pilot/pkg/security/authz/model/util.go - dubbo-go-pixiu - Git at Google

 // Copyright Istio Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package model

 import (
 	"fmt"
 	"strconv"
 	"strings"
 )

 import (
 	matcherpb "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
 )

 import (
 	"github.com/apache/dubbo-go-pixiu/pilot/pkg/security/authz/matcher"
 	authn "github.com/apache/dubbo-go-pixiu/pilot/pkg/security/model"
 )

 // convertToPort converts a port string to a uint32.
 func convertToPort(v string) (uint32, error) {
 	p, err := strconv.ParseUint(v, 10, 32)
 	if err != nil || p > 65535 {
 		return 0, fmt.Errorf("invalid port %s: %v", v, err)
 	}
 	return uint32(p), nil
 }

 func extractNameInBrackets(s string) (string, error) {
 	if !strings.HasPrefix(s, "[") || !strings.HasSuffix(s, "]") {
 		return "", fmt.Errorf("expecting format [<NAME>], but found %s", s)
 	}
 	return strings.TrimPrefix(strings.TrimSuffix(s, "]"), "["), nil
 }

 func extractNameInNestedBrackets(s string) ([]string, error) {
 	var claims []string
 	findEndBracket := func(begin int) int {
 		if begin >= len(s) || s[begin] != '[' {
 			return -1
 		}
 		for i := begin + 1; i < len(s); i++ {
 			if s[i] == '[' {
 				return -1
 			}
 			if s[i] == ']' {
 				return i
 			}
 		}
 		return -1
 	}
 	for begin := 0; begin < len(s); {
 		end := findEndBracket(begin)
 		if end == -1 {
 			ret, err := extractNameInBrackets(s)
 			if err != nil {
 				return nil, err
 			}
 			return []string{ret}, nil
 		}
 		claims = append(claims, s[begin+1:end])
 		begin = end + 1
 	}
 	return claims, nil
 }

 // MetadataMatcherForJWTClaims is a convenient method for generating metadata matcher for JWT claims.
 func MetadataMatcherForJWTClaims(claims []string, value *matcherpb.StringMatcher) *matcherpb.MetadataMatcher {
 	return matcher.MetadataListMatcher(authn.AuthnFilterName, append([]string{attrRequestClaims}, claims...), value)
 }
	// Copyright Istio Authors
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package model

	import (
	"fmt"
	"strconv"
	"strings"
	)

	import (
	matcherpb "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
	)

	import (
	"github.com/apache/dubbo-go-pixiu/pilot/pkg/security/authz/matcher"
	authn "github.com/apache/dubbo-go-pixiu/pilot/pkg/security/model"
	)

	// convertToPort converts a port string to a uint32.
	func convertToPort(v string) (uint32, error) {
	p, err := strconv.ParseUint(v, 10, 32)
	if err != nil \|\| p > 65535 {
	return 0, fmt.Errorf("invalid port %s: %v", v, err)
	}
	return uint32(p), nil
	}

	func extractNameInBrackets(s string) (string, error) {
	if !strings.HasPrefix(s, "[") \|\| !strings.HasSuffix(s, "]") {
	return "", fmt.Errorf("expecting format [<NAME>], but found %s", s)
	}
	return strings.TrimPrefix(strings.TrimSuffix(s, "]"), "["), nil
	}

	func extractNameInNestedBrackets(s string) ([]string, error) {
	var claims []string
	findEndBracket := func(begin int) int {
	if begin >= len(s) \|\| s[begin] != '[' {
	return -1
	}
	for i := begin + 1; i < len(s); i++ {
	if s[i] == '[' {
	return -1
	}
	if s[i] == ']' {
	return i
	}
	}
	return -1
	}
	for begin := 0; begin < len(s); {
	end := findEndBracket(begin)
	if end == -1 {
	ret, err := extractNameInBrackets(s)
	if err != nil {
	return nil, err
	}
	return []string{ret}, nil
	}
	claims = append(claims, s[begin+1:end])
	begin = end + 1
	}
	return claims, nil
	}

	// MetadataMatcherForJWTClaims is a convenient method for generating metadata matcher for JWT claims.
	func MetadataMatcherForJWTClaims(claims []string, value matcherpb.StringMatcher) matcherpb.MetadataMatcher {
	return matcher.MetadataListMatcher(authn.AuthnFilterName, append([]string{attrRequestClaims}, claims...), value)
	}