KHealthCertificate

jwtparser.cpp
1 /*
2  * SPDX-FileCopyrightText: 2021 Volker Krause <[email protected]>
3  * SPDX-License-Identifier: LGPL-2.0-or-later
4  */
5 
6 #include "jwtparser_p.h"
7 #include "jwkloader_p.h"
8 #include "logging.h"
9 #include "verify_p.h"
10 #include "zlib_p.h"
11 
12 #include <QDebug>
13 #include <QJsonDocument>
14 #include <QJsonObject>
15 
16 JwtParser::JwtParser() = default;
17 JwtParser::~JwtParser() = default;
18 
19 void JwtParser::parse(const QByteArray &data)
20 {
21  const auto idx1 = data.indexOf('.');
22  if (idx1 < 0) {
23  return;
24  }
26 
27  const auto idx2 = data.indexOf('.', idx1 + 1);
28  auto rawPayload = QByteArray::fromBase64(data.mid(idx1 + 1, idx2 - idx1 - 1), QByteArray::Base64UrlEncoding);
29  if (header.value(QLatin1String("zip")).toString() == QLatin1String("DEF")) {
30  rawPayload = Zlib::decompressDeflate(rawPayload);
31  }
32  m_payload = QJsonDocument::fromJson(rawPayload).object();
33 
34  // signature verification
35  const auto signature = QByteArray::fromBase64(data.mid(idx2 + 1), QByteArray::Base64UrlEncoding);
36  const auto kid = header.value(QLatin1String("kid")).toString();
37  const auto evp = JwkLoader::loadPublicKey(QLatin1String(":/org.kde.khealthcertificate/shc/certs/") + kid + QLatin1String(".jwk"));
38  if (!evp) {
39  qCWarning(Log) << "no key found for kid:" << kid;
40  m_signatureState = KHealthCertificate::UnknownSignature;
41  return;
42  }
43  const auto alg = header.value(QLatin1String("alg")).toString();
44  bool valid = false;
45  if (alg == QLatin1String("ES256")) {
46  valid = Verify::verifyECDSA(evp, EVP_sha256(), data.constData(), idx2, signature.constData(), signature.size());
47  } else if (alg == QLatin1String("ES384")) {
48  valid = Verify::verifyECDSA(evp, EVP_sha384(), data.constData(), idx2, signature.constData(), signature.size());
49  } else if (alg == QLatin1String("ES512")) {
50  valid = Verify::verifyECDSA(evp, EVP_sha512(), data.constData(), idx2, signature.constData(), signature.size());
51  } else {
52  qCWarning(Log) << "signature algorithm not supported:" << alg;
53  }
54 
56 }
57 
58 QJsonObject JwtParser::payload() const
59 {
60  return m_payload;
61 }
62 
63 KHealthCertificate::SignatureValidation JwtParser::signatureState() const
64 {
65  return m_signatureState;
66 }
QJsonDocument fromJson(const QByteArray &json, QJsonParseError *error)
QJsonObject object() const const
SignatureValidation
Result of attempting to verify the cryptographic signature of a certificate.
int indexOf(char ch, int from) const const
const char * constData() const const
QByteArray mid(int pos, int len) const const
signature verification was attempted but didn&#39;t yield a result, e.g. due to a missing certificate of ...
QByteArray left(int len) const const
QByteArray fromBase64(const QByteArray &base64, QByteArray::Base64Options options)
This file is part of the KDE documentation.
Documentation copyright © 1996-2021 The KDE developers.
Generated on Mon Oct 18 2021 23:21:56 by doxygen 1.8.11 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.