrified chunks |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
sub header { |
32
|
7
|
|
|
7
|
1
|
4301
|
my $self = shift; |
33
|
|
|
|
|
|
|
|
34
|
7
|
100
|
|
|
|
16
|
if (@_ == 0) { |
35
|
5
|
|
|
|
|
20
|
my @h = map +( ($_, $self->$_) ), qw(typ alg); |
36
|
5
|
|
|
|
|
52
|
return $self->{header} = $self->mogrify( { @h } ); |
37
|
|
|
|
|
|
|
} |
38
|
|
|
|
|
|
|
else { |
39
|
2
|
|
|
|
|
10
|
%$self = ( %$self, @_ ); |
40
|
|
|
|
|
|
|
} |
41
|
2
|
|
|
|
|
8
|
return $self; |
42
|
|
|
|
|
|
|
} |
43
|
|
|
|
|
|
|
|
44
|
|
|
|
|
|
|
sub body { |
45
|
4
|
|
|
4
|
1
|
3274
|
my $self = shift; |
46
|
|
|
|
|
|
|
|
47
|
4
|
50
|
|
|
|
11
|
if (@_ == 0) { |
48
|
4
|
|
|
|
|
6
|
foreach (qw(iss scope)) { |
49
|
7
|
100
|
|
|
|
25
|
croak "Missing required field ($_)" unless defined $self->$_; |
50
|
|
|
|
|
|
|
} |
51
|
3
|
50
|
|
|
|
18
|
$self->{scope} = join ' ', @{$self->{scope}} if ref $self->{scope}; |
|
0
|
|
|
|
|
0
|
|
52
|
3
|
|
|
|
|
7
|
my @c = map +( ($_, $self->$_) ), qw(iss scope aud exp iat); |
53
|
3
|
|
|
|
|
47
|
return $self->{body} = $self->mogrify( { @c } ); |
54
|
|
|
|
|
|
|
} |
55
|
|
|
|
|
|
|
else { |
56
|
0
|
|
|
|
|
0
|
%$self = ( %$self, @_ ); |
57
|
|
|
|
|
|
|
} |
58
|
0
|
|
|
|
|
0
|
return $self; |
59
|
|
|
|
|
|
|
} |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
sub signature { |
62
|
1
|
|
|
1
|
1
|
1720
|
my $self = shift; |
63
|
|
|
|
|
|
|
|
64
|
1
|
50
|
|
|
|
4
|
if (@_ == 0) { |
65
|
1
|
50
|
|
|
|
3
|
croak 'Unrecognised algorithm (not RS256)' unless $self->alg eq 'RS256'; |
66
|
1
|
|
|
|
|
8
|
my $input = $self->header .q{.}. $self->body; |
67
|
|
|
|
|
|
|
|
68
|
1
|
|
|
|
|
20
|
return $self->{signature} = MIME::Base64::encode_base64url( |
69
|
|
|
|
|
|
|
$self->cipher->sign($input) |
70
|
|
|
|
|
|
|
); |
71
|
|
|
|
|
|
|
} |
72
|
|
|
|
|
|
|
else { |
73
|
0
|
|
|
|
|
0
|
%$self = ( %$self, @_ ); |
74
|
|
|
|
|
|
|
} |
75
|
0
|
|
|
|
|
0
|
return $self; |
76
|
|
|
|
|
|
|
} |
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
has cipher => sub { |
79
|
|
|
|
|
|
|
my $self = shift; |
80
|
|
|
|
|
|
|
foreach ('private_key') { |
81
|
|
|
|
|
|
|
croak qq{Missing required field ($_)} unless defined $self->$_; |
82
|
|
|
|
|
|
|
} |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
my $cipher = Crypt::OpenSSL::RSA->new_private_key($self->private_key); |
85
|
|
|
|
|
|
|
$cipher->use_pkcs1_padding; |
86
|
|
|
|
|
|
|
$cipher->use_sha256_hash; # Requires openssl v0.9.8+ |
87
|
|
|
|
|
|
|
return $cipher; |
88
|
|
|
|
|
|
|
}; |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
# Public methods |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
sub reset { |
93
|
0
|
|
|
0
|
1
|
0
|
my ($self) = @_; |
94
|
0
|
|
|
|
|
0
|
delete @$self{qw(iat exp body signature)}; |
