feat: Implement extraction of KIDs from unvalidated tokens

author: Vincent Ambo <mail@tazj.in> 2018-09-04T09·13+0200
committer: Vincent Ambo <mail@tazj.in> 2018-09-04T10·45+0200
commit: 33c122f10e2a0280cc6729213e9e0035afa34749 (patch)
tree: 1d15571af3b70c7c3761c38f0cea214d9476409d /src/lib.rs
parent: 5bd7a91d107ac4a160ec61ead1e5b4b87aaaea2f (diff)
1 files changed, 23 insertions, 2 deletions
diff --git a/src/lib.rs b/src/lib.rs
index 1633dc255fb3..ba856c176615 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -154,8 +154,29 @@ impl From<ErrorStack> for ValidationError {
 ///
 /// This is only safe if the key set containing the currently allowed
 /// key IDs is fetched from a trusted source.
-pub fn token_kid(jwt: JWT) -> Option<String> {
-    unimplemented!()
+pub fn token_kid(jwt: &JWT) -> JWTResult<Option<String>> {
+    // Fetch the header component of the JWT by splitting it out and
+    // dismissing the rest.
+    let parts: Vec<&str> = jwt.0.splitn(2, '.').collect();
+    if parts.len() != 2 {
+        return Err(ValidationError::MalformedJWT);
+    }
+
+    // The token components are individually base64 decoded, decode
+    // just the first part and deserialise it into the expected
+    // representation.
+    let headers_json = base64::decode_config(parts[0], URL_SAFE)
+        .map_err(|_| ValidationError::MalformedJWT)?;
+
+    #[derive(Deserialize)]
+    struct KidOnly {
+        kid: Option<String>,
+    }
+
+    let kid_only: KidOnly = serde_json::from_slice(&headers_json)
+        .map_err(|_| ValidationError::MalformedJWT)?;
+
+    Ok(kid_only.kid)
 }
 
 /// Validate the signature of a JSON Web Token and optionally apply
author	Vincent Ambo <mail@tazj.in>	2018-09-04T09·13+0200
committer	Vincent Ambo <mail@tazj.in>	2018-09-04T10·45+0200
commit	33c122f10e2a0280cc6729213e9e0035afa34749 (patch)
tree	1d15571af3b70c7c3761c38f0cea214d9476409d /src/lib.rs
parent	5bd7a91d107ac4a160ec61ead1e5b4b87aaaea2f (diff)