Grcov report - verify.h

1

#pragma once

2

3

// Copyright 2018 Google LLC

4

// Copyright Envoy Project Authors

5

// SPDX-License-Identifier: Apache-2.0

6

7

#pragma once

8

9

#include "source/common/jwt/jwks.h"

10

#include "source/common/jwt/jwt.h"

11

#include "source/common/jwt/status.h"

12

13

namespace Envoy {

14

namespace JwtVerify {

15

16

/**

17

 * This function verifies JWT signature is valid.

18

 * If verification failed, returns the failure reason.

19

 * Note this method does not verify the "aud" claim.

20

 * @param jwt is Jwt object

21

 * @param jwks is Jwks object

22

 * @return the verification status

23

*/

24

Status verifyJwtWithoutTimeChecking(const Jwt& jwt, const Jwks& jwks);

25

26

/**

27

 * This function verifies JWT signature is valid and that it has not expired

28

 * checking the "exp" and "nbf" claims against the system's current wall clock.

29

 * If verification failed, returns the failure reason.

30

 * Note this method does not verify the "aud" claim.

31

 * @param jwt is Jwt object

32

 * @param jwks is Jwks object

33

 * @return the verification status

34

*/

35

Status verifyJwt(const Jwt& jwt, const Jwks& jwks);

36

37

/**

38

 * This function verifies JWT signature is valid and that it has not expired

39

 * checking the "exp" and "nbf" claims against the provided time. If

40

 * verification failed, returns the failure reason. Note this method does not

41

 * verify the "aud" claim.

42

 * @param jwt is Jwt object

43

 * @param jwks is Jwks object

44

 * @param now is the number of seconds since the unix epoch

45

 * @param clock_skew is the clock skew in second

46

 * @return the verification status

47

*/

48

Status verifyJwt(const Jwt& jwt, const Jwks& jwks, uint64_t now,

49

                 uint64_t clock_skew = kClockSkewInSecond);

50

51

/**

52

 * This function verifies JWT signature is valid, that it has not expired

53

 * checking the "exp" and "nbf" claims against the system's current wall clock

54

 * as well as validating that one of the entries in the audience list appears

55

 * as a member in the "aud" claim of the specified JWT. If the supplied

56

 * audience list is empty, no verification of the ``JWT's "aud"`` field is

57

 * performed. If verification failed, returns the failure reason.

58

 * @param jwt is Jwt object

59

 * @param jwks is Jwks object

60

 * @param audiences a list of audience by which to check against

61

 * @return the verification status

62

*/

63

Status verifyJwt(const Jwt& jwt, const Jwks& jwks, const std::vector<std::string>& audiences);

64

65

/**

66

 * This function verifies JWT signature is valid, that it has not expired

67

 * checking the "exp" and "nbf" claims against the provided time

68

 * as well as validating that one of the entries in the audience list appears

69

 * as a member in the "aud" claim of the specified JWT. If the supplied

70

 * audience list is empty, no verification of the ``JWT's "aud"`` field is

71

 * performed.

72

 * If verification failed,

73

 * returns the failure reason.

74

 * @param jwt is Jwt object

75

 * @param jwks is Jwks object

76

 * @param audiences a list of audience by which to check against.

77

 * @return the verification status

78

*/

79

Status verifyJwt(const Jwt& jwt, const Jwks& jwks, const std::vector<std::string>& audiences,

80

                 uint64_t now);

81

82

} // namespace JwtVerify

83

} // namespace Envoy