Rhonabwy
Javascript Object Signing and Encryption (JOSE) library - JWK, JWKS, JWS, JWE and JWT
Functions
JWT functions

Functions

int r_jwt_set_properties (jwt_t *jwt,...)
 
jwt_tr_jwt_copy (jwt_t *jwt)
 
int r_jwt_set_header_str_value (jwt_t *jwt, const char *key, const char *str_value)
 
int r_jwt_set_header_int_value (jwt_t *jwt, const char *key, rhn_int_t i_value)
 
int r_jwt_set_header_json_t_value (jwt_t *jwt, const char *key, json_t *j_value)
 
int r_jwt_set_full_header_json_t (jwt_t *jwt, json_t *j_header)
 
int r_jwt_set_full_header_json_str (jwt_t *jwt, const char *str_header)
 
const char * r_jwt_get_header_str_value (jwt_t *jwt, const char *key)
 
rhn_int_t r_jwt_get_header_int_value (jwt_t *jwt, const char *key)
 
json_t * r_jwt_get_header_json_t_value (jwt_t *jwt, const char *key)
 
json_t * r_jwt_get_full_header_json_t (jwt_t *jwt)
 
char * r_jwt_get_full_header_str (jwt_t *jwt)
 
int r_jwt_set_claim_str_value (jwt_t *jwt, const char *key, const char *str_value)
 
int r_jwt_set_claim_int_value (jwt_t *jwt, const char *key, rhn_int_t i_value)
 
int r_jwt_set_claim_json_t_value (jwt_t *jwt, const char *key, json_t *j_value)
 
const char * r_jwt_get_claim_str_value (jwt_t *jwt, const char *key)
 
rhn_int_t r_jwt_get_claim_int_value (jwt_t *jwt, const char *key)
 
json_t * r_jwt_get_claim_json_t_value (jwt_t *jwt, const char *key)
 
json_t * r_jwt_get_full_claims_json_t (jwt_t *jwt)
 
char * r_jwt_get_full_claims_str (jwt_t *jwt)
 
int r_jwt_set_full_claims_json_t (jwt_t *jwt, json_t *j_claim)
 
int r_jwt_set_full_claims_json_str (jwt_t *jwt, const char *str_claims)
 
int r_jwt_append_claims_json_t (jwt_t *jwt, json_t *j_claim)
 
int r_jwt_add_sign_keys (jwt_t *jwt, jwk_t *privkey, jwk_t *pubkey)
 
int r_jwt_add_sign_jwks (jwt_t *jwt, jwks_t *jwks_privkey, jwks_t *jwks_pubkey)
 
int r_jwt_add_sign_keys_json_str (jwt_t *jwt, const char *privkey, const char *pubkey)
 
int r_jwt_add_sign_keys_json_t (jwt_t *jwt, json_t *privkey, json_t *pubkey)
 
int r_jwt_add_sign_keys_pem_der (jwt_t *jwt, int format, const unsigned char *privkey, size_t privkey_len, const unsigned char *pubkey, size_t pubkey_len)
 
int r_jwt_add_sign_keys_gnutls (jwt_t *jwt, gnutls_privkey_t privkey, gnutls_pubkey_t pubkey)
 
int r_jwt_add_sign_key_symmetric (jwt_t *jwt, const unsigned char *key, size_t key_len)
 
jwks_tr_jwt_get_sign_jwks_privkey (jwt_t *jwt)
 
jwks_tr_jwt_get_sign_jwks_pubkey (jwt_t *jwt)
 
int r_jwt_add_enc_keys (jwt_t *jwt, jwk_t *privkey, jwk_t *pubkey)
 
int r_jwt_add_enc_jwks (jwt_t *jwt, jwks_t *jwks_privkey, jwks_t *jwks_pubkey)
 
int r_jwt_add_enc_keys_json_str (jwt_t *jwt, const char *privkey, const char *pubkey)
 
int r_jwt_add_enc_keys_json_t (jwt_t *jwt, json_t *privkey, json_t *pubkey)
 
int r_jwt_add_enc_keys_pem_der (jwt_t *jwt, int format, const unsigned char *privkey, size_t privkey_len, const unsigned char *pubkey, size_t pubkey_len)
 
int r_jwt_add_enc_keys_gnutls (jwt_t *jwt, gnutls_privkey_t privkey, gnutls_pubkey_t pubkey)
 
int r_jwt_add_enc_key_symmetric (jwt_t *jwt, const unsigned char *key, size_t key_len)
 
jwks_tr_jwt_get_enc_jwks_privkey (jwt_t *jwt)
 
jwks_tr_jwt_get_enc_jwks_pubkey (jwt_t *jwt)
 
int r_jwt_set_sign_alg (jwt_t *jwt, jwa_alg alg)
 
jwa_alg r_jwt_get_sign_alg (jwt_t *jwt)
 
int r_jwt_set_enc_alg (jwt_t *jwt, jwa_alg alg)
 
jwa_alg r_jwt_get_enc_alg (jwt_t *jwt)
 
int r_jwt_set_enc (jwt_t *jwt, jwa_enc enc)
 
jwa_enc r_jwt_get_enc (jwt_t *jwt)
 
const char * r_jwt_get_enc_kid (jwt_t *jwt)
 
