25 #define DEPR(__msg) __declspec(deprecated)
27 #define alloca _alloca
28 #define strcasecmp _stricmp
29 #define strdup _strdup
32 #ifdef JWT_BUILD_SHARED_LIBRARY
33 #define JWT_EX __declspec(dllexport)
35 #define JWT_EX __declspec(dllimport)
43 #define DEPR(__msg) [[deprecated(__msg)]]
246typedef void *(*jwt_malloc_t)(size_t);
251typedef void *(*jwt_realloc_t)(
void *, size_t);
305#if defined(__GNUC__) || defined(__clang__)
309static inline void jwt_freep(
jwt_t **jwt) {
315#define jwt_auto_t jwt_t __attribute__((cleanup(jwt_freep)))
356 DEPR(
"use key") const
void *jwt_key;
360 DEPR(
"use key_len") int jwt_key_len;
401#define JWT_CONFIG_DECLARE(__name) \
402 jwt_config_t __name = { { NULL }, { 0 }, JWT_ALG_NONE, NULL}
416#define jwt_key_p_t jwt_callback_t
421#define jwt_key_t jwt_config_t
480JWT_EX DEPR(
"Migrate your code to jwt_verify()")
482 const
unsigned char *key,
int key_len);
jwk_key_op_t
Allowed key operations for JWK private keys.
int jwks_item_add(jwk_set_t *jwk_set, jwk_item_t *item)
Add a jwk_item_t to an existing jwk_set_t.
int jwks_error(jwk_set_t *jwk_set)
Check if there is an error within the jwk_set.
struct jwk_set jwk_set_t
Opaque JWKS object.
jwk_set_t * jwks_create(const char *jwk_json_str)
Create a new JWKS object for later use in validating JWTs.
jwk_key_type_t
JWK Key Types.
const char * jwks_error_msg(jwk_set_t *jwk_set)
Retrieve an error message from a jwk_set.
int jwks_item_free(jwk_set_t *jwk_set, size_t index)
Free all memory associated with the nth jwt_item_t in a jwk_set.
int jwks_item_free_all(jwk_set_t *jwk_set)
Free all memory associated with alljwt_item_t in a jwk_set.
jwk_pub_key_use_t
Usage types for JWK public keys.
int jwks_error_any(jwk_set_t *jwk_set)
Check if there is an error within the jwk_set and any of the jwk_item_t in the set.
void jwks_free(jwk_set_t *jwk_set)
Free all memory associated with a jwt_set_t, including any jwk_item_t in the set.
jwk_item_t * jwks_item_get(jwk_set_t *jwk_set, size_t index)
Return the index'th jwk_item in the jwk_set.
@ JWK_KEY_OP_DERIVE_BITS
Bits derivation.
@ JWK_KEY_OP_ENCRYPT
Used for encryption.
@ JWK_KEY_OP_WRAP
For wrapping other keys.
@ JWK_KEY_OP_UNWRAP
For unwrappng other keys.
@ JWK_KEY_OP_VERIFY
Signature verification.
@ JWK_KEY_OP_SIGN
Signing.
@ JWK_KEY_OP_NONE
No key_op set.
@ JWK_KEY_OP_DECRYPT
Used for decrypting.
@ JWK_KEY_OP_DERIVE_KEY
Key derivation.
@ JWK_KEY_OP_INVALID
Invalid key_ops in JWK.
@ JWK_KEY_TYPE_NONE
Unused on valid keys.
@ JWK_KEY_TYPE_OKP
Octet Key Pair (e.g.
@ JWK_KEY_TYPE_EC
Eliptic Curve keys.
@ JWK_KEY_TYPE_RSA
RSA keys (RSA and RSA-PSS)
@ JWK_PUB_KEY_USE_SIG
Signature validation (JWS)
@ JWK_PUB_KEY_USE_ENC
Decryption key (JWE)
@ JWK_PUB_KEY_USE_NONE
No usable attribute was set.
jwt_alg_t jwt_get_alg(const jwt_t *jwt)
Get the jwt_alg_t set for this JWT object.
int jwt_set_alg(jwt_t *jwt, jwt_alg_t alg, const unsigned char *key, int len)
Set an algorithm for a jwt_t object.
const char * jwt_alg_str(jwt_alg_t alg)
Convert alg type to it's string representation.
jwt_alg_t jwt_str_alg(const char *alg)
Convert alg string to type.
void jwt_config_init(jwt_config_t *config)
Intialize jwt_config_t to a clean state.
int(* jwt_callback_t)(const jwt_t *, jwt_config_t *)
Callback for operations involving verification of tokens.
jwt_alg_t
JWT algorithm types.
int jwt_new(jwt_t **jwt)
Allocate a new, empty, JWT object.
jwt_t * jwt_dup(jwt_t *jwt)
Duplicate an existing JWT object.
void jwt_free(jwt_t *jwt)
Free a JWT object and any other resources it is using.
