1package jwt
 2
 3// SigningMethodNone implements the none signing method.  This is required by the spec
 4// but you probably should never use it.
 5var SigningMethodNone *signingMethodNone
 6
 7const UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed"
 8
 9var NoneSignatureTypeDisallowedError error
10
11type signingMethodNone struct{}
12type unsafeNoneMagicConstant string
13
14func init() {
15	SigningMethodNone = &signingMethodNone{}
16	NoneSignatureTypeDisallowedError = newError("'none' signature type is not allowed", ErrTokenUnverifiable)
17
18	RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod {
19		return SigningMethodNone
20	})
21}
22
23func (m *signingMethodNone) Alg() string {
24	return "none"
25}
26
27// Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key
28func (m *signingMethodNone) Verify(signingString string, sig []byte, key interface{}) (err error) {
29	// Key must be UnsafeAllowNoneSignatureType to prevent accidentally
30	// accepting 'none' signing method
31	if _, ok := key.(unsafeNoneMagicConstant); !ok {
32		return NoneSignatureTypeDisallowedError
33	}
34	// If signing method is none, signature must be an empty string
35	if len(sig) != 0 {
36		return newError("'none' signing method with non-empty signature", ErrTokenUnverifiable)
37	}
38
39	// Accept 'none' signing method.
40	return nil
41}
42
43// Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key
44func (m *signingMethodNone) Sign(signingString string, key interface{}) ([]byte, error) {
45	if _, ok := key.(unsafeNoneMagicConstant); ok {
46		return []byte{}, nil
47	}
48
49	return nil, NoneSignatureTypeDisallowedError
50}