1package jwt 2 3// Implements the none signing method. This is required by the spec 4// but you probably should never use it. 5var SigningMethodNone *signingMethodNone 6 7const UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed" 8 9var NoneSignatureTypeDisallowedError error 10 11type signingMethodNone struct{} 12type unsafeNoneMagicConstant string 13 14func init() { 15 SigningMethodNone = &signingMethodNone{} 16 NoneSignatureTypeDisallowedError = NewValidationError("'none' signature type is not allowed", ValidationErrorSignatureInvalid) 17 18 RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod { 19 return SigningMethodNone 20 }) 21} 22 23func (m *signingMethodNone) Alg() string { 24 return "none" 25} 26 27// Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key 28func (m *signingMethodNone) Verify(signingString, signature string, key interface{}) (err error) { 29 // Key must be UnsafeAllowNoneSignatureType to prevent accidentally 30 // accepting 'none' signing method 31 if _, ok := key.(unsafeNoneMagicConstant); !ok { 32 return NoneSignatureTypeDisallowedError 33 } 34 // If signing method is none, signature must be an empty string 35 if signature != "" { 36 return NewValidationError( 37 "'none' signing method with non-empty signature", 38 ValidationErrorSignatureInvalid, 39 ) 40 } 41 42 // Accept 'none' signing method. 43 return nil 44} 45 46// Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key 47func (m *signingMethodNone) Sign(signingString string, key interface{}) (string, error) { 48 if _, ok := key.(unsafeNoneMagicConstant); ok { 49 return "", nil 50 } 51 return "", NoneSignatureTypeDisallowedError 52} 53