/proc/self/cwd/jwt_verify_lib/status.h

Source
// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//    https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#pragma once

#include <string>

namespace google {
namespace jwt_verify {

/**
 * Define the Jwt verification error status.
 */
enum class Status {
  Ok = 0,

  // Jwt errors:

  // Jwt missing.
  JwtMissed,

  // Jwt not valid yet.
  JwtNotYetValid,

  // Jwt expired.
  JwtExpired,

  // JWT is not in the form of Header.Payload.Signature
  JwtBadFormat,

  // Jwt header is an invalid Base64url encoded.
  JwtHeaderParseErrorBadBase64,

  // Jwt header is an invalid JSON.
  JwtHeaderParseErrorBadJson,

  // "alg" in the header is not a string.
  JwtHeaderBadAlg,

  // Value of "alg" in the header is invalid.
  JwtHeaderNotImplementedAlg,

  // "kid" in the header is not a string.
  JwtHeaderBadKid,

  // Jwt payload is an invalid Base64url encoded.
  JwtPayloadParseErrorBadBase64,

  // Jwt payload is an invalid JSON.
  JwtPayloadParseErrorBadJson,

  // Jwt payload field [iss] must be string.
  JwtPayloadParseErrorIssNotString,

  // Jwt payload field [sub] must be string.
  JwtPayloadParseErrorSubNotString,

  // Jwt payload field [iat] must be integer.
  JwtPayloadParseErrorIatNotInteger,

  // Jwt payload field [iat] must be within a 64 bit positive integer range.
  JwtPayloadParseErrorIatOutOfRange,

  // Jwt payload field [nbf] must be integer.
  JwtPayloadParseErrorNbfNotInteger,

  // Jwt payload field [nbf] must be within a 64 bit positive integer range.
  JwtPayloadParseErrorNbfOutOfRange,

  // Jwt payload field [exp] must be integer.
  JwtPayloadParseErrorExpNotInteger,

  // Jwt payload field [exp] must be within a 64 bit positive integer range.
  JwtPayloadParseErrorExpOutOfRange,

  // Jwt payload field [jti] must be string.
  JwtPayloadParseErrorJtiNotString,

  // Jwt payload field [aud] must be string or string list.
  JwtPayloadParseErrorAudNotString,

  // Jwt signature is an invalid Base64url input.
  JwtSignatureParseErrorBadBase64,

  // Jwt ED25519 signature is wrong length
  JwtEd25519SignatureWrongLength,

  // Issuer is not configured.
  JwtUnknownIssuer,

  // Audience is not allowed.
  JwtAudienceNotAllowed,

  // Jwt verification fails.
  JwtVerificationFail,

  // Found multiple Jwt tokens.
  JwtMultipleTokens,

  // Jwks errors

  // Jwks is an invalid JSON.
  JwksParseError,

  // Jwks does not have "keys".
  JwksNoKeys,

  // "keys" in Jwks is not an array.
  JwksBadKeys,

  // Jwks doesn't have any valid public key.
  JwksNoValidKeys,

  // Jwks doesn't have key to match kid or alg from Jwt.
  JwksKidAlgMismatch,

  // "n" or "e" field of a Jwk RSA is missing or has a parse error.
  JwksRsaParseError,

  // Failed to create a EC_KEY object.
  JwksEcCreateKeyFail,

  // "x" or "y" field is an invalid Base64
  JwksEcXorYBadBase64,

  // "x" or "y" field of a Jwk EC is missing or has a parse error.
  JwksEcParseError,

  // Jwks Oct key is an invalid Base64.
  JwksOctBadBase64,

  // "x" field is invalid Base64
  JwksOKPXBadBase64,
  // "x" field is wrong length
  JwksOKPXWrongLength,

  // Failed to fetch public key
  JwksFetchFail,

  // "kty" is missing in "keys".
  JwksMissingKty,
  // "kty" is not string type in "keys".
  JwksBadKty,
  // "kty" is not supported in "keys".
  JwksNotImplementedKty,

  // "alg" is not started with "RS" for a RSA key
  JwksRSAKeyBadAlg,
  // "n" field is missing for a RSA key
  JwksRSAKeyMissingN,
  // "n" field is not string for a RSA key
  JwksRSAKeyBadN,
  // "e" field is missing for a RSA key
  JwksRSAKeyMissingE,
  // "e" field is not string for a RSA key
  JwksRSAKeyBadE,

  // "alg" is not "ES256", "ES384" or "ES512" for an EC key
  JwksECKeyBadAlg,
  // "crv" field is not string for an EC key
  JwksECKeyBadCrv,
  // "crv" or "alg" is not supported for an EC key
  JwksECKeyAlgOrCrvUnsupported,
  // "crv" is not compatible with "alg" for an EC key
  JwksECKeyAlgNotCompatibleWithCrv,
  // "x" field is missing for an EC key
  JwksECKeyMissingX,
  // "x" field is not string for an EC key
  JwksECKeyBadX,
  // "y" field is missing for an EC key
  JwksECKeyMissingY,
  // "y" field is not string for an EC key
  JwksECKeyBadY,