const char * r_jwt_get_sig_kid (jwt_t *jwt)
 
int r_jwt_set_enc_cypher_key (jwt_t *jwt, const unsigned char *key, size_t key_len)
 
const unsigned char * r_jwt_get_enc_cypher_key (jwt_t *jwt, size_t *key_len)
 
int r_jwt_generate_enc_cypher_key (jwt_t *jwt)
 
int r_jwt_set_enc_iv (jwt_t *jwt, const unsigned char *iv, size_t iv_len)
 
const unsigned char * r_jwt_get_enc_iv (jwt_t *jwt, size_t *iv_len)
 
int r_jwt_generate_iv (jwt_t *jwt)
 
char * r_jwt_serialize_signed (jwt_t *jwt, jwk_t *privkey, int x5u_flags)
 
char * r_jwt_serialize_signed_unsecure (jwt_t *jwt, jwk_t *privkey, int x5u_flags)
 
char * r_jwt_serialize_encrypted (jwt_t *jwt, jwk_t *pubkey, int x5u_flags)
 
char * r_jwt_serialize_nested (jwt_t *jwt, unsigned int type, jwk_t *sign_key, int sign_key_x5u_flags, jwk_t *encrypt_key, int encrypt_key_x5u_flags)
 
int r_jwt_parse (jwt_t *jwt, const char *token, int x5u_flags)
 
int r_jwt_parsen (jwt_t *jwt, const char *token, size_t token_len, int x5u_flags)
 
int r_jwt_parse_unsecure (jwt_t *jwt, const char *token, int x5u_flags)
 
int r_jwt_parsen_unsecure (jwt_t *jwt, const char *token, size_t token_len, int x5u_flags)
 
int r_jwt_advanced_parse (jwt_t *jwt, const char *token, uint32_t parse_flags, int x5u_flags)
 
int r_jwt_advanced_parsen (jwt_t *jwt, const char *token, size_t token_len, uint32_t parse_flags, int x5u_flags)
 
jwt_tr_jwt_quick_parse (const char *token, uint32_t parse_flags, int x5u_flags)
 
jwt_tr_jwt_quick_parsen (const char *token, size_t token_len, uint32_t parse_flags, int x5u_flags)
 
int r_jwt_get_type (jwt_t *jwt)
 
int r_jwt_token_type (const char *token)
 
int r_jwt_token_typen (const char *token, size_t token_len)
 
int r_jwt_verify_signature (jwt_t *jwt, jwk_t *pubkey, int x5u_flags)
 
int r_jwt_decrypt (jwt_t *jwt, jwk_t *privkey, int x5u_flags)
 
int r_jwt_decrypt_verify_signature_nested (jwt_t *jwt, jwk_t *verify_key, int verify_key_x5u_flags, jwk_t *decrypt_key, int decrypt_key_x5u_flags)
 
int r_jwt_decrypt_nested (jwt_t *jwt, jwk_t *decrypt_key, int decrypt_key_x5u_flags)
 
int r_jwt_verify_signature_nested (jwt_t *jwt, jwk_t *verify_key, int verify_key_x5u_flags)
 
int r_jwt_validate_claims (jwt_t *jwt,...)
 
int r_jwt_set_claims (jwt_t *jwt,...)
 

Detailed Description

Manage JSON Web Token

Function Documentation

◆ r_jwt_add_enc_jwks()

int r_jwt_add_enc_jwks ( jwt_t jwt,
jwks_t jwks_privkey,
jwks_t jwks_pubkey 
)

Adds private and/or public keys sets for the cypher key encryption and decryption

Parameters
jwtthe jwt_t to update
jwks_privkeythe private key set in jwks_t * format, can be NULL
jwks_pubkeythe public key set in jwks_t * format, can be NULL
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_enc_key_symmetric()

int r_jwt_add_enc_key_symmetric ( jwt_t jwt,
const unsigned char *  key,
size_t  key_len 
)

Add symmetric key by value to perform encryption ot decryption to the JWT

Parameters
jwtthe jwt_t to update
keythe raw key value
key_lenthe length of the key
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_enc_keys()

int r_jwt_add_enc_keys ( jwt_t jwt,
jwk_t privkey,
jwk_t pubkey 
)

Add keys to perform encryption ot decryption to the JWT

Parameters
jwtthe jwt_t to update
privkeythe private key to decrypt the JWT
pubkeythe public key to encrypt the JWT
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_enc_keys_gnutls()

int r_jwt_add_enc_keys_gnutls ( jwt_t jwt,
gnutls_privkey_t  privkey,
gnutls_pubkey_t  pubkey 
)

Add keys to perform encryption ot decryption to the JWT keys must be gnutls key structures

Parameters
jwtthe jwt_t to update
privkeythe private key to enc the JWT
pubkeythe public key to verify the JWT encature
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_enc_keys_json_str()

int r_jwt_add_enc_keys_json_str ( jwt_t jwt,
const char *  privkey,
const char *  pubkey 
)

Add keys to perform encryption ot decryption to the JWT keys must be a JWK stringified

Parameters
jwtthe jwt_t to update
privkeythe private key to enc the JWT
pubkeythe public key to verify the JWT encature
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_enc_keys_json_t()

int r_jwt_add_enc_keys_json_t ( jwt_t jwt,
json_t *  privkey,
json_t *  pubkey 
)

