authelia/internal/oidc/util.go

105 lines
2.2 KiB
Go
Raw Permalink Normal View History

package oidc
import (
"strings"
"github.com/ory/fosite"
"gopkg.in/square/go-jose.v2"
)
// IsPushedAuthorizedRequest returns true if the requester has a PushedAuthorizationRequest redirect_uri value.
func IsPushedAuthorizedRequest(r fosite.Requester, prefix string) bool {
return strings.HasPrefix(r.GetRequestForm().Get(FormParameterRequestURI), prefix)
}
// SortedSigningAlgs is a sorting type which allows the use of sort.Sort to order a list of OAuth 2.0 Signing Algs.
// Sorting occurs in the order of from within the RFC's.
type SortedSigningAlgs []string
func (algs SortedSigningAlgs) Len() int {
return len(algs)
}
func (algs SortedSigningAlgs) Less(i, j int) bool {
return isSigningAlgLess(algs[i], algs[j])
}
func (algs SortedSigningAlgs) Swap(i, j int) {
algs[i], algs[j] = algs[j], algs[i]
}
type SortedJSONWebKey []jose.JSONWebKey
func (jwks SortedJSONWebKey) Len() int {
return len(jwks)
}
func (jwks SortedJSONWebKey) Less(i, j int) bool {
if jwks[i].Algorithm == jwks[j].Algorithm {
return jwks[i].KeyID < jwks[j].KeyID
}
return isSigningAlgLess(jwks[i].Algorithm, jwks[j].Algorithm)
}
func (jwks SortedJSONWebKey) Swap(i, j int) {
jwks[i], jwks[j] = jwks[j], jwks[i]
}
//nolint:gocyclo // Low importance func.
func isSigningAlgLess(i, j string) bool {
switch {
case i == j:
return false
case i == SigningAlgNone:
return false
case j == SigningAlgNone:
return true
default:
var (
ip, jp string
it, jt bool
)
if len(i) > 2 {
it = true
ip = i[:2]
}
if len(j) > 2 {
jt = true
jp = j[:2]
}
switch {
case it && jt && ip == jp:
return i < j
case ip == SigningAlgPrefixHMAC:
return true
case jp == SigningAlgPrefixHMAC:
return false
case ip == SigningAlgPrefixRSAPSS:
return false
case jp == SigningAlgPrefixRSAPSS:
return true
case ip == SigningAlgPrefixRSA:
return true
case jp == SigningAlgPrefixRSA:
return false
case ip == SigningAlgPrefixECDSA:
return true
case jp == SigningAlgPrefixECDSA:
return false
default:
return false
}
}
}
const (
SigningAlgPrefixRSA = "RS"
SigningAlgPrefixHMAC = "HS"
SigningAlgPrefixRSAPSS = "PS"
SigningAlgPrefixECDSA = "ES"
)