  // "alg" is not "HS256", "HS384" or "HS512" for an HMAC key
  JwksHMACKeyBadAlg,
  // "k" field is missing for an HMAC key
  JwksHMACKeyMissingK,
  // "k" field is not string for an HMAC key
  JwksHMACKeyBadK,

  // "alg" is not "EdDSA" for an OKP key
  JwksOKPKeyBadAlg,
  // "crv" field is missing for an OKP key
  JwksOKPKeyMissingCrv,
  // "crv" field is not string for an OKP key
  JwksOKPKeyBadCrv,
  // "crv" is not supported for an OKP key
  JwksOKPKeyCrvUnsupported,
  // "x" field is missing for an OKP key
  JwksOKPKeyMissingX,
  // "x" field is not string for an OKP key
  JwksOKPKeyBadX,

  // X509 BIO_Write function fails
  JwksX509BioWriteError,
  // X509 parse pubkey fails
  JwksX509ParseError,
  // X509 get pubkey fails
  JwksX509GetPubkeyError,

  // Key type is not supported.
  JwksPemNotImplementedKty,
  // Unable to parse public key
  JwksPemBadBase64,
  // Failed to get raw ED25519 key from PEM
  JwksPemGetRawEd25519Error,

  // Failed to create BIO
  JwksBioAllocError,
};

/**
 * Convert enum status to string.
 * @param status is the enum status.
 * @return the string status.
 */
std::string getStatusString(Status status);

/**
 * Base class to keep the status that represents "OK" or the first failure.
 */
class WithStatus {
 public:
  WithStatus() : status_(Status::Ok) {}

  /**
   * Get the current status.
   * @return the enum status.
   */
  Status getStatus() const { return status_; }

 protected:
  void updateStatus(Status status) {
    // Only keep the first failure
    if (status_ == Status::Ok) {
      status_ = status;
    }
  }

  void resetStatus(Status status) { status_ = status; }

 private:
  // The internal status.
  Status status_;
};

