vendor/github.com/dgrijalva/jwt-go/parser.go - cloudstack-kubernetes-provider - Git at Google

 package jwt

 import (
 	"bytes"
 	"encoding/json"
 	"fmt"
 	"strings"
 )

 type Parser struct {
 	ValidMethods         []string // If populated, only these methods will be considered valid
 	UseJSONNumber        bool     // Use JSON Number format in JSON decoder
 	SkipClaimsValidation bool     // Skip claims validation during token parsing
 }

 // Parse, validate, and return a token.
 // keyFunc will receive the parsed token and should return the key for validating.
 // If everything is kosher, err will be nil
 func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
 }

 func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
 	token, parts, err := p.ParseUnverified(tokenString, claims)
 	if err != nil {
 		return token, err
 	}

 	// Verify signing method is in the required set
 	if p.ValidMethods != nil {
 		var signingMethodValid = false
 		var alg = token.Method.Alg()
 		for _, m := range p.ValidMethods {
 			if m == alg {
 				signingMethodValid = true
 				break
 			}
 		}
 		if !signingMethodValid {
 			// signing method is not in the listed set
 			return token, NewValidationError(fmt.Sprintf("signing method %v is invalid", alg), ValidationErrorSignatureInvalid)
 		}
 	}

 	// Lookup key
 	var key interface{}
 	if keyFunc == nil {
 		// keyFunc was not provided.  short circuiting validation
 		return token, NewValidationError("no Keyfunc was provided.", ValidationErrorUnverifiable)
 	}
 	if key, err = keyFunc(token); err != nil {
 		// keyFunc returned an error
 		if ve, ok := err.(*ValidationError); ok {
 			return token, ve
 		}
 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
 	}

 	vErr := &ValidationError{}

 	// Validate Claims
 	if !p.SkipClaimsValidation {
 		if err := token.Claims.Valid(); err != nil {

 			// If the Claims Valid returned an error, check if it is a validation error,
 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
 			if e, ok := err.(*ValidationError); !ok {
 				vErr = &ValidationError{Inner: err, Errors: ValidationErrorClaimsInvalid}
 			} else {
 				vErr = e
 			}
 		}
 	}

 	// Perform validation
 	token.Signature = parts[2]
 	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
 		vErr.Inner = err
 		vErr.Errors |= ValidationErrorSignatureInvalid
 	}

 	if vErr.valid() {
 		token.Valid = true
 		return token, nil
 	}

 	return token, vErr
 }

 // WARNING: Don't use this method unless you know what you're doing
 //
 // This method parses the token but doesn't validate the signature. It's only
 // ever useful in cases where you know the signature is valid (because it has
 // been checked previously in the stack) and you want to extract values from
 // it.
 func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
 	parts = strings.Split(tokenString, ".")
 	if len(parts) != 3 {
 		return nil, parts, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
 	}

 	token = &Token{Raw: tokenString}

 	// parse Header
 	var headerBytes []byte
 	if headerBytes, err = DecodeSegment(parts[0]); err != nil {
 		if strings.HasPrefix(strings.ToLower(tokenString), "bearer ") {
 			return token, parts, NewValidationError("tokenstring should not contain 'bearer '", ValidationErrorMalformed)
 		}
 		return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
 	}
 	if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
 		return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
 	}

 	// parse Claims
 	var claimBytes []byte
 	token.Claims = claims

 	if claimBytes, err = DecodeSegment(parts[1]); err != nil {
 		return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
 	}
 	dec := json.NewDecoder(bytes.NewBuffer(claimBytes))
 	if p.UseJSONNumber {
 		dec.UseNumber()
 	}
 	// JSON Decode.  Special case for map type to avoid weird pointer behavior
 	if c, ok := token.Claims.(MapClaims); ok {
 		err = dec.Decode(&c)
 	} else {
 		err = dec.Decode(&claims)
 	}
 	// Handle decode error
 	if err != nil {
 		return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
 	}

