hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.8.5, claims support jti, validity

Browse Source
This commit is contained in:
Hatter Jiang
2024-04-14 09:43:11 +08:00
parent 44a0e3512e
commit e13503116a
3 changed files with 620 additions and 424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1013
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.8.4" version = "1.8.5"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"

29
src/cmd_signjwt.rs
View File

@@ -4,8 +4,9 @@ use std::collections::BTreeMap;
use clap::{App, Arg, ArgMatches, SubCommand}; use clap::{App, Arg, ArgMatches, SubCommand};
use jwt::{AlgorithmType, Header, ToBase64}; use jwt::{AlgorithmType, Header, ToBase64};
use jwt::header::HeaderType; use jwt::header::HeaderType;
use rust_util::{util_msg, XResult}; use rust_util::{util_msg, util_time, XResult};
use rust_util::util_clap::{Command, CommandError}; use rust_util::util_clap::{Command, CommandError};
use serde_json::{Map, Number, Value};
use yubikey::{Certificate, YubiKey}; use yubikey::{Certificate, YubiKey};
use yubikey::piv::{AlgorithmId, sign_data}; use yubikey::piv::{AlgorithmId, sign_data};
@@ -25,6 +26,8 @@ impl Command for CommandImpl {
.arg(Arg::with_name("key-id").short("K").long("key-id").takes_value(true).help("Header key ID")) .arg(Arg::with_name("key-id").short("K").long("key-id").takes_value(true).help("Header key ID"))
.arg(Arg::with_name("claims").short("C").long("claims").takes_value(true).multiple(true).help("Claims, key:value")) .arg(Arg::with_name("claims").short("C").long("claims").takes_value(true).multiple(true).help("Claims, key:value"))
.arg(Arg::with_name("payload").short("P").long("payload").takes_value(true).help("Claims in JSON")) .arg(Arg::with_name("payload").short("P").long("payload").takes_value(true).help("Claims in JSON"))
.arg(Arg::with_name("jti").long("jti").help("Claims jti"))
.arg(Arg::with_name("validity").long("validity").takes_value(true).help("Claims validity period e.g. 10m means 10 minutes (s - second, m - minute, h - hour, d - day)"))
.arg(Arg::with_name("json").long("json").help("JSON output")) .arg(Arg::with_name("json").long("json").help("JSON output"))
} }
@@ -41,20 +44,23 @@ impl Command for CommandImpl {
let key_id = sub_arg_matches.value_of("key-id"); let key_id = sub_arg_matches.value_of("key-id");
let claims = sub_arg_matches.values_of("claims"); let claims = sub_arg_matches.values_of("claims");
let payload = sub_arg_matches.value_of("payload"); let payload = sub_arg_matches.value_of("payload");
let validity = sub_arg_matches.value_of("validity");
let jti = sub_arg_matches.is_present("jti");
let header = Header { let header = Header {
key_id: key_id.map(ToString::to_string), key_id: key_id.map(ToString::to_string),
type_: Some(HeaderType::JsonWebToken), type_: Some(HeaderType::JsonWebToken),
..Default::default() ..Default::default()
}; };
let mut jwt_claims = BTreeMap::new(); let mut jwt_claims = Map::new();
match (payload, claims) { match (payload, claims) {
(Some(_), _) => {} (Some(_), _) => {}
(_, Some(claims)) => { (_, Some(claims)) => {
for claim in claims { for claim in claims {
// TODO support multiple claim types
match split_claim(claim) { match split_claim(claim) {
None => { warning!("Claim '{}' do not contains ':'", claim); } None => { warning!("Claim '{}' do not contains ':'", claim); }
Some((k, v)) => { jwt_claims.insert(k, v); } Some((k, v)) => { jwt_claims.insert(k, Value::String(v)); }
} }
} }
if !jwt_claims.contains_key("sub") { if !jwt_claims.contains_key("sub") {
@@ -64,6 +70,21 @@ impl Command for CommandImpl {
_ => return simple_error!("Payload or Claims is required."), _ => return simple_error!("Payload or Claims is required."),
} }
// set jti, iat and sub
if jti && !jwt_claims.contains_key("jti") {
jwt_claims.insert("jti".to_string(), Value::String(format!("jti-{}", util_time::get_current_millis())));
}
if let Some(validity) = validity {
match util_time::parse_duration(validity) {
None => { warning!("Bad validity: {}", validity) }
Some(validity) => {
let current_secs = (util_time::get_current_millis() / 1000) as u64;
jwt_claims.insert("iat".to_string(), Value::Number(Number::from(current_secs)));
jwt_claims.insert("exp".to_string(), Value::Number(Number::from(current_secs + validity.as_secs())));
}
}
}
let token_string = sign_jwt(slot, &pin_opt, header, &payload, &jwt_claims)?; let token_string = sign_jwt(slot, &pin_opt, header, &payload, &jwt_claims)?;
success!("Singed JWT: {}", token_string); success!("Singed JWT: {}", token_string);
if json_output { json.insert("token", token_string.clone()); } if json_output { json.insert("token", token_string.clone()); }
@@ -76,7 +97,7 @@ impl Command for CommandImpl {
} }
fn sign_jwt(slot: &str, pin_opt: &Option<&str>, mut header: Header, payload: &Option<&str>, claims: &BTreeMap<String, String>) -> XResult<String> { fn sign_jwt(slot: &str, pin_opt: &Option<&str>, mut header: Header, payload: &Option<&str>, claims: &Map<String, Value>) -> XResult<String> {
let mut yk = opt_result!(YubiKey::open(), "Find YubiKey failed: {}"); let mut yk = opt_result!(YubiKey::open(), "Find YubiKey failed: {}");
let slot_id = opt_result!(pivutil::get_slot_id(slot), "Get slot id failed: {}"); let slot_id = opt_result!(pivutil::get_slot_id(slot), "Get slot id failed: {}");