Add keys to perform encryption ot decryption to the JWT keys must be a JWK in json_t * format

Parameters
jwtthe jwt_t to update
privkeythe private key to enc the JWT
pubkeythe public key to verify the JWT encature
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_enc_keys_pem_der()

int r_jwt_add_enc_keys_pem_der ( jwt_t jwt,
int  format,
const unsigned char *  privkey,
size_t  privkey_len,
const unsigned char *  pubkey,
size_t  pubkey_len 
)

Add keys to perform encryption ot decryption to the JWT keys must be in PEM or DER format

Parameters
jwtthe jwt_t to update
formatthe format of the input, values available are R_FORMAT_PEM or R_FORMAT_DER
privkeythe private key to sign the
privkey_lenlength of privkey
pubkeythe public key to verify the signature
pubkey_lenlength of pubkey
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_sign_jwks()

int r_jwt_add_sign_jwks ( jwt_t jwt,
jwks_t jwks_privkey,
jwks_t jwks_pubkey 
)

Adds private and/or public keys sets for the signature and verification

Parameters
jwtthe jwt_t to update
jwks_privkeythe private key set in jwk_t * format, can be NULL
jwks_pubkeythe public key set in jwk_t * format, can be NULL
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_sign_key_symmetric()

int r_jwt_add_sign_key_symmetric ( jwt_t jwt,
const unsigned char *  key,
size_t  key_len 
)

Add symmetric key by value to perform signature or signature verification to the JWT

Parameters
jwtthe jwt_t to update
keythe raw key value
key_lenthe length of the key
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_sign_keys()

int r_jwt_add_sign_keys ( jwt_t jwt,
jwk_t privkey,
jwk_t pubkey 
)

Add keys to perform signature or signature verification to the JWT

Parameters
jwtthe jwt_t to update
privkeythe private key to sign the JWT
pubkeythe public key to verify the JWT signature
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_sign_keys_gnutls()

int r_jwt_add_sign_keys_gnutls ( jwt_t jwt,
gnutls_privkey_t  privkey,
gnutls_pubkey_t  pubkey 
)

Add keys to perform signature or signature verification to the JWT keys must be gnutls key structures

Parameters
jwtthe jwt_t to update
privkeythe private key to sign the JWT
pubkeythe public key to verify the JWT signature
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_sign_keys_json_str()

int r_jwt_add_sign_keys_json_str ( jwt_t jwt,
const char *  privkey,
const char *  pubkey 
)

Add keys to perform signature or signature verification to the JWT keys must be a JWK stringified

Parameters
jwtthe jwt_t to update
privkeythe private key to sign the JWT
pubkeythe public key to verify the JWT signature
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_sign_keys_json_t()

int r_jwt_add_sign_keys_json_t ( jwt_t jwt,
json_t *  privkey,
json_t *  pubkey 
)

Add keys to perform signature or signature verification to the JWT keys must be a JWK in json_t * format

Parameters
jwtthe jwt_t to update
privkeythe private key to sign the JWT
pubkeythe public key to verify the JWT signature
Returns
RHN_OK on success, an error value on error

◆ r_jwt_add_sign_keys_pem_der()

int r_jwt_add_sign_keys_pem_der ( jwt_t jwt,
int  format,
const unsigned char *  privkey,
size_t  privkey_len,
const unsigned char *  pubkey,
size_t  pubkey_len 
)

Add keys to perform signature or signature verification to the JWT keys must be in PEM or DER format

Parameters
jwtthe jwt_t to update
formatthe format of the input, values available are R_FORMAT_PEM or R_FORMAT_DER
privkeythe private key to sign the
privkey_lenlength of privkey
pubkeythe public key to verify the signature
pubkey_lenlength of pubkey
Returns
RHN_OK on success, an error value on error

◆ r_jwt_advanced_parse()

int r_jwt_advanced_parse ( jwt_t jwt,
const char *  token,
uint32_t  parse_flags,
int  x5u_flags 
)

Parses a serialized JWT If the JWT is signed only, the claims will be available If the JWT is encrypted, the claims will not be accessible until r_jwt_decrypt or r_jwt_decrypt_verify_signature_nested is succesfull

Parameters
jwtthe jwt that will contain the parsed token
tokenthe token to parse into a JWT, must end with a NULL string terminator
parse_flagsFlags to set or unset options Flags available are
  • R_PARSE_NONE
  • R_PARSE_HEADER_JWK
  • R_PARSE_HEADER_JKU
  • R_PARSE_HEADER_X5C
  • R_PARSE_HEADER_X5U
  • R_PARSE_HEADER_ALL
  • R_PARSE_UNSIGNED
  • R_PARSE_ALL
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_advanced_parsen()

int r_jwt_advanced_parsen ( jwt_t jwt,
const char *  token,
size_t  token_len,
uint32_t  parse_flags,
int  x5u_flags 
)

Parses a serialized JWT If the JWT is signed only, the claims will be available If the JWT is encrypted, the claims will not be accessible until r_jwt_decrypt or r_jwt_decrypt_verify_signature_nested is succesfull