 	// Lookup signature method
 	if method, ok := token.Header["alg"].(string); ok {
 		if token.Method = GetSigningMethod(method); token.Method == nil {
 			return token, parts, NewValidationError("signing method (alg) is unavailable.", ValidationErrorUnverifiable)
 		}
 	} else {
 		return token, parts, NewValidationError("signing method (alg) is unspecified.", ValidationErrorUnverifiable)
 	}

 	return token, parts, nil
 }
	package jwt

	import (
	"bytes"
	"encoding/json"
	"fmt"
	"strings"
	)

	type Parser struct {
	ValidMethods []string // If populated, only these methods will be considered valid
	UseJSONNumber bool // Use JSON Number format in JSON decoder
	SkipClaimsValidation bool // Skip claims validation during token parsing
	}

	// Parse, validate, and return a token.
	// keyFunc will receive the parsed token and should return the key for validating.
	// If everything is kosher, err will be nil
	func (p Parser) Parse(tokenString string, keyFunc Keyfunc) (Token, error) {
	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
	}

	func (p Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (Token, error) {
	token, parts, err := p.ParseUnverified(tokenString, claims)
	if err != nil {
	return token, err
	}

	// Verify signing method is in the required set
	if p.ValidMethods != nil {
	var signingMethodValid = false
	var alg = token.Method.Alg()
	for _, m := range p.ValidMethods {
	if m == alg {
	signingMethodValid = true
	break
	}
	}
	if !signingMethodValid {
	// signing method is not in the listed set
	return token, NewValidationError(fmt.Sprintf("signing method %v is invalid", alg), ValidationErrorSignatureInvalid)
	}
	}

	// Lookup key
	var key interface{}
	if keyFunc == nil {
	// keyFunc was not provided. short circuiting validation
	return token, NewValidationError("no Keyfunc was provided.", ValidationErrorUnverifiable)
	}
	if key, err = keyFunc(token); err != nil {
	// keyFunc returned an error
	if ve, ok := err.(*ValidationError); ok {
	return token, ve
	}
	return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
	}

	vErr := &ValidationError{}

	// Validate Claims
	if !p.SkipClaimsValidation {
	if err := token.Claims.Valid(); err != nil {

	// If the Claims Valid returned an error, check if it is a validation error,
	// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
	if e, ok := err.(*ValidationError); !ok {
	vErr = &ValidationError{Inner: err, Errors: ValidationErrorClaimsInvalid}
	} else {
	vErr = e
	}
	}
	}

	// Perform validation
	token.Signature = parts[2]
	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
	vErr.Inner = err
	vErr.Errors \|= ValidationErrorSignatureInvalid
	}

	if vErr.valid() {
	token.Valid = true
	return token, nil
	}

	return token, vErr
	}

	// WARNING: Don't use this method unless you know what you're doing
	//
	// This method parses the token but doesn't validate the signature. It's only
	// ever useful in cases where you know the signature is valid (because it has
	// been checked previously in the stack) and you want to extract values from
	// it.
	func (p Parser) ParseUnverified(tokenString string, claims Claims) (token Token, parts []string, err error) {
	parts = strings.Split(tokenString, ".")
	if len(parts) != 3 {
	return nil, parts, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
	}

	token = &Token{Raw: tokenString}

	// parse Header
	var headerBytes []byte
	if headerBytes, err = DecodeSegment(parts[0]); err != nil {
	if strings.HasPrefix(strings.ToLower(tokenString), "bearer ") {
	return token, parts, NewValidationError("tokenstring should not contain 'bearer '", ValidationErrorMalformed)
	}
	return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
	}
	if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
	return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
	}

	// parse Claims
	var claimBytes []byte
	token.Claims = claims

	if claimBytes, err = DecodeSegment(parts[1]); err != nil {
	return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
	}
	dec := json.NewDecoder(bytes.NewBuffer(claimBytes))
	if p.UseJSONNumber {
	dec.UseNumber()
	}
	// JSON Decode. Special case for map type to avoid weird pointer behavior
	if c, ok := token.Claims.(MapClaims); ok {
	err = dec.Decode(&c)
	} else {
	err = dec.Decode(&claims)
	}
	// Handle decode error
	if err != nil {
	return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
	}

	// Lookup signature method
	if method, ok := token.Header["alg"].(string); ok {
	if token.Method = GetSigningMethod(method); token.Method == nil {
	return token, parts, NewValidationError("signing method (alg) is unavailable.", ValidationErrorUnverifiable)
	}
	} else {
	return token, parts, NewValidationError("signing method (alg) is unspecified.", ValidationErrorUnverifiable)
	}

	return token, parts, nil
	}