Added JWT/JWS/JWE tokens capability

author: UXabre <arend.lapere@gmail.com> 2019-01-17 08:53:01 -0500
committer: UXabre <you@example.com> 2019-02-15 03:45:57 -0500
commit: f2031eff057cb0a43cdebca9688cdb5706088421 (patch)
tree: 04938a501b39ffca9ce360a2e3684de22f4ed8d8 /websockify/token_plugins.py
parent: f0bdb0a621a4f3fb328d1410adfeaff76f088bfd (diff)
download: websockify-f2031eff057cb0a43cdebca9688cdb5706088421.tar.gz
1 files changed, 47 insertions, 0 deletions
diff --git a/websockify/token_plugins.py b/websockify/token_plugins.py
index e87dcd0..972907b 100644
--- a/websockify/token_plugins.py
+++ b/websockify/token_plugins.py
@@ -1,3 +1,4 @@
+from __future__ import print_function
 import os
 import sys
 
@@ -87,3 +88,49 @@ class JSONTokenApi(BaseTokenAPI):
     def process_result(self, resp):
         resp_json = resp.json()
         return (resp_json['host'], resp_json['port'])
+
+
+class JWTTokenApi(BasePlugin):
+    # source is a JWT-token, with hostname and port included
+    # Both JWS as JWE tokens are accepted. With regards to JWE tokens, the key is re-used for both validation and decryption.
+
+    def lookup(self, token):
+        try:
+            from jwcrypto import jwt
+            import json
+
+            key = jwt.JWK()
+            
+            try:
+                with open(self.source, 'rb') as key_file:
+                    key_data = key_file.read()
+            except Exception as e:
+                print("Error loading key file: %s" % str(e), file=sys.stderr)
+                return None
+
+            try:
+                key.import_from_pem(key_data)
+            except:
+                try:
+                    key.import_key(k=key_data.decode('utf-8'),kty='oct')
+                except:
+                    print('Failed to correctly parse key data!', file=sys.stderr)
+                    return None
+
+            try:
+                token = jwt.JWT(key=key, jwt=token)
+                parsed_header = json.loads(token.header)
+
+                if 'enc' in parsed_header:
+                    # Token is encrypted, so we need to decrypt by passing the claims to a new instance
+                    token = jwt.JWT(key=key, jwt=token.claims)
+
+                parsed = json.loads(token.claims)
+
+                return (parsed['host'], parsed['port'])
+            except Exception as e:
+                print("Failed to parse token: %s" % str(e), file=sys.stderr)
+                return None
+        except ImportError as e:
+            print("package jwcrypto not found, are you sure you've installed it correctly?", file=sys.stderr)
+            return None
author	UXabre <arend.lapere@gmail.com>	2019-01-17 08:53:01 -0500
committer	UXabre <you@example.com>	2019-02-15 03:45:57 -0500
commit	f2031eff057cb0a43cdebca9688cdb5706088421 (patch)
tree	04938a501b39ffca9ce360a2e3684de22f4ed8d8 /websockify/token_plugins.py
parent	f0bdb0a621a4f3fb328d1410adfeaff76f088bfd (diff)
download	websockify-f2031eff057cb0a43cdebca9688cdb5706088421.tar.gz