Parameters
jwtthe jwt that will contain the parsed token
tokenthe token to parse into a JWT
token_lentoken length
parse_flagsFlags to set or unset options Flags available are
  • R_PARSE_NONE
  • R_PARSE_HEADER_JWK
  • R_PARSE_HEADER_JKU
  • R_PARSE_HEADER_X5C
  • R_PARSE_HEADER_X5U
  • R_PARSE_HEADER_ALL
  • R_PARSE_UNSIGNED
  • R_PARSE_ALL
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_append_claims_json_t()

int r_jwt_append_claims_json_t ( jwt_t jwt,
json_t *  j_claim 
)

Append the given JSON object in the JWT payload Replace existing claim if already set

Parameters
jwtthe jwt_t to get the value
j_claimthe payload to set, must be JSON object
Returns
RHN_OK on success, an error value on error

◆ r_jwt_copy()

jwt_t * r_jwt_copy ( jwt_t jwt)

Return a copy of the JWT

Parameters
jwtthe jwt_t to duplicate
Returns
a copy of jwt

◆ r_jwt_decrypt()

int r_jwt_decrypt ( jwt_t jwt,
jwk_t privkey,
int  x5u_flags 
)

Decrypts the payload of the JWT

Parameters
jwtthe jwt_t to decrypt
privkeythe private key to decrypt cypher key, can be NULL if jwt already contains a private key
x5u_flagsFlags to retrieve x5u certificates in privkey pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_decrypt_nested()

int r_jwt_decrypt_nested ( jwt_t jwt,
jwk_t decrypt_key,
int  decrypt_key_x5u_flags 
)

Decrypts a nested JWT, do not verify the signature Fills the claims if the decryption is succesfull

Parameters
jwtthe jwt_t to decrypt and verify signature
decrypt_keythe private key to decrypt cypher key, can be NULL if jwt already contains a private key
decrypt_key_x5u_flagsFlags to retrieve x5u certificates in decrypt_key pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_decrypt_verify_signature_nested()

int r_jwt_decrypt_verify_signature_nested ( jwt_t jwt,
jwk_t verify_key,
int  verify_key_x5u_flags,
jwk_t decrypt_key,
int  decrypt_key_x5u_flags 
)

Decrypts and verifies the signature of a nested JWT Fills the claims if the decryption and signature verifiation are succesfull

Parameters
jwtthe jwt_t to decrypt and verify signature
verify_keythe public key to check the signature, can be NULL if jws already contains a public key
verify_key_x5u_flagsFlags to retrieve x5u certificates in verify_key pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
decrypt_keythe private key to decrypt cypher key, can be NULL if jwt already contains a private key
decrypt_key_x5u_flagsFlags to retrieve x5u certificates in decrypt_key pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_generate_enc_cypher_key()

int r_jwt_generate_enc_cypher_key ( jwt_t jwt)

Generates a random cypher key

Parameters
jwtthe jwt_t to update
Returns
RHN_OK on success, an error value on error

◆ r_jwt_generate_iv()

int r_jwt_generate_iv ( jwt_t jwt)

Generates a random Initialization Vector (iv)

Parameters
jwtthe jwt_t to update
Returns
RHN_OK on success, an error value on error

◆ r_jwt_get_claim_int_value()

rhn_int_t r_jwt_get_claim_int_value ( jwt_t jwt,
const char *  key 
)

Gets an integer value from the JWT claim

Parameters
jwtthe jwt_t to get the value
keythe key to retreive the value
Returns
an rhn_int_t value, 0 if not present

◆ r_jwt_get_claim_json_t_value()

json_t * r_jwt_get_claim_json_t_value ( jwt_t jwt,
const char *  key 
)

Gets a JSON value from the JWT claim

Parameters
jwtthe jwt_t to get the value
keythe key to retreive the value
Returns
a json_t * value, NULL if not present

◆ r_jwt_get_claim_str_value()

const char * r_jwt_get_claim_str_value ( jwt_t jwt,
const char *  key 
)

Gets a string value from the JWT claim

Parameters
jwtthe jwt_t to get the value
keythe key to retreive the value
Returns
a string value, NULL if not present

◆ r_jwt_get_enc()

jwa_enc r_jwt_get_enc ( jwt_t jwt)

Get the JWT enc used for payload encryption

Parameters
jwtthe jwt_t
Returns
the encorithm used for payload encryption

◆ r_jwt_get_enc_alg()

jwa_alg r_jwt_get_enc_alg ( jwt_t jwt)

Get the JWT alg used for key encryption

Parameters
jwtthe jwt_t
Returns
the algorithm used for key encryption

◆ r_jwt_get_enc_cypher_key()

const unsigned char * r_jwt_get_enc_cypher_key ( jwt_t jwt,
size_t *  key_len 
)

Gets the cypher key to encrypt or decrypt the payload

Parameters
jwtthe jwt_t to get the value
key_lenset the size of the key, may be NULL
Returns
the key to encrypt or decrypt the payload

◆ r_jwt_get_enc_iv()

const unsigned char * r_jwt_get_enc_iv ( jwt_t jwt,
size_t *  iv_len 
)

Gets the Initialization Vector (iv)

Parameters
jwtthe jwt_t to get the value
iv_lenset the size of the iv, may be NULL
Returns
the iv