}  // namespace jwt_verify
}  // namespace google

Coverage Report

Created: 2023-06-07 07:04

Line	Count	Source
1		// Copyright 2018 Google LLC
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#pragma once
16
17		#include <string>
18
19		namespace google {
20		namespace jwt_verify {
21
22		/**
23		* Define the Jwt verification error status.
24		*/
25		enum class Status {
26		Ok = 0,
27
28		// Jwt errors:
29
30		// Jwt missing.
31		JwtMissed,
32
33		// Jwt not valid yet.
34		JwtNotYetValid,
35
36		// Jwt expired.
37		JwtExpired,
38
39		// JWT is not in the form of Header.Payload.Signature
40		JwtBadFormat,
41
42		// Jwt header is an invalid Base64url encoded.
43		JwtHeaderParseErrorBadBase64,
44
45		// Jwt header is an invalid JSON.
46		JwtHeaderParseErrorBadJson,
47
48		// "alg" in the header is not a string.
49		JwtHeaderBadAlg,
50
51		// Value of "alg" in the header is invalid.
52		JwtHeaderNotImplementedAlg,
53
54		// "kid" in the header is not a string.
55		JwtHeaderBadKid,
56
57		// Jwt payload is an invalid Base64url encoded.
58		JwtPayloadParseErrorBadBase64,
59
60		// Jwt payload is an invalid JSON.
61		JwtPayloadParseErrorBadJson,
62
63		// Jwt payload field [iss] must be string.
64		JwtPayloadParseErrorIssNotString,
65
66		// Jwt payload field [sub] must be string.
67		JwtPayloadParseErrorSubNotString,
68
69		// Jwt payload field [iat] must be integer.
70		JwtPayloadParseErrorIatNotInteger,
71
72		// Jwt payload field [iat] must be within a 64 bit positive integer range.
73		JwtPayloadParseErrorIatOutOfRange,
74
75		// Jwt payload field [nbf] must be integer.
76		JwtPayloadParseErrorNbfNotInteger,
77
78		// Jwt payload field [nbf] must be within a 64 bit positive integer range.
79		JwtPayloadParseErrorNbfOutOfRange,
80
81		// Jwt payload field [exp] must be integer.
82		JwtPayloadParseErrorExpNotInteger,
83
84		// Jwt payload field [exp] must be within a 64 bit positive integer range.
85		JwtPayloadParseErrorExpOutOfRange,
86
87		// Jwt payload field [jti] must be string.
88		JwtPayloadParseErrorJtiNotString,
89
90		// Jwt payload field [aud] must be string or string list.
91		JwtPayloadParseErrorAudNotString,
92
93		// Jwt signature is an invalid Base64url input.
94		JwtSignatureParseErrorBadBase64,
95
96		// Jwt ED25519 signature is wrong length
97		JwtEd25519SignatureWrongLength,
98
99		// Issuer is not configured.
100		JwtUnknownIssuer,
101
102		// Audience is not allowed.
103		JwtAudienceNotAllowed,
104
105		// Jwt verification fails.
106		JwtVerificationFail,
107
108		// Found multiple Jwt tokens.
109		JwtMultipleTokens,
110
111		// Jwks errors
112
113		// Jwks is an invalid JSON.
114		JwksParseError,
115
116		// Jwks does not have "keys".
117		JwksNoKeys,
118
119		// "keys" in Jwks is not an array.
120		JwksBadKeys,
121
122		// Jwks doesn't have any valid public key.
123		JwksNoValidKeys,
124
125		// Jwks doesn't have key to match kid or alg from Jwt.
126		JwksKidAlgMismatch,
127
128		// "n" or "e" field of a Jwk RSA is missing or has a parse error.
129		JwksRsaParseError,
130
131		// Failed to create a EC_KEY object.
132		JwksEcCreateKeyFail,
133
134		// "x" or "y" field is an invalid Base64
135		JwksEcXorYBadBase64,
136
137		// "x" or "y" field of a Jwk EC is missing or has a parse error.
138		JwksEcParseError,
139
140		// Jwks Oct key is an invalid Base64.
141		JwksOctBadBase64,
142
143		// "x" field is invalid Base64
144		JwksOKPXBadBase64,
145		// "x" field is wrong length
146		JwksOKPXWrongLength,
147
148		// Failed to fetch public key
149		JwksFetchFail,
150
151		// "kty" is missing in "keys".
152		JwksMissingKty,
153		// "kty" is not string type in "keys".
154		JwksBadKty,
155		// "kty" is not supported in "keys".
156		JwksNotImplementedKty,
157
158		// "alg" is not started with "RS" for a RSA key
159		JwksRSAKeyBadAlg,
160		// "n" field is missing for a RSA key
161		JwksRSAKeyMissingN,
162		// "n" field is not string for a RSA key
163		JwksRSAKeyBadN,
164		// "e" field is missing for a RSA key
165		JwksRSAKeyMissingE,
166		// "e" field is not string for a RSA key
167		JwksRSAKeyBadE,
168
169		// "alg" is not "ES256", "ES384" or "ES512" for an EC key
170		JwksECKeyBadAlg,
171		// "crv" field is not string for an EC key
172		JwksECKeyBadCrv,
173		// "crv" or "alg" is not supported for an EC key
174		JwksECKeyAlgOrCrvUnsupported,
175		// "crv" is not compatible with "alg" for an EC key
176		JwksECKeyAlgNotCompatibleWithCrv,
177		// "x" field is missing for an EC key
178		JwksECKeyMissingX,
179		// "x" field is not string for an EC key
180		JwksECKeyBadX,
181		// "y" field is missing for an EC key
182		JwksECKeyMissingY,
183		// "y" field is not string for an EC key
184		JwksECKeyBadY,
185
186		// "alg" is not "HS256", "HS384" or "HS512" for an HMAC key
187		JwksHMACKeyBadAlg,
188		// "k" field is missing for an HMAC key
189		JwksHMACKeyMissingK,
190		// "k" field is not string for an HMAC key
191		JwksHMACKeyBadK,
192
193		// "alg" is not "EdDSA" for an OKP key
194		JwksOKPKeyBadAlg,
195		// "crv" field is missing for an OKP key
196		JwksOKPKeyMissingCrv,
197		// "crv" field is not string for an OKP key
198		JwksOKPKeyBadCrv,
199		// "crv" is not supported for an OKP key
200		JwksOKPKeyCrvUnsupported,
201		// "x" field is missing for an OKP key
202		JwksOKPKeyMissingX,
203		// "x" field is not string for an OKP key
204		JwksOKPKeyBadX,
205
206		// X509 BIO_Write function fails
207		JwksX509BioWriteError,
208		// X509 parse pubkey fails
209		JwksX509ParseError,
210		// X509 get pubkey fails
211		JwksX509GetPubkeyError,
212
213		// Key type is not supported.
214		JwksPemNotImplementedKty,
215		// Unable to parse public key
216		JwksPemBadBase64,
217		// Failed to get raw ED25519 key from PEM
218		JwksPemGetRawEd25519Error,
219
220		// Failed to create BIO
221		JwksBioAllocError,
222		};
223
224		/**
225		* Convert enum status to string.
226		* @param status is the enum status.
227		* @return the string status.
228		*/
229		std::string getStatusString(Status status);
230
231		/**
232		* Base class to keep the status that represents "OK" or the first failure.
233		*/
234		class WithStatus {
235		public:
236	97.5k	WithStatus() : status_(Status::Ok) {}
237
238		/**
239		* Get the current status.
240		* @return the enum status.
241		*/
242	81.5k	Status getStatus() const { return status_; }
243
244		protected:
245	132k	void updateStatus(Status status) {
246		// Only keep the first failure
247	132k	if (status_ == Status::Ok) {
248	71.7k	status_ = status;
249	71.7k	}
250	132k	}
251
252	57.5k	void resetStatus(Status status) { status_ = status; }
253
254		private:
255		// The internal status.
256		Status status_;
257		};
258
259		} // namespace jwt_verify
260		} // namespace google