File Coverage

blib/lib/OIDC/Lite/Model/IDToken.pm

Criterion	Covered	Total	%
statement	82	82	100.0
branch	24	24	100.0
condition	9	9	100.0
subroutine	17	17	100.0
pod	6	6	100.0
total	138	138	100.0

line	stmt	bran	cond	sub	pod	time	code
1							package OIDC::Lite::Model::IDToken;
2	2			2		21609	use strict;
	2					4
	2					57
3	2			2		9	use warnings;
	2					2
	2					46
4	2			2		8	use base 'Class::Accessor::Fast';
	2					3
	2					845
5
6	2			2		5093	use MIME::Base64 qw/encode_base64url decode_base64url/;
	2					1489
	2					144
7	2			2		1644	use JSON::WebToken qw/encode_jwt decode_jwt/;
	2					43576
	2					130
8	2			2		1824	use Params::Validate;
	2					12512
	2					127
9	2			2		1914	use Digest::SHA qw/sha256 sha384 sha512/;
	2					8106
	2					190
10	2			2		1150	use OIDC::Lite::Util::JWT;
	2					5
	2					55
11
12	2			2		9	use constant HALF_BITS_DENOMINATOR => 2 * 8;
	2					2
	2					75
13	2			2		16	use constant ALG_LEN => 2;
	2					4
	2					72
14	2			2		7	use constant BITS_LEN => 3;
	2					4
	2					2024
15
16
17							=head1 NAME
18
19							OIDC::Lite::Model::IDToken - model class that represents ID token
20
21							=head1 ACCESSORS
22
23							=head2 header
24
25							JWT Header
26
27							=head2 payload
28
29							JWT Payload
30
31							=head2 key
32
33							Key for JWT Signature
34
35							=cut
36
37							__PACKAGE__->mk_accessors(qw(
38							header
39							payload
40							key
41							token_string
42							));
43
44							=head1 METHODS
45
46							=head2 new( \%header, \%payload, $key )
47
48							Constructor
49
50							my $id_token = OIDC::Lite::Model::IDToken->new();
51							...
52							my $id_token = OIDC::Lite::Model::IDToken->new(
53							header => \%header,
54							payload => \%payload,
55							key => $key,
56							);
57
58							=cut
59
60							sub new {
61	19			19	1	9501	my $class = shift;
62	19	100				88	my @args = @_ == 1 ? %{$_[0]} : @_;
	1					4
63	19					679	my %params = Params::Validate::validate_with(
64							params => \@args,
65							spec => {
66							header => { optional => 1 },
67							payload => { optional => 1 },
68							key => { optional => 1 },
69							},
70							allow_extra => 0,
71							);
72
73	19					176	my $self = bless \%params, $class;
74	19	100				79	unless($self->header){
75	2					27	my %header=();
76	2					8	$self->header(\%header);
77							}
78	19	100				154	unless($self->payload){
79	2					34	my %payload=();
80	2					8	$self->payload(\%payload);
81							}
82
83	19					135	return $self;
84							}
85
86							=head2 get_token_string()
87
88							generate signarure and return ID Token string.
89
90							my $id_token_string = $id_token->get_token_string();
91
92							=cut
93
94							sub get_token_string {
95	6			6	1	2050	my ($self) = @_;
96
97	6	100				17	$self->header->{typ} = q{JWT}
98							unless($self->header->{typ});
99	6	100				44	$self->header->{alg} = q{none}
100							unless($self->header->{alg});
101
102							# generate token string
103	6					37	my $jwt = encode_jwt($self->payload, $self->key, $self->header->{alg}, $self->header);
104	6					16534	$self->token_string($jwt);
105	6					48	return $jwt;
106							}
107
108							=head2 access_token_hash()
109
110							generate signarure and return ID Token string.
111
112							$id_token->code_hash($access_token);
113
114							=cut
115
116							sub access_token_hash {
117	3			3	1	47	my ($self, $access_token_string) = @_;
118
119	3	100	100			8	if($self->header->{alg} && $self->header->{alg} ne 'none')
120							{
121	1					14	my $bit = substr($self->header->{alg}, ALG_LEN, BITS_LEN);
122	1					8	my $len = $bit/HALF_BITS_DENOMINATOR;
123	1					10	my $sha = Digest::SHA->new($bit);
124	1					32	$sha->add($access_token_string);
125	1					17	$self->payload->{at_hash} = encode_base64url(substr($sha->digest, 0, $len));
126							}
127							}
128
129							=head2 code_hash()
130
131							Set Authorization Code Hash to ID Token.
132
133							$id_token->code_hash($authorization_code);
134
135							=cut
136
137							sub code_hash {
138	3			3	1	80	my ($self, $authorization_code) = @_;
139
140	3	100	100			7	if($self->header->{alg} && $self->header->{alg} ne 'none')
141							{
142	1					13	my $bit = substr($self->header->{alg}, ALG_LEN, BITS_LEN);
143	1					6	my $len = $bit/HALF_BITS_DENOMINATOR;
144	1					5	my $sha = Digest::SHA->new($bit);
145	1					12	$sha->add($authorization_code);
146	1					7	$self->payload->{c_hash} = encode_base64url(substr($sha->digest, 0, $len));
147							}
148							}
149
150							=head2 load($token_string)
151
152							load ID Token object from token string
153
154							my $token_string = 'eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyJmb28iOiJiYXIifQ.';
155							my $id_token = OIDC::Lite::Model::IDToken->load($token_string);
156
157							=cut
158
159							sub load {
160	12			12	1	3663	my ($self, $token_string) = @_;
161	12	100				43	return unless($token_string);
162
163	11					43	my $header = OIDC::Lite::Util::JWT::header($token_string);
164	11					39	my $payload = OIDC::Lite::Util::JWT::payload($token_string);
165	11	100	100			69	return unless ( $header and $payload );
166
167	8					31	my $id_token = OIDC::Lite::Model::IDToken->new(
168							header => $header,
169							payload => $payload,
170							);
171	8					30	$id_token->token_string($token_string);
172	8					86	return $id_token;
173							}
174
175							=head2 verify()
176
177							verify token signature.
178
179							my $token_string = '...';
180							my $id_token = OIDC::Lite::Model::IDToken->load($token_string);
181
182							my $key = 'shared_secret_key';
183							$id_token->key($key);
184							unless($id_token->verify()){
185							# validation failed
186							}
187
188							=cut
189
190							sub verify {
191	8			8	1	81	my ($self) = @_;
192	8	100				25	return 0
193							unless($self->token_string);
194
195	7	100				53	$self->key('')
196							unless($self->key);
197
198	7					60	my $payload = undef;
199	7					11	eval{
200	7					21	$payload = decode_jwt($self->token_string, $self->key);
201							};
202	7	100				2216	if($@){
203	4					60	return 0;
204							}
205	3					22	return (defined($payload));
206							}
207
208							=head1 AUTHOR
209
210							Ryo Ito, Eritou.06@gmail.comE
211
212							=head1 COPYRIGHT AND LICENSE
213
214							Copyright (C) 2012 by Ryo Ito
215
216							This library is free software; you can redistribute it and/or modify
217							it under the same terms as Perl itself, either Perl version 5.8.8 or,
218							at your option, any later version of Perl 5 you may have available.
219
220							=cut
221
222							1;