◆ r_jwt_get_enc_jwks_privkey()

jwks_t * r_jwt_get_enc_jwks_privkey ( jwt_t jwt)

Get private keys set for the cypher key decryption

Parameters
jwtthe jwt_t to get the value
Returns
the private key set in jwks_t * format

◆ r_jwt_get_enc_jwks_pubkey()

jwks_t * r_jwt_get_enc_jwks_pubkey ( jwt_t jwt)

Get public keys set for the cypher key encryption

Parameters
jwtthe jwt_t to get the value
Returns
the public key set in jwks_t * format

◆ r_jwt_get_enc_kid()

const char * r_jwt_get_enc_kid ( jwt_t jwt)

Get the KID specified in the header for payload encryption

Parameters
jwtthe jwt_t
Returns
the KID

◆ r_jwt_get_full_claims_json_t()

json_t * r_jwt_get_full_claims_json_t ( jwt_t jwt)

Return the full JWT claim in JSON format

Parameters
jwtthe jwt_t to get the value
Returns
a json_t * value

◆ r_jwt_get_full_claims_str()

char * r_jwt_get_full_claims_str ( jwt_t jwt)

Return the full JWT claims in char *

Parameters
jwtthe jwt_t to get the value
Returns
a char * value, must be r_free'd after use

◆ r_jwt_get_full_header_json_t()

json_t * r_jwt_get_full_header_json_t ( jwt_t jwt)

Return the full JWT header in JSON format

Parameters
jwtthe jwt_t to get the value
Returns
a json_t * value

◆ r_jwt_get_full_header_str()

char * r_jwt_get_full_header_str ( jwt_t jwt)

Return the full JWT header in char *

Parameters
jwtthe jwt_t to get the value
Returns
a char * value, must be r_free'd after use

◆ r_jwt_get_header_int_value()

rhn_int_t r_jwt_get_header_int_value ( jwt_t jwt,
const char *  key 
)

Gets an integer value from the JWT header

Parameters
jwtthe jwt_t to get the value
keythe key to retreive the value
Returns
an rhn_int_t value, 0 if not present

◆ r_jwt_get_header_json_t_value()

json_t * r_jwt_get_header_json_t_value ( jwt_t jwt,
const char *  key 
)

Gets a JSON value from the JWT header

Parameters
jwtthe jwt_t to get the value
keythe key to retreive the value
Returns
a json_t * value, NULL if not present

◆ r_jwt_get_header_str_value()

const char * r_jwt_get_header_str_value ( jwt_t jwt,
const char *  key 
)

Gets a string value from the JWT header

Parameters
jwtthe jwt_t to get the value
keythe key to retreive the value
Returns
a string value, NULL if not present

◆ r_jwt_get_sig_kid()

const char * r_jwt_get_sig_kid ( jwt_t jwt)

Get the KID specified in the header for signature

Parameters
jwtthe jwt_t
Returns
the KID

◆ r_jwt_get_sign_alg()

jwa_alg r_jwt_get_sign_alg ( jwt_t jwt)

Get the JWT alg used for signature

Parameters
jwtthe jwt_t
Returns
the algorithm used for signature

◆ r_jwt_get_sign_jwks_privkey()

jwks_t * r_jwt_get_sign_jwks_privkey ( jwt_t jwt)

Get private keys set for the signature

Parameters
jwtthe jwt_t to get the value
Returns
the private key set in jwks_t * format

◆ r_jwt_get_sign_jwks_pubkey()

jwks_t * r_jwt_get_sign_jwks_pubkey ( jwt_t jwt)

Get public keys set for the verification

Parameters
jwtthe jwt_t to get the value
Returns
the public key set in jwks_t * format

◆ r_jwt_get_type()

int r_jwt_get_type ( jwt_t jwt)

Get the type of JWT after a succesfull r_jwt_parse

Parameters
jwtthe jwt_t to check
Returns
the type of JWT, values available are R_JWT_TYPE_NONE: not a JWT R_JWT_TYPE_SIGN: A signed JWT R_JWT_TYPE_ENCRYPT: An encrypted JWT R_JWT_TYPE_NESTED_SIGN_THEN_ENCRYPT: A nested JWT first signed, then encrypted R_JWT_TYPE_NESTED_ENCRYPT_THEN_SIGN: A nested JWT first encrypted, then signed

◆ r_jwt_parse()

int r_jwt_parse ( jwt_t jwt,
const char *  token,
int  x5u_flags 
)

Parses a serialized JWT If the JWT is signed only, the claims will be available If the JWT is encrypted, the claims will not be accessible until r_jwt_decrypt or r_jwt_decrypt_verify_signature_nested is succesfull

Parameters
jwtthe jwt that will contain the parsed token
tokenthe token to parse into a JWT, must end with a NULL string terminator
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_parse_unsecure()

int r_jwt_parse_unsecure ( jwt_t jwt,
const char *  token,
int  x5u_flags 
)

Parses a serialized JWT Allows to parse unsigned JWT If the JWT is signed only, the claims will be available If the JWT is encrypted, the claims will not be accessible until r_jwt_decrypt or r_jwt_decrypt_verify_signature_nested is succesfull

