BasicOIDC/src/data/code_challenge.rs
Pierre Hubert e35f890241
All checks were successful
continuous-integration/drone/push Build is passing
Update crate base64
2023-01-23 16:38:21 +01:00

72 lines
2.2 KiB
Rust

use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
use base64::Engine as _;
use crate::utils::crypt_utils::sha256;
/// Code challenge, as specified in <https://datatracker.ietf.org/doc/rfc7636/>
///
/// See some implementation help in <https://docs.hidglobal.com/activid-as-v8.5/api/openid/leverage-pkce-auth-code-grant-flow.htm>
#[derive(Debug, Clone, Eq, PartialEq)]
pub struct CodeChallenge {
pub code_challenge: String,
pub code_challenge_method: String,
}
impl CodeChallenge {
pub fn verify_code(&self, code_verifer: &str) -> bool {
match self.code_challenge_method.as_str() {
"plain" => code_verifer.eq(&self.code_challenge),
"S256" => {
let encoded = BASE64_URL_SAFE_NO_PAD.encode(sha256(code_verifer.as_bytes()));
encoded.eq(&self.code_challenge)
}
s => {
log::error!("Unknown code challenge method: {}", s);
false
}
}
}
}
#[cfg(test)]
mod test {
use crate::data::code_challenge::CodeChallenge;
#[test]
fn test_plain() {
let chal = CodeChallenge {
code_challenge_method: "plain".to_string(),
code_challenge: "text1".to_string(),
};
assert_eq!(true, chal.verify_code("text1"));
assert_eq!(false, chal.verify_code("text2"));
}
#[test]
fn test_s256() {
let chal = CodeChallenge {
code_challenge_method: "S256".to_string(),
code_challenge: "uSOvC48D8TMh6RgW-36XppMlMgys-6KAE_wEIev9W2g".to_string(),
};
assert_eq!(true, chal.verify_code("HIwht3lCHfnsruA+7Sq8NP2mPj5cBZe0Ewf23eK9UQhK4TdCIt3SK7Fr/giCdnfjxYQILOPG2D562emggAa2lA=="));
assert_eq!(false, chal.verify_code("text1"));
}
#[test]
fn test_s256_2() {
let chal = CodeChallenge {
code_challenge_method: "S256".to_string(),
code_challenge: "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM".to_string(),
};
assert_eq!(
true,
chal.verify_code("dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk")
);
assert_eq!(false, chal.verify_code("text1"));
}
}