madf / jwtxx Goto Github PK

Hi, i cant find any examples where the token has an expiration part of it or a custom payload, how would that look?

/usr/bin/c++  -g -W -Wall -Wextra -Wshadow -Wold-style-cast -Wnull-dereference -Wstrict-aliasing -pedantic -ggdb3  -rdynamic CMakeFiles/fmdserver.dir/core.cpp.o CMakeFiles/fmdserver.dir/cwapi.cpp.o CMakeFiles/fmdserver.dir/main.cpp.o CMakeFiles/fmdserver.dir/queue.cpp.o CMakeFiles/fmdserver.dir/drivers/dto/dto.cpp.o CMakeFiles/fmdserver.dir/drivers/dummy/dummy.cpp.o  -o fmdserver  -L/home/faust/Projects/icw/fmdserver/build/src/icwlibs-prefix/src/icwlibs-build/src  -L/home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx-build/src -Wl,-rpath,/home/faust/Projects/icw/fmdserver/build/src/icwlibs-prefix/src/icwlibs-build/src:/home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx-build/src:/home/faust/Projects/icw/boost/boost_1_70_0/lib: -lrpc -lsettings -lpidfile -llogger -lutils -ldlib -lcurlwrapper -lcurl -ljwtxx /home/faust/Projects/icw/boost/boost_1_70_0/lib/libboost_system.so /usr/lib64/libcrypto.so /usr/lib64/libssl.so -ldl -ljansson /usr/lib64/libcrypto.so -pthread 
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: /home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx-build/src/libjwtxx.a(jwt.cpp.o): in function `JWTXX::enableOpenSSLErrors()::OpenSSLErrors::OpenSSLErrors()':
/home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx/src/jwt.cpp:128: undefined reference to `ERR_load_crypto_strings'
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: /home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx/src/jwt.cpp:128: undefined reference to `OPENSSL_add_all_algorithms_noconf'
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: /home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx-build/src/libjwtxx.a(jwt.cpp.o): in function `JWTXX::enableOpenSSLErrors()::OpenSSLErrors::~OpenSSLErrors()':
/home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx/src/jwt.cpp:129: undefined reference to `EVP_cleanup'
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: /home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx/src/jwt.cpp:129: undefined reference to `ERR_free_strings'
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: /home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx/src/jwt.cpp:129: undefined reference to `CRYPTO_cleanup_all_ex_data'
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: /home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx-build/src/libjwtxx.a(jwt.cpp.o): in function `JWTXX::Utils::EVPMDCTXDeleter::operator()(env_md_ctx_st*) const':
/home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx/src/utils.h:29: undefined reference to `EVP_MD_CTX_destroy'
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: /home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx-build/src/libjwtxx.a(jwt.cpp.o): in function `JWTXX::Keys::HMAC::sign[abi:cxx11](void const*, unsigned long) const':
/home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx/src/hmackey.h:24: undefined reference to `EVP_MD_CTX_create'
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: /home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx-build/src/libjwtxx.a(jwt.cpp.o): in function `JWTXX::Keys::PEM::initCTX() const':
/home/faust/Projects/icw/fmdserver/build/src/libjwtxx-prefix/src/libjwtxx/src/pemkey.h:66: undefined reference to `EVP_MD_CTX_create'

Some functions become deprecated (library initialization routines), some are renamed (create/destroy -> new/free).

I'm trying to build my project on Hackintosh with Qt using your library, but get an issue.
I built it using these steps:

1. cmake -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DOPENSSL_LIBRARIES=/usr/local/opt/openssl/lib -DCMAKE_OSX_ARCHITECTURES=x86_64 ..
2. make
3. make install
   Everything was fine, but now when I trying to build my project with your lib using this in .pro file:

LIBS += -L/usr/local/lib/  -ljwtxx -ljansson -lcrypto
INCLUDEPATH += /usr/local/include/

I get this compile time error:

Undefined symbols for architecture x86_64:
  "_EVP_DigestSignFinal", referenced from:
      JWTXX::Keys::HMAC::sign(void const*, unsigned long) const in libjwtxx.a(jwt.cpp.o)
      JWTXX::Keys::PEM::sign(void const*, unsigned long) const in libjwtxx.a(jwt.cpp.o)
  "_EVP_DigestSignInit", referenced from:
      JWTXX::Keys::HMAC::sign(void const*, unsigned long) const in libjwtxx.a(jwt.cpp.o)
      JWTXX::Keys::PEM::sign(void const*, unsigned long) const in libjwtxx.a(jwt.cpp.o)
  "_EVP_DigestVerifyFinal", referenced from:
      JWTXX::Keys::PEM::verify(void const*, unsigned long, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) const in libjwtxx.a(jwt.cpp.o)
  "_EVP_DigestVerifyInit", referenced from:
      JWTXX::Keys::PEM::verify(void const*, unsigned long, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) const in libjwtxx.a(jwt.cpp.o)
  "_EVP_PKEY_new_mac_key", referenced from:
      JWTXX::Keys::HMAC::sign(void const*, unsigned long) const in libjwtxx.a(jwt.cpp.o)
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

So, how can I fix it and build my project with your library?

Move ctors and assignment operators should have noexcept specification which enables optimized versions in STL code.

Boost is only required for tests. Usually people need only library.

Currently when validation fails due to claim restriction the library throws ValidationError("Invalid token."). Should provide a detailed explanation of the problem.

Currently JWT throws same exception type for both format errors and validation errors, so it is impossible to distinguish between a non-jwt and, say, an expired jwt. Should throw different exception types.

According to RFC7519 ( https://tools.ietf.org/html/rfc7519#section-5.1 ):

If present, it is RECOMMENDED that
its value be "JWT" to indicate that this object is a JWT. While
media type names are not case sensitive, it is RECOMMENDED that "JWT"
always be spelled using uppercase characters for compatibility with
legacy implementations. Use of this Header Parameter is OPTIONAL.

Also it should be case-insensitive.

Currently if the 'typ' header is missing such token considered to be invalid:

& tools/jwttool -V eyJhbGciOiJSUzI1NiJ9.<payload>.<signature>
The token is invalid. "typ" should be "JWT". Actual value: "".

I'm tried to link library by CMakeLists.txt, but compilation failed with error:

/usr/bin/ld: /usr/local/lib/libjwtxx.a(utils.cpp.o): undefined reference to «X509_free@@OPENSSL_1.0.0»
//lib/x86_64-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status

What's the reason of this error?

The JWTXX::Pairs is essentially typedef std::unordered_map< std::string, std::string > and doesn't let me specify an integar for the value of a pair. This causes some problems if the receiving end is strict about the types. Is there an easy way to solve this?

JWTXX::stringToAlg throws JWTXX::Error. Should be JWTXX::JWT::ParseError.

Currently cppcheck is only applied to the library itself. Should also check tools.

I am creating token using HS256 algorithm. But I would like to create a new auth token after a particular interval.

The operator lacks deletion of previously allocated memory.

JWTXX should support password-protected keys.

The library doesn't seem to produce valid signatures when using the ES256 algorithm. We have a private/public elliptical curve key pair we use and the produced and verified signature only seem to work internally with the library.

The server we're trying to hit against seems to think the signature is invalid. Additionally, if I feed in a JWT string produced by a different library, jwtxx seems to think the signature is invalid as well.

In some cases we need to capture by reference, not by value.

'typ' and 'alg' header fields are ignored. Algorithm is taken from the key. JWT constructor/validator should also check these fields.

Currently it is possible to supply a non-jwt and receive only "Signature is invalid" error. In order to distinguish physical (structure) and logical (validation) errors the structure validation should be performed first.

After creating JWT::Token, sending the request to oauth2.googleapis to get the Access Token. But request failing with the following error response. Response: {"error":"invalid_grant","error_description":"Invalid grant: account not found"}

The build of the library works well, but I'm not able to compile the second examples.