Parameters
jwtthe jwt that will contain the parsed token
tokenthe token to parse into a JWT, must end with a NULL string terminator
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_parsen()

int r_jwt_parsen ( jwt_t jwt,
const char *  token,
size_t  token_len,
int  x5u_flags 
)

Parses a serialized JWT If the JWT is signed only, the claims will be available If the JWT is encrypted, the claims will not be accessible until r_jwt_decrypt or r_jwt_decrypt_verify_signature_nested is succesfull

Parameters
jwtthe jwt that will contain the parsed token
tokenthe token to parse into a JWT
token_lentoken length
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_parsen_unsecure()

int r_jwt_parsen_unsecure ( jwt_t jwt,
const char *  token,
size_t  token_len,
int  x5u_flags 
)

Parses a serialized JWT Allows to parse unsigned JWT If the JWT is signed only, the claims will be available If the JWT is encrypted, the claims will not be accessible until r_jwt_decrypt or r_jwt_decrypt_verify_signature_nested is succesfull

Parameters
jwtthe jwt that will contain the parsed token
tokenthe token to parse into a JWT
token_lentoken length
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_quick_parse()

jwt_t * r_jwt_quick_parse ( const char *  token,
uint32_t  parse_flags,
int  x5u_flags 
)

Parses a serialized JWT If the JWT is signed only, the claims will be available If the JWT is encrypted, the claims will not be accessible until r_jwt_decrypt or r_jwt_decrypt_verify_signature_nested is succesfull

Parameters
tokenthe token to parse into a JWT, must end with a NULL string terminator
parse_flagsFlags to set or unset options Flags available are
  • R_PARSE_NONE
  • R_PARSE_HEADER_JWK
  • R_PARSE_HEADER_JKU
  • R_PARSE_HEADER_X5C
  • R_PARSE_HEADER_X5U
  • R_PARSE_HEADER_ALL
  • R_PARSE_UNSIGNED
  • R_PARSE_ALL
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
a new jwt_t * on success, NULL on error

◆ r_jwt_quick_parsen()

jwt_t * r_jwt_quick_parsen ( const char *  token,
size_t  token_len,
uint32_t  parse_flags,
int  x5u_flags 
)

Parses a serialized JWT If the JWT is signed only, the claims will be available If the JWT is encrypted, the claims will not be accessible until r_jwt_decrypt or r_jwt_decrypt_verify_signature_nested is succesfull

Parameters
tokenthe token to parse into a JWT
token_lentoken length
parse_flagsFlags to set or unset options Flags available are
  • R_PARSE_NONE
  • R_PARSE_HEADER_JWK
  • R_PARSE_HEADER_JKU
  • R_PARSE_HEADER_X5C
  • R_PARSE_HEADER_X5U
  • R_PARSE_HEADER_ALL
  • R_PARSE_UNSIGNED
  • R_PARSE_ALL
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
a new jwt_t * on success, NULL on error

◆ r_jwt_serialize_encrypted()

char * r_jwt_serialize_encrypted ( jwt_t jwt,
jwk_t pubkey,
int  x5u_flags 
)

Return an encrypted JWT in serialized format (xxx.yyy.zzz.aaa.bbb)

Parameters
jwtthe jwt_t to encrypt
pubkeythe public key to encrypt the JWT, may be NULL
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return NULL
Returns
RHN_OK on success, an error value on error

◆ r_jwt_serialize_nested()

char * r_jwt_serialize_nested ( jwt_t jwt,
unsigned int  type,
jwk_t sign_key,
int  sign_key_x5u_flags,
jwk_t encrypt_key,
int  encrypt_key_x5u_flags 
)

Return a nested JWT in serialized format A nested JWT can be signed, then encrypted, or encrypted, then signed

Parameters
jwtthe jwt_t to serialize
typethe nesting type Values available are
  • R_JWT_TYPE_NESTED_SIGN_THEN_ENCRYPT: the JWT will be signed, then the token will be encrypted in a JWE
  • R_JWT_TYPE_NESTED_ENCRYPT_THEN_SIGN: The JWT will be encrypted, then the token will be signed in a JWS
sign_keythe key to sign the JWT, may be NULL
sign_key_x5u_flagsFlags to retrieve x5u certificates in sign_key pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return NULL
encrypt_keythe key to encrypt the JWT, may be NULL
encrypt_key_x5u_flagsFlags to retrieve x5u certificates in encrypt_key pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return NULL
Returns
RHN_OK on success, an error value on error

◆ r_jwt_serialize_signed()

char * r_jwt_serialize_signed ( jwt_t jwt,
jwk_t privkey,
int  x5u_flags 
)

Return a signed JWT in serialized format (xxx.yyy.zzz)

Parameters
jwtthe jwt_t to sign
privkeythe private key to sign the JWT, may be NULL
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return NULL
Returns
RHN_OK on success, an error value on error

◆ r_jwt_serialize_signed_unsecure()

char * r_jwt_serialize_signed_unsecure ( jwt_t jwt,
jwk_t privkey,
int  x5u_flags 
)

Return a signed JWT in serialized format (xxx.yyy.zzz) Allows to serialize unsigned JWT

Parameters
jwtthe jwt_t to sign
privkeythe private key to sign the JWT, may be NULL
x5u_flagsFlags to retrieve x5u certificates pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return NULL
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_claim_int_value()

int r_jwt_set_claim_int_value ( jwt_t jwt,
const char *  key,
rhn_int_t  i_value 
)