95
|
0
|
|
|
|
|
0
|
return; |
96
|
|
|
|
|
|
|
} |
97
|
|
|
|
|
|
|
|
98
|
|
|
|
|
|
|
sub encode { |
99
|
0
|
|
|
0
|
1
|
0
|
my $self = shift; |
100
|
0
|
0
|
|
|
|
0
|
if (ref $self) { |
101
|
|
|
|
|
|
|
# Encoding an existing object |
102
|
0
|
0
|
|
|
|
0
|
%$self = (%$self, @_) if @_; |
103
|
|
|
|
|
|
|
} |
104
|
|
|
|
|
|
|
else { |
105
|
|
|
|
|
|
|
# Class method => create object |
106
|
0
|
|
|
|
|
0
|
$self = $self->new(@_); |
107
|
|
|
|
|
|
|
} |
108
|
0
|
|
|
|
|
0
|
return join q{.}, $self->header, $self->body, $self->signature; |
109
|
|
|
|
|
|
|
} |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
sub decode { |
112
|
1
|
|
|
1
|
1
|
1771
|
my ($self, $triplet) = @_; |
113
|
1
|
|
|
|
|
6
|
my ($header, $body, $signature) = split /\./, $triplet; |
114
|
|
|
|
|
|
|
|
115
|
1
|
|
|
|
|
2
|
my %param = %{ $self->demogrify($header) }; |
|
1
|
|
|
|
|
2
|
|
116
|
1
|
|
|
|
|
87
|
%param = ( %param, %{ $self->demogrify($body) } ); |
|
1
|
|
|
|
|
2
|
|
117
|
1
|
|
|
|
|
149
|
return $self->new(%param); |
118
|
|
|
|
|
|
|
} |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
sub verify_signature { |
121
|
0
|
|
|
0
|
1
|
0
|
my $self = shift; |
122
|
0
|
|
|
|
|
0
|
my $plaintext = $self->header .q{.}. $self->body; |
123
|
0
|
|
|
|
|
0
|
my $plainsign = MIME::Base64::decode_base64url( $self->signature ); |
124
|
0
|
|
|
|
|
0
|
return $self->cipher->verify($plaintext, $plainsign); |
125
|
|
|
|
|
|
|
} |
126
|
|
|
|
|
|
|
|
127
|
|
|
|
|
|
|
sub mogrify { |
128
|
8
|
|
|
8
|
1
|
8
|
my ($self, $hashref) = @_; |
129
|
8
|
50
|
33
|
|
|
43
|
return '' unless ref $hashref && ref $hashref eq 'HASH'; |
130
|
8
|
|
|
|
|
23
|
return MIME::Base64::encode_base64url(encode_json $hashref); |
131
|
|
|
|
|
|
|
} |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
sub demogrify { |
134
|
10
|
|
|
10
|
1
|
531
|
my ($self, $safestring) = @_; |
135
|
10
|
50
|
33
|
|
|
43
|
return {} unless defined $safestring && length $safestring; |
136
|
10
|
|
|
|
|
18
|
return decode_json(MIME::Base64::decode_base64url($safestring)); |
137
|
|
|
|
|
|
|
} |
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
package Mojo::JSON; |
140
|
|
|
|
|
|
|
# Need json keys to be sorted => s/keys/sort keys/ |
141
|
4
|
|
|
4
|
|
39
|
no warnings 'redefine'; |
|
4
|
|
|
|
|
6
|
|
|
4
|
|
|
|
|
570
|
|
142
|
|
|
|
|
|
|
sub _encode_object { |
143
|
8
|
|
|
8
|
|
41
|
my $object = shift; |
144
|
8
|
|
|
|
|
32
|
my @pairs = map { _encode_string($_) . ':' . _encode_value($object->{$_}) } |
|
25
|
|
|
|
|
213
|
|
145
|
|
|
|
|
|
|
sort keys %$object; |
146
|
8
|
|
|
|
|
112
|
return '{' . join(',', @pairs) . '}'; |
147
|
|
|
|
|
|
|
}; |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
1; |
150
|
|
|
|
|
|
|
__END__ |