@ JWT_ALG_INVAL
An invalid algorithm from the caller or the token.
@ JWT_ALG_NONE
No signature.
@ JWT_ALG_PS384
RSASSA-PSS using SHA-384 and MGF1 with SHA-384.
@ JWT_ALG_RS384
RSASSA-PKCS1-v1_5 using SHA-384.
@ JWT_ALG_HS512
HMAC using SHA-512.
@ JWT_ALG_PS512
RSASSA-PSS using SHA-512 and MGF1 with SHA-512.
@ JWT_ALG_ES256K
ECDSA using secp256k1 and SHA-256.
@ JWT_ALG_ES256
ECDSA using P-256 and SHA-256.
@ JWT_ALG_ES512
ECDSA using P-521 and SHA-512.
@ JWT_ALG_RS256
RSASSA-PKCS1-v1_5 using SHA-256.
@ JWT_ALG_HS256
HMAC using SHA-256.
@ JWT_ALG_EDDSA
EdDSA using Ed25519.
@ JWT_ALG_RS512
RSASSA-PKCS1-v1_5 using SHA-512.
@ JWT_ALG_PS256
RSASSA-PSS using SHA-256 and MGF1 with SHA-256.
@ JWT_ALG_ES384
ECDSA using P-384 and SHA-384.
@ JWT_ALG_HS384
HMAC using SHA-384.
int jwt_set_crypto_ops_t(jwt_crypto_provider_t opname)
Set the crypto operations to a jwt_crypto_provider_t type.
const char * jwt_get_crypto_ops(void)
Retrieve the name of the current crypto operations being used.
jwt_crypto_provider_t jwt_get_crypto_ops_t(void)
Retrieve the type of the current crypto operations being used.
int jwt_set_crypto_ops(const char *opname)
Set the crypto operations to the named set.
jwt_crypto_provider_t
Different providers for crypto operations.
int jwt_crypto_ops_supports_jwk(void)
Check if the current crypto operations support JWK usage.
@ JWT_CRYPTO_OPS_NONE
Used for error handling.
@ JWT_CRYPTO_OPS_MBEDTLS
MBedTLS embedded library.
@ JWT_CRYPTO_OPS_OPENSSL
OpenSSL Library.
@ JWT_CRYPTO_OPS_GNUTLS
GnuTLS Library.
char * jwt_encode_str(jwt_t *jwt)
Fully encode a JWT object and return as a string.
char * jwt_dump_str(jwt_t *jwt, int pretty)
Return plain text representation as a string.
void jwt_free_str(char *str)
Free a string returned from the library.
char * jwt_dump_grants_str(jwt_t *jwt, int pretty)
Return plain text representation of grants as a string.
int jwt_encode_fp(jwt_t *jwt, FILE *fp)
Fully encode a JWT object and write it to FILE.
int jwt_dump_fp(jwt_t *jwt, FILE *fp, int pretty)
Output plain text representation to a FILE pointer.
int jwt_add_grants_json(jwt_t *jwt, const char *json)
Add grants from a JSON encoded object string.
int jwt_del_grants(jwt_t *jwt, const char *grant)
Delete a grant from this JWT object.
const char * jwt_get_grant(jwt_t *jwt, const char *grant)
Return the value of a string grant.
int jwt_get_grant_bool(jwt_t *jwt, const char *grant)
Return the value of an boolean grant.
int jwt_add_grant(jwt_t *jwt, const char *grant, const char *val)
Add a new string grant to this JWT object.
char * jwt_get_grants_json(jwt_t *jwt, const char *grant)
Return the value of a grant as JSON encoded object string.
int jwt_add_grant_bool(jwt_t *jwt, const char *grant, int val)
Add a new boolean grant to this JWT object.
long jwt_get_grant_int(jwt_t *jwt, const char *grant)
Return the value of an integer grant.
int jwt_add_grant_int(jwt_t *jwt, const char *grant, long val)
Add a new integer grant to this JWT object.
int jwt_set_alloc(jwt_malloc_t pmalloc, jwt_realloc_t prealloc, jwt_free_t pfree)
Set functions to be used for allocating and freeing memory.
void jwt_get_alloc(jwt_malloc_t *pmalloc, jwt_realloc_t *prealloc, jwt_free_t *pfree)
Get functions used for allocating and freeing memory.
void(* jwt_free_t)(void *)
Prototype for free(3)
void *(* jwt_malloc_t)(size_t)
Prototype for malloc(3)
void *(* jwt_realloc_t)(void *, size_t)
Prototype for realloc(3)
const char * jwt_valid_get_grant(jwt_valid_t *jwt_valid, const char *grant)
Return the value of a string required grant.
time_t jwt_valid_get_exp_leeway(jwt_valid_t *jwt_valid)
Return the exp_leeway value set.
jwt_valid_exception_t jwt_valid_get_status(jwt_valid_t *jwt_valid)
Return the status string for the validation object.
