2023-04-11 11:29:02 +00:00
|
|
|
package oidc
|
|
|
|
|
|
|
|
import (
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/ory/fosite"
|
2023-04-19 04:24:05 +00:00
|
|
|
"gopkg.in/square/go-jose.v2"
|
2023-04-11 11:29:02 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// IsPushedAuthorizedRequest returns true if the requester has a PushedAuthorizationRequest redirect_uri value.
|
|
|
|
func IsPushedAuthorizedRequest(r fosite.Requester, prefix string) bool {
|
|
|
|
return strings.HasPrefix(r.GetRequestForm().Get(FormParameterRequestURI), prefix)
|
|
|
|
}
|
2023-04-19 04:24:05 +00:00
|
|
|
|
|
|
|
// SortedSigningAlgs is a sorting type which allows the use of sort.Sort to order a list of OAuth 2.0 Signing Algs.
|
|
|
|
// Sorting occurs in the order of from within the RFC's.
|
|
|
|
type SortedSigningAlgs []string
|
|
|
|
|
|
|
|
func (algs SortedSigningAlgs) Len() int {
|
|
|
|
return len(algs)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (algs SortedSigningAlgs) Less(i, j int) bool {
|
|
|
|
return isSigningAlgLess(algs[i], algs[j])
|
|
|
|
}
|
|
|
|
|
|
|
|
func (algs SortedSigningAlgs) Swap(i, j int) {
|
|
|
|
algs[i], algs[j] = algs[j], algs[i]
|
|
|
|
}
|
|
|
|
|
|
|
|
type SortedJSONWebKey []jose.JSONWebKey
|
|
|
|
|
|
|
|
func (jwks SortedJSONWebKey) Len() int {
|
|
|
|
return len(jwks)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (jwks SortedJSONWebKey) Less(i, j int) bool {
|
|
|
|
if jwks[i].Algorithm == jwks[j].Algorithm {
|
|
|
|
return jwks[i].KeyID < jwks[j].KeyID
|
|
|
|
}
|
|
|
|
|
|
|
|
return isSigningAlgLess(jwks[i].Algorithm, jwks[j].Algorithm)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (jwks SortedJSONWebKey) Swap(i, j int) {
|
|
|
|
jwks[i], jwks[j] = jwks[j], jwks[i]
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:gocyclo // Low importance func.
|
|
|
|
func isSigningAlgLess(i, j string) bool {
|
|
|
|
switch {
|
|
|
|
case i == j:
|
|
|
|
return false
|
|
|
|
case i == SigningAlgNone:
|
|
|
|
return false
|
|
|
|
case j == SigningAlgNone:
|
|
|
|
return true
|
|
|
|
default:
|
|
|
|
var (
|
|
|
|
ip, jp string
|
|
|
|
it, jt bool
|
|
|
|
)
|
|
|
|
|
|
|
|
if len(i) > 2 {
|
|
|
|
it = true
|
|
|
|
ip = i[:2]
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(j) > 2 {
|
|
|
|
jt = true
|
|
|
|
jp = j[:2]
|
|
|
|
}
|
|
|
|
|
|
|
|
switch {
|
|
|
|
case it && jt && ip == jp:
|
|
|
|
return i < j
|
|
|
|
case ip == SigningAlgPrefixHMAC:
|
|
|
|
return true
|
|
|
|
case jp == SigningAlgPrefixHMAC:
|
|
|
|
return false
|
|
|
|
case ip == SigningAlgPrefixRSAPSS:
|
|
|
|
return false
|
|
|
|
case jp == SigningAlgPrefixRSAPSS:
|
|
|
|
return true
|
|
|
|
case ip == SigningAlgPrefixRSA:
|
|
|
|
return true
|
|
|
|
case jp == SigningAlgPrefixRSA:
|
|
|
|
return false
|
|
|
|
case ip == SigningAlgPrefixECDSA:
|
|
|
|
return true
|
|
|
|
case jp == SigningAlgPrefixECDSA:
|
|
|
|
return false
|
|
|
|
default:
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
const (
|
|
|
|
SigningAlgPrefixRSA = "RS"
|
|
|
|
SigningAlgPrefixHMAC = "HS"
|
|
|
|
SigningAlgPrefixRSAPSS = "PS"
|
|
|
|
SigningAlgPrefixECDSA = "ES"
|
|
|
|
)
|