buzzert/Kordophone
Private
Public Access
1
0
Fork 0
Code Packages Activity
Files
c65803845b2ef3c6a8285ad8a7f2d44f58142265
Kordophone/kordophone/Bridge/MBIMAuthToken.m
James Magahern 4d51ba7dd2 Auth: adds JWT bearer auth via /authenticate. 
Works in addition to digest auth
2021-07-06 22:52:33 -07:00

150 lines
4.9 KiB
Objective-C
Raw Blame History

//
// MBIMAuthToken.m
// MBIMAuthToken
//
// Created by James Magahern on 7/6/21.
// Copyright © 2021 James Magahern. All rights reserved.
//
#import "MBIMAuthToken.h"
#import <CommonCrypto/CommonHMAC.h>
#define HOUR 3600
#define DAY (24*HOUR)
static const NSTimeInterval ExpirationTime = 15 * DAY;
static const char *SecretKey = "709E7CD8-4983-4D5F-B7BF-8B1C6341D2DB";
static NSString *const kUsernamePayloadKey = @"user";
static NSString *const kIssuerPayloadKey = @"iss";
static NSString *const kExpirationDatePayloadKey = @"exp";
static NSString *const kIssuerPayloadValue = @"kordophone";
@interface MBIMAuthToken ()
@property (nonatomic, copy) NSString *username;
@property (nonatomic, copy) NSString *jwtToken;
@property (nonatomic, copy) NSDate *expirationDate;
// JWT Payload data
@property (nonatomic, copy) NSString *headerString;
@property (nonatomic, copy) NSString *payloadString;
@property (nonatomic, copy) NSData *signatureData;
@end
@implementation MBIMAuthToken
- (instancetype)initWithUsername:(NSString *)username
{
self = [super init];
if (self) {
self.username = username;
self.expirationDate = [NSDate dateWithTimeIntervalSinceNow:ExpirationTime];
}
return self;
}
- (instancetype)initWithTokenString:(NSString *)tokenString
{
NSArray<NSString *> *components = [tokenString componentsSeparatedByString:@"."];
if (components.count != 3) {
return nil;
}
NSString *header = components[0];
NSString *payload = components[1];
NSString *signature = components[2];
NSData *payloadData = [[NSData alloc] initWithBase64EncodedString:payload options:0];
NSDictionary *decodedPayload = [NSJSONSerialization JSONObjectWithData:payloadData options:0 error:nil];
if (!decodedPayload) {
return nil;
}
if (![decodedPayload[kIssuerPayloadKey] isEqualToString:@"kordophone"]) {
return nil;
}
self = [super init];
if (self) {
_headerString = header;
_payloadString = payload;
_signatureData = [[NSData alloc] initWithBase64EncodedString:signature options:0];
_username = decodedPayload[kUsernamePayloadKey];
NSTimeInterval expirationDate = [decodedPayload[kExpirationDatePayloadKey] floatValue];
_expirationDate = [NSDate dateWithTimeIntervalSince1970:expirationDate];
}
return self;
}
- (NSUInteger)hash
{
return (_username.hash ^ _expirationDate.hash);
}
- (NSString *)jwtToken
{
if (!_jwtToken) {
NSDictionary *header = @{
@"alg" : @"HS256",
@"typ" : @"jwt"
};
NSData *headerData = [NSJSONSerialization dataWithJSONObject:header options:0 error:nil];
NSString *headerStr = [headerData base64EncodedStringWithOptions:0];
NSInteger expirationDate = [_expirationDate timeIntervalSince1970];
NSDictionary *payload = @{
kUsernamePayloadKey : _username,
kIssuerPayloadKey : kIssuerPayloadValue,
kExpirationDatePayloadKey : [NSString stringWithFormat:@"%ld", expirationDate]
};
NSData *payloadData = [NSJSONSerialization dataWithJSONObject:payload options:0 error:nil];
NSString *payloadStr = [payloadData base64EncodedStringWithOptions:0];
NSString *jwtDataStr = [NSString stringWithFormat:@"%@.%@", headerStr, payloadStr];
NSData *jwtData = [jwtDataStr dataUsingEncoding:NSASCIIStringEncoding];
unsigned char signature[CC_SHA256_DIGEST_LENGTH];
CCHmac(kCCHmacAlgSHA256, SecretKey, sizeof(SecretKey), jwtData.bytes, jwtData.length, signature);
NSData *signatureData = [NSData dataWithBytes:signature length:CC_SHA256_DIGEST_LENGTH];
NSString *signatureStr = [signatureData base64EncodedStringWithOptions:0];
_jwtToken = [NSString stringWithFormat:@"%@.%@", jwtDataStr, signatureStr];
}
return _jwtToken;
}
- (BOOL)isValid
{
// Verify expiration date
BOOL expirationDateValid = [_expirationDate timeIntervalSinceNow] > 0;
if (!expirationDateValid) {
MBIMLogInfo(@"Auth token expired.");
return NO;
}
// Verify signature
NSString *verificationDataStr = [NSString stringWithFormat:@"%@.%@", _headerString, _payloadString];
NSData *verificationData = [verificationDataStr dataUsingEncoding:NSASCIIStringEncoding];
unsigned char computedSignature[CC_SHA256_DIGEST_LENGTH];
CCHmac(kCCHmacAlgSHA256, SecretKey, sizeof(SecretKey), verificationData.bytes, verificationData.length, computedSignature);
NSData *computedSignatureData = [NSData dataWithBytes:computedSignature length:CC_SHA256_DIGEST_LENGTH];
if (![computedSignatureData isEqualToData:_signatureData]) {
MBIMLogInfo(@"Auth token signature verification failed.");
return NO;
}
return YES;
}
@end
View Git Blame Copy Permalink