Adds an integer value to the JWT claim

Parameters
jwtthe jwt_t to update
keythe key to set to the JWT claim
i_valuethe value to set
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_claim_json_t_value()

int r_jwt_set_claim_json_t_value ( jwt_t jwt,
const char *  key,
json_t *  j_value 
)

Adds a JSON value to the JWT claim

Parameters
jwtthe jwt_t to update
keythe key to set to the JWT claim
j_valuethe value to set
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_claim_str_value()

int r_jwt_set_claim_str_value ( jwt_t jwt,
const char *  key,
const char *  str_value 
)

Adds a string value to the JWT claim

Parameters
jwtthe jwt_t to update
keythe key to set to the JWT claim
str_valuethe value to set
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_claims()

int r_jwt_set_claims ( jwt_t jwt,
  ... 
)

Set the jwt claims with the list of claims given in parameters The list must end with the claim type R_JWT_CLAIM_NOP Claim types available

  • R_JWT_CLAIM_ISS: claim "iss", values expected a string
  • R_JWT_CLAIM_SUB: claim "sub", values expected a string
  • R_JWT_CLAIM_AUD: claim "aud", values expected a string
  • R_JWT_CLAIM_EXP: claim "exp", value expected R_JWT_CLAIM_NOW or an positive integer value
  • R_JWT_CLAIM_NBF: claim "nbf", value expected R_JWT_CLAIM_NOW or an positive integer value
  • R_JWT_CLAIM_IAT: claim "iat", value expected R_JWT_CLAIM_NOW or an positive integer value
  • R_JWT_CLAIM_JTI: claim "jti", values expected a string
  • R_JWT_CLAIM_STR: claim name specified, then string value
  • R_JWT_CLAIM_INT: claim name specified, then int value
  • R_JWT_CLAIM_JSN: claim name specified, then json_t * value
  • R_JWT_CLAIM_TYP: header claim "typ", values expected a string
  • R_JWT_CLAIM_CTY: header claim "cty", values expected a string
  • R_JWT_CLAIM_AMR: claim "amr", an array of strings, values expected a string

◆ r_jwt_set_enc()

int r_jwt_set_enc ( jwt_t jwt,
jwa_enc  enc 
)

Set the JWT enc to use for payload encryption

Parameters
jwtthe jwt_t
encthe encorithm to use for payload encryption
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_enc_alg()

int r_jwt_set_enc_alg ( jwt_t jwt,
jwa_alg  alg 
)

Set the JWT alg to use for key encryption

Parameters
jwtthe jwt_t
algthe algorithm to use for key encryption
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_enc_cypher_key()

int r_jwt_set_enc_cypher_key ( jwt_t jwt,
const unsigned char *  key,
size_t  key_len 
)

Sets the cypher key to encrypt or decrypt the payload

Parameters
jwtthe jwt_t to update
keythe key to encrypt or decrypt the payload
key_lenthe size of the key
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_enc_iv()

int r_jwt_set_enc_iv ( jwt_t jwt,
const unsigned char *  iv,
size_t  iv_len 
)

Sets the Initialization Vector (iv)

Parameters
jwtthe jwt_t to update
ivthe iv to set
iv_lenthe size of the iv
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_full_claims_json_str()

int r_jwt_set_full_claims_json_str ( jwt_t jwt,
const char *  str_claims 
)

Set the full JWT claim in JSON format delete all existing value

Parameters
jwtthe jwt_t to get the value
str_claimsthe claim to set, must be JSON object in string format
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_full_claims_json_t()

int r_jwt_set_full_claims_json_t ( jwt_t jwt,
json_t *  j_claim 
)

Set the full JWT claim in JSON format delete all existing value

Parameters
jwtthe jwt_t to get the value
j_claimthe claim to set, must be JSON object
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_full_header_json_str()

int r_jwt_set_full_header_json_str ( jwt_t jwt,
const char *  str_header 
)

Sets the entire header with the stringified JSON value specified

Parameters
jwtthe jwt_t to update
str_headerthe header to set, must be a JSON object
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_full_header_json_t()

int r_jwt_set_full_header_json_t ( jwt_t jwt,
json_t *  j_header 
)

Sets the entire header with the JSON value specified

Parameters
jwtthe jwt_t to update
j_headerthe header to set, must be a JSON object
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_header_int_value()

int r_jwt_set_header_int_value ( jwt_t jwt,
const char *  key,
rhn_int_t  i_value 
)

Adds an integer value to the JWT header

Parameters
jwtthe jwt_t to update
keythe key to set to the JWT header
i_valuethe value to set
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_header_json_t_value()

int r_jwt_set_header_json_t_value ( jwt_t jwt,
const char *  key,
json_t *  j_value 
)

Adds a JSON value to the JWT header

Parameters
jwtthe jwt_t to update
keythe key to set to the JWT header
j_valuethe value to set
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_header_str_value()

int r_jwt_set_header_str_value ( jwt_t jwt,
const char *  key,
const char *  str_value 
)

Adds a string value to the JWT header

Parameters
jwtthe jwt_t to update
keythe key to set to the JWT header
str_valuethe value to set
Returns
RHN_OK on success, an error value on error