int jwt_valid_set_exp_leeway(jwt_valid_t *jwt_valid, const time_t exp_leeway)
Set the exp_leeway value as defined in: https://www.rfc-editor.org/rfc/rfc7519#section-4....
jwt_valid_exception_t jwt_validate(jwt_t *jwt, jwt_valid_t *jwt_valid)
Validate a JWT object with a validation object.
jwt_valid_exception_t
Validation exception types for jwt_t objects.
int jwt_valid_add_grant_int(jwt_valid_t *jwt_valid, const char *grant, long val)
Add a new integer grant requirement to this JWT validation object.
int jwt_valid_set_nbf_leeway(jwt_valid_t *jwt_valid, const time_t nbf_leeway)
Set the nbf_leeway value as defined in: https://www.rfc-editor.org/rfc/rfc7519#section-4....
void jwt_valid_free(jwt_valid_t *jwt_valid)
Free a JWT validation object and any other resources it is using.
int jwt_valid_del_grants(jwt_valid_t *jwt_valid, const char *grant)
Delete a grant from this JWT object.
int jwt_valid_add_grants_json(jwt_valid_t *jwt_valid, const char *json)
Add required grants from a JSON encoded object string.
long jwt_valid_get_grant_int(jwt_valid_t *jwt_valid, const char *grant)
Return the value of an integer required grant.
char * jwt_exception_str(unsigned int exceptions)
Parses exceptions and returns a comma delimited and human-readable string.
int jwt_valid_set_headers(jwt_valid_t *jwt_valid, int hdr)
Set validation for replicated claims in headers.
int jwt_valid_add_grant(jwt_valid_t *jwt_valid, const char *grant, const char *val)
Add a new string grant requirement to this JWT validation object.
int jwt_valid_get_grant_bool(jwt_valid_t *jwt_valid, const char *grant)
Return the value of an boolean required grant.
struct jwt_valid jwt_valid_t
Opaque JWT Validation object.
char * jwt_valid_get_grants_json(jwt_valid_t *jwt_valid, const char *grant)
Return the value of a grant as JSON encoded object string.
int jwt_valid_set_now(jwt_valid_t *jwt_valid, const time_t now)
Set the time for which expires and not-before claims should be evaluated.
int jwt_valid_new(jwt_valid_t **jwt_valid, jwt_alg_t alg)
Allocate a new, JWT validation object.
int jwt_valid_add_grant_bool(jwt_valid_t *jwt_valid, const char *grant, int val)
Add a new boolean required grant to this JWT validation object.
time_t jwt_valid_get_nbf_leeway(jwt_valid_t *jwt_valid)
Return the nbf_leeway value set.
@ JWT_VALIDATION_ISS_MISMATCH
RFC-7519 Sec 4.1.1 "iss" Issuer
@ JWT_VALIDATION_GRANT_MISMATCH
User-defined Grant mismatch
@ JWT_VALIDATION_TOO_NEW
RFC-7519 Sec 4.1.5 "nbf" Not Before
@ JWT_VALIDATION_EXPIRED
RFC-7519 Sec 4.1.4 "exp" Expired
@ JWT_VALIDATION_SUCCESS
Validation succeeded
@ JWT_VALIDATION_GRANT_MISSING
User-defined Grant missing
@ JWT_VALIDATION_ALG_MISMATCH
RFC-7518 Sec 3.1 "alg" Algorithm
@ JWT_VALIDATION_SUB_MISMATCH
RFC-7519 Sec 4.1.2 "sub" Subject
@ JWT_VALIDATION_AUD_MISMATCH
RFC-7519 Sec 4.1.3 "aud" Audience
@ JWT_VALIDATION_ERROR
General failures
int jwt_decode(jwt_t **jwt, const char *token, const unsigned char *key, int key_len)
Decode a JWT.
int jwt_verify(jwt_t **jwt, const char *token, jwt_config_t *config)
Decode and verify a JWT.
int jwt_verify_wcb(jwt_t **jwt, const char *token, jwt_config_t *config, jwt_callback_t cb)
Decode and verify a JWT, with user callback.
int jwt_decode_2(jwt_t **jwt, const char *token, jwt_callback_t cb)
Decode a JWT with a user provided callback.
Structural representation of a JWK.
size_t bits
The number of bits in the key (may be 0)
jwk_key_op_t key_ops
Bitwise flags of "key_ops" supported for this key
int is_private_key
Whether this is a public or private key
void * provider_data
Internal data used by the provider
char * kid
RFC-7517 Sec 4.5
jwk_pub_key_use_t use
Value of the JWK "use" attribute
jwt_crypto_provider_t provider
Crypto provider that owns this key
jwt_alg_t alg
Valid "alg" that this key can be used for
jwk_key_type_t kty
The key type of this key
int error
Shows there is an error present in this key (unusable)
char * pem
If not NULL, contains PEM string of this key
Structure used to manage configuration state.
size_t key_len
Length of key material
const void * key
Pointer to key material.