Source code:
https://github.com/madf/jwtxx#rs256

Compile command:
$ g++ -Wall -ljwtxx -std=c++11 test_jwt.cpp

Output:
/tmp/ccwPesGx.o: In function main': test_jwt.cpp:(.text+0x113): undefined reference to JWTXX::JWT::JWT(JWTXX::Algorithm, std::unordered_map<std::string, std::string, std::hashstd::string, std::equal_tostd::string, std::allocator<std::pair<std::string const, std::string> > >, std::unordered_map<std::string, std::string, std::hashstd::string, std::equal_tostd::string, std::allocator<std::pair<std::string const, std::string> > >)'
test_jwt.cpp:(.text+0x1cb): undefined reference to JWTXX::JWT::token(std::string const&, std::function<std::string ()> const&) const' test_jwt.cpp:(.text+0x223): undefined reference to JWTXX::Validate::exp(long)'
test_jwt.cpp:(.text+0x2b0): undefined reference to JWTXX::Key::Key(JWTXX::Algorithm, std::string const&, std::function<std::string ()> const&)' test_jwt.cpp:(.text+0x2d4): undefined reference to JWTXX::JWT::JWT(std::string const&, JWTXX::Key, std::vector<std::function<JWTXX::ValidationResult (std::unordered_map<std::string, std::string, std::hashstd::string, std::equal_tostd::string, std::allocator<std::pair<std::string const, std::string> > > const&)>, std::allocator<std::function<JWTXX::ValidationResult (std::unordered_map<std::string, std::string, std::hashstd::string, std::equal_tostd::string, std::allocator<std::pair<std::string const, std::string> > > const&)> > >&&)'
test_jwt.cpp:(.text+0x2e3): undefined reference to JWTXX::Key::~Key()' test_jwt.cpp:(.text+0x39a): undefined reference to JWTXX::JWT::claim(std::string const&) const'
test_jwt.cpp:(.text+0x3e4): undefined reference to JWTXX::JWT::claim(std::string const&) const' test_jwt.cpp:(.text+0x406): undefined reference to JWTXX::algToString(JWTXX::Algorithm)'
test_jwt.cpp:(.text+0x611): undefined reference to `JWTXX::Key::~Key()'
collect2: error: ld returned 1 exit status

Where's the error? Or what I'm doing wrong?

The following (incorrect) signature causes jwttool carsh:
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ1c2VyIn0=.MEQCIBdCBXE3V2KVA6S0OEaAemHAPlRvzVgxg3bgKEQbSCNkAiBS2gtJold5hgkFk2yjidFFChcXg6DY8GmzyYOd4NExSQ==

Reason: terminate called without an active exception

JWTXX should check token expiration if present.

Hello, I have a question the output of sign function using ES256 algorithm.
According to the RFC 7515, the result of the digital signature is the Elliptic Curve (EC) point (R, S), where R and S are unsigned integers. The JWS Signature is the value R || S. When the algorithm is ES256, the length of R || S is 64. However, the jwtxx library produces size of 72(EVP_DigestSignFinal(,.,.&res)). Could you help me? Why the sizes are different?

Thank you in advance. Your lib and codes very helpful for me to understand the JWT.

If the token misses 'alg' or 'typ' jwttool still prints them. E.g. "eyJhbGciOiJSUzI1NiJ9." shows the following header:

{
        "typ": "JWT",
        "alg": "RS256"
}
.
<payload>

though the header is

& echo "eyJhbGciOiJSUzI1NiJ9" | base64 -d
{"alg":"RS256"}

Currently tests are included in the 'all' target. They are slow to compile and usually unnecessary. Should be excluded from the 'all' target.

When constructing a JWT from a token the constructor throws "Invalid token" if validation fails. Should be a meaningful error message.

JWTXX currently supports Linux (and probably FreeBSD) and Mac OS X. Should also support Windows - Cygwin/MinGW and Visual Studio.