◆ r_jwt_set_properties()

int r_jwt_set_properties ( jwt_t jwt,
  ... 
)

Add multiple properties to the jwt_t *

Parameters
jwtthe jwt_t to set values
...set of values using a rhn_opt and following values

◆ r_jwt_set_sign_alg()

int r_jwt_set_sign_alg ( jwt_t jwt,
jwa_alg  alg 
)

Set the JWT alg to use for signature

Parameters
jwtthe jwt_t to update
algthe algorithm to use for signature
Returns
RHN_OK on success, an error value on error

◆ r_jwt_token_type()

int r_jwt_token_type ( const char *  token)

Guess the type of JWT based on the token format, but without parsing the token

Parameters
tokenthe token to check
Returns
the type of JWT, values available are R_JWT_TYPE_NONE: not a JWT R_JWT_TYPE_SIGN: A signed JWT R_JWT_TYPE_ENCRYPT: An encrypted JWT

◆ r_jwt_token_typen()

int r_jwt_token_typen ( const char *  token,
size_t  token_len 
)

Guess the type of JWT based on the token format, but without parsing the token

Parameters
tokenthe token to check
token_lentoken length
Returns
the type of JWT, values available are R_JWT_TYPE_NONE: not a JWT R_JWT_TYPE_SIGN: A signed JWT R_JWT_TYPE_ENCRYPT: An encrypted JWT

◆ r_jwt_validate_claims()

int r_jwt_validate_claims ( jwt_t jwt,
  ... 
)

Validates the jwt claims with the list of expected claims given in parameters The list must end with the claim type R_JWT_CLAIM_NOP Claim types available

  • R_JWT_CLAIM_ISS: claim "iss", values expected a string or NULL to validate the presence of the claim
  • R_JWT_CLAIM_SUB: claim "sub", values expected a string or NULL to validate the presence of the claim
  • R_JWT_CLAIM_AUD: claim "aud", values expected a string or an array of strings, or NULL to validate the presence of the claim
  • R_JWT_CLAIM_EXP: claim "exp", value expected R_JWT_CLAIM_NOW or an positive integer value or R_JWT_CLAIM_PRESENT to validate the presence of the claim
  • R_JWT_CLAIM_NBF: claim "nbf", value expected R_JWT_CLAIM_NOW or an positive integer value or R_JWT_CLAIM_PRESENT to validate the presence of the claim
  • R_JWT_CLAIM_IAT: claim "iat", value expected R_JWT_CLAIM_NOW or an positive integer value or R_JWT_CLAIM_PRESENT to validate the presence of the claim
  • R_JWT_CLAIM_JTI: claim "jti", values expected a string or NULL to validate the presence of the claim
  • R_JWT_CLAIM_STR: the claim name specified must have the string value expected or NULL to validate the presence of the claim
  • R_JWT_CLAIM_INT: the claim name specified must have the integer value expected
  • R_JWT_CLAIM_JSN: the claim name specified must have the json_t * value expected or NULL to validate the presence of the claim
  • R_JWT_CLAIM_TYP: header claim "typ", values expected a string or NULL to validate the presence of the claim
  • R_JWT_CLAIM_CTY: header claim "cty", values expected a string or NULL to validate the presence of the claim
  • R_JWT_CLAIM_AMR: claim "amr", values expected an array of strings, or NULL to validate the presence of the claim Example The following code will check the jwt agains the iss value "https://example.com", the sub value "client_1", the presence of the claim aud and that the claim exp is after now and the claim nbf is before now: if (r_jwt_validate_claims(jwt, R_JWT_CLAIM_ISS, "https://example.com", R_JWT_CLAIM_SUB, "client_1", R_JWT_CLAIM_AUD, NULL, R_JWT_CLAIM_EXP, R_JWT_CLAIM_NOW, R_JWT_CLAIM_NBF, R_JWT_CLAIM_NOW, R_JWT_CLAIM_STR, "scope", "scope1", R_JWT_CLAIM_INT, "age", 42, R_JWT_CLAIM_JSN, "verified", json_true(), R_JWT_CLAIM_NOP) == RHN_OK)

◆ r_jwt_verify_signature()

int r_jwt_verify_signature ( jwt_t jwt,
jwk_t pubkey,
int  x5u_flags 
)

Verifies the signature of the JWT The JWT must contain a signature

Parameters
jwtthe jwt_t to update
pubkeythe public key to check the signature, can be NULL if jws already contains a public key
x5u_flagsFlags to retrieve x5u certificates in pubkey pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error

◆ r_jwt_verify_signature_nested()

int r_jwt_verify_signature_nested ( jwt_t jwt,
jwk_t verify_key,
int  verify_key_x5u_flags 
)

Verifies the signature of a nested JWT

Parameters
jwtthe jwt_t to decrypt and verify signature
verify_keythe public key to check the signature, can be NULL if jws already contains a public key
verify_key_x5u_flagsFlags to retrieve x5u certificates in verify_key pointed by x5u if necessary, could be 0 if not needed Flags available are
  • R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid
  • R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary
  • R_FLAG_IGNORE_REMOTE: do not download remote key, but the function may return an error
Returns
RHN_OK on success, an error value on error