about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2018-09-04T09·36+0200
committerVincent Ambo <mail@tazj.in>2018-09-04T10·45+0200
commitb6eedbfe16938424ac2f677d5f81d6e1c6868849 (patch)
tree7b6340753543c40de38ea9798ca9a6c1229f5d75
parent37652545b47f8269d07d09657050bde533eff656 (diff)
feat: Initial implementation of 'validate' function
Implements the logic for validating a token signature and returning
its decoded headers and claims.

This does not yet apply claim validations, as those have not been
specified yet.
-rw-r--r--src/lib.rs26
1 files changed, 24 insertions, 2 deletions
diff --git a/src/lib.rs b/src/lib.rs
index 51fb620c6d4f..f8ae81591ed5 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -206,10 +206,32 @@ pub fn token_kid(jwt: &JWT) -> JWTResult<Option<String>> {
 /// and if a signature verification passes *all* claim validations are
 /// run and returned.
 ///
+/// If validation succeeds a representation of the token is returned
+/// that contains the header and claims as simple JSON values.
+///
 /// It is the user's task to ensure that the correct JWK is passed in
 /// for validation.
-pub fn validate(jwt: JWT, jwk: JWK, validations: Vec<Validation>) -> JWTResult<()> {
-    unimplemented!()
+pub fn validate(token: String,
+                jwk: &JWK,
+                validations: Vec<Validation>) -> JWTResult<ValidJWT> {
+    let jwt = JWT(token);
+    let public_key = public_key_from_jwk(&jwk)?;
+    validate_jwt_signature(&jwt, public_key)?;
+
+    // Split out all three parts of the JWT this time, deserialising
+    // the first and second as appropriate.
+    let parts: Vec<&str> = jwt.0.splitn(3, '.').collect();
+    if parts.len() != 3 {
+        // This is unlikely considering that validation has already
+        // been performed at this point, but better safe than sorry.
+        return Err(ValidationError::MalformedJWT)
+    }
+
+    let headers = deserialize_part(parts[0])?;
+    let claims = deserialize_part(parts[1])?;
+    let valid_jwt = ValidJWT { headers, claims };
+
+    Ok(valid_jwt)
 }
 
 // Internal implementation