Code refactoring for bpa operator

[icn.git] / cmd / bpa-operator / vendor / github.com / dgrijalva / jwt-go / token.go

package jwt

import (
        "encoding/base64"
        "encoding/json"
        "strings"
        "time"
)

// TimeFunc provides the current time when parsing token to validate "exp" claim (expiration time).
// You can override it to use another time value.  This is useful for testing or if your
// server uses a different time zone than your tokens.
var TimeFunc = time.Now

// Parse methods use this callback function to supply
// the key for verification.  The function receives the parsed,
// but unverified Token.  This allows you to use properties in the
// Header of the token (such as `kid`) to identify which key to use.
type Keyfunc func(*Token) (interface{}, error)

// A JWT Token.  Different fields will be used depending on whether you're
// creating or parsing/verifying a token.
type Token struct {
        Raw       string                 // The raw token.  Populated when you Parse a token
        Method    SigningMethod          // The signing method used or to be used
        Header    map[string]interface{} // The first segment of the token
        Claims    Claims                 // The second segment of the token
        Signature string                 // The third segment of the token.  Populated when you Parse a token
        Valid     bool                   // Is the token valid?  Populated when you Parse/Verify a token
}

// Create a new Token.  Takes a signing method
func New(method SigningMethod) *Token {
        return NewWithClaims(method, MapClaims{})
}

func NewWithClaims(method SigningMethod, claims Claims) *Token {
        return &Token{
                Header: map[string]interface{}{
                        "typ": "JWT",
                        "alg": method.Alg(),
                },
                Claims: claims,
                Method: method,
        }
}

// Get the complete, signed token
func (t *Token) SignedString(key interface{}) (string, error) {
        var sig, sstr string
        var err error
        if sstr, err = t.SigningString(); err != nil {
                return "", err
        }
        if sig, err = t.Method.Sign(sstr, key); err != nil {
                return "", err
        }
        return strings.Join([]string{sstr, sig}, "."), nil
}

// Generate the signing string.  This is the
// most expensive part of the whole deal.  Unless you
// need this for something special, just go straight for
// the SignedString.
func (t *Token) SigningString() (string, error) {
        var err error
        parts := make([]string, 2)
        for i, _ := range parts {
                var jsonValue []byte
                if i == 0 {
                        if jsonValue, err = json.Marshal(t.Header); err != nil {
                                return "", err
                        }
                } else {
                        if jsonValue, err = json.Marshal(t.Claims); err != nil {
                                return "", err
                        }
                }

                parts[i] = EncodeSegment(jsonValue)
        }
        return strings.Join(parts, "."), nil
}

// Parse, validate, and return a token.
// keyFunc will receive the parsed token and should return the key for validating.
// If everything is kosher, err will be nil
func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
        return new(Parser).Parse(tokenString, keyFunc)
}

func ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
        return new(Parser).ParseWithClaims(tokenString, claims, keyFunc)
}

// Encode JWT specific base64url encoding with padding stripped
func EncodeSegment(seg []byte) string {
        return strings.TrimRight(base64.URLEncoding.EncodeToString(seg), "=")
}

// Decode JWT specific base64url encoding with padding stripped
func DecodeSegment(seg string) ([]byte, error) {
        if l := len(seg) % 4; l > 0 {
                seg += strings.Repeat("=", 4-l)
        }

        return base64.URLEncoding.DecodeString(seg)
}