go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/upstream/client_registration.go

go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/upstream/client_registration.go (about)

     1  // Copyright (c) Mondoo, Inc.
     2  // SPDX-License-Identifier: BUSL-1.1
     3  
     4  package upstream
     5  
     6  import (
     7  	"time"
     8  
     9  	unverified_jwt "github.com/golang-jwt/jwt"
    10  	"gopkg.in/square/go-jose.v2/jwt"
    11  )
    12  
    13  type CustomTokenClaims struct {
    14  	Space          string            `json:"space"`
    15  	Description    string            `json:"desc"`
    16  	ApiEndpoint    string            `json:"api_endpoint"`
    17  	Labels         map[string]string `json:"labels"`
    18  	Owner          string            `json:"owner"`
    19  	CertValidUntil time.Time         `json:"cert_valid_until"`
    20  }
    21  
    22  type VerifyClaim struct {
    23  	jwt.Claims
    24  	CustomTokenClaims
    25  }
    26  
    27  func (a *VerifyClaim) IsExpired() bool {
    28  	if a.Expiry != nil && time.Now().After(a.Expiry.Time()) {
    29  		return true
    30  	}
    31  	return false
    32  }
    33  
    34  type extractTokenClaims struct {
    35  	// TODO: workaround for https://github.com/dgrijalva/jwt-go/pull/308
    36  	Aud []string `json:"aud"`
    37  	unverified_jwt.StandardClaims
    38  	CustomTokenClaims
    39  }
    40  
    41  // ExtractTokenClaims is just reading the jwt token and extracts the claims
    42  // This is especially useful for the client that has no access to the certificate
    43  // to verify the token but still want to display information like expiry time and description
    44  func ExtractTokenClaims(token string) (*VerifyClaim, error) {
    45  	unverifiedClaims := &extractTokenClaims{}
    46  	p := unverified_jwt.Parser{}
    47  	_, _, err := p.ParseUnverified(token, unverifiedClaims)
    48  	if err != nil {
    49  		return nil, err
    50  	}
    51  
    52  	// convert to AmsVerifyClaim
    53  	var expiry *jwt.NumericDate
    54  	if unverifiedClaims.ExpiresAt > 0 {
    55  		nd := jwt.NumericDate(unverifiedClaims.ExpiresAt)
    56  		expiry = &nd
    57  	}
    58  
    59  	var notBefore *jwt.NumericDate
    60  	if unverifiedClaims.NotBefore > 0 {
    61  		nd := jwt.NumericDate(unverifiedClaims.NotBefore)
    62  		notBefore = &nd
    63  	}
    64  
    65  	var issuedAt *jwt.NumericDate
    66  	if unverifiedClaims.IssuedAt > 0 {
    67  		nd := jwt.NumericDate(unverifiedClaims.IssuedAt)
    68  		notBefore = &nd
    69  	}
    70  
    71  	out := VerifyClaim{
    72  		Claims: jwt.Claims{
    73  			ID:        unverifiedClaims.Id,
    74  			Issuer:    unverifiedClaims.Issuer,
    75  			Subject:   unverifiedClaims.Subject,
    76  			Audience:  jwt.Audience([]string{unverifiedClaims.Audience}),
    77  			Expiry:    expiry,
    78  			NotBefore: notBefore,
    79  			IssuedAt:  issuedAt,
    80  		},
    81  		CustomTokenClaims: unverifiedClaims.CustomTokenClaims,
    82  	}
    83  
    84  	return &out, nil
    85  }