blob: 4c5fd70ca24c21911ec1787ab0d422fd7e5030fc [file] [log] [blame]
// Copyright Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package model
import (
"fmt"
"strconv"
"strings"
)
import (
matcherpb "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
)
import (
"github.com/apache/dubbo-go-pixiu/pilot/pkg/security/authz/matcher"
authn "github.com/apache/dubbo-go-pixiu/pilot/pkg/security/model"
)
// convertToPort converts a port string to a uint32.
func convertToPort(v string) (uint32, error) {
p, err := strconv.ParseUint(v, 10, 32)
if err != nil || p > 65535 {
return 0, fmt.Errorf("invalid port %s: %v", v, err)
}
return uint32(p), nil
}
func extractNameInBrackets(s string) (string, error) {
if !strings.HasPrefix(s, "[") || !strings.HasSuffix(s, "]") {
return "", fmt.Errorf("expecting format [<NAME>], but found %s", s)
}
return strings.TrimPrefix(strings.TrimSuffix(s, "]"), "["), nil
}
func extractNameInNestedBrackets(s string) ([]string, error) {
var claims []string
findEndBracket := func(begin int) int {
if begin >= len(s) || s[begin] != '[' {
return -1
}
for i := begin + 1; i < len(s); i++ {
if s[i] == '[' {
return -1
}
if s[i] == ']' {
return i
}
}
return -1
}
for begin := 0; begin < len(s); {
end := findEndBracket(begin)
if end == -1 {
ret, err := extractNameInBrackets(s)
if err != nil {
return nil, err
}
return []string{ret}, nil
}
claims = append(claims, s[begin+1:end])
begin = end + 1
}
return claims, nil
}
// MetadataMatcherForJWTClaims is a convenient method for generating metadata matcher for JWT claims.
func MetadataMatcherForJWTClaims(claims []string, value *matcherpb.StringMatcher) *matcherpb.MetadataMatcher {
return matcher.MetadataListMatcher(authn.AuthnFilterName, append([]string{attrRequestClaims}, claims...), value)
}