Skip to content

Commit

Permalink
Merge pull request zmartzone#467 from zhuizhuhaomeng/opt
Browse files Browse the repository at this point in the history
optimization: some small optimizations on base64 encoding&decoding.
  • Loading branch information
bodewig authored Apr 3, 2023
2 parents ae3bc54 + 40a3f8e commit 734a3f4
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 24 deletions.
2 changes: 2 additions & 0 deletions AUTHORS
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,5 @@ reporting bugs, providing fixes, suggesting useful features or other:
Eduardo Gonçalves <https://github.com/Dudssource>
Thorsten Fleischmann <https://github.com/thorstenfleischmann>
Tilmann Hars <https://github.com/usysrc>
Junlong Li <https://github.com/zhuizhuhaomeng>

36 changes: 12 additions & 24 deletions lib/resty/openidc.lua
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ local type = type
local ngx = ngx
local b64 = ngx.encode_base64
local unb64 = ngx.decode_base64
local b64url = require("ngx.base64").encode_base64url
local unb64url = require("ngx.base64").decode_base64url

local log = ngx.log
local DEBUG = ngx.DEBUG
Expand Down Expand Up @@ -278,23 +280,6 @@ local function openidc_get_redirect_uri(opts, session)
return scheme .. "://" .. host .. path
end

-- perform base64url decoding
local function openidc_base64_url_decode(input)
local reminder = #input % 4
if reminder > 0 then
local padlen = 4 - reminder
input = input .. string.rep('=', padlen)
end
input = input:gsub('%-', '+'):gsub('_', '/')
return unb64(input)
end

-- perform base64url encoding
local function openidc_base64_url_encode(input)
local output = b64(input, true)
return output:gsub('%+', '-'):gsub('/', '_')
end

local function openidc_combine_uri(uri, params)
if params == nil or next(params) == nil then
return uri
Expand All @@ -310,10 +295,12 @@ local function decorate_request(http_request_decorator, req)
return http_request_decorator and http_request_decorator(req) or req
end

local sha256 = (require 'resty.sha256'):new()
local function openidc_s256(verifier)
local sha256 = (require 'resty.sha256'):new()
sha256:update(verifier)
return openidc_base64_url_encode(sha256:final())
local s256 = b64url(sha256:final())
sha256:reset()
return s256
end

-- send the browser of to the OP's authorization endpoint
Expand All @@ -326,7 +313,7 @@ local function openidc_authorize(opts, session, target_url, prompt)
local state = resty_string.to_hex(resty_random.bytes(16))
local nonce = (opts.use_nonce == nil or opts.use_nonce)
and resty_string.to_hex(resty_random.bytes(16))
local code_verifier = opts.use_pkce and openidc_base64_url_encode(resty_random.bytes(32))
local code_verifier = opts.use_pkce and b64url(resty_random.bytes(32))

-- assemble the parameters to the authentication request
local params = {
Expand Down Expand Up @@ -537,8 +524,8 @@ local function openidc_access_token_expires_in(opts, expires_in)
end

local function openidc_load_jwt_none_alg(enc_hdr, enc_payload)
local header = cjson_s.decode(openidc_base64_url_decode(enc_hdr))
local payload = cjson_s.decode(openidc_base64_url_decode(enc_payload))
local header = cjson_s.decode(unb64url(enc_hdr))
local payload = cjson_s.decode(unb64url(enc_payload))
if header and payload and header.alg == "none" then
return {
raw_header = enc_hdr,
Expand Down Expand Up @@ -856,7 +843,7 @@ local function openidc_pem_from_rsa_n_and_e(n, e)
log(DEBUG, "getting PEM public key from n and e parameters of json public key")

local der_key = {
openidc_base64_url_decode(n), openidc_base64_url_decode(e)
unb64url(n), unb64url(e)
}
local encoded_key = encode_sequence_of_integer(der_key)
local pem = der2pem(encode_sequence({
Expand Down Expand Up @@ -949,8 +936,9 @@ local function is_algorithm_expected(jwt_header, expected_algs)
return true
end
if type(expected_algs) == 'string' then
expected_algs = { expected_algs }
return expected_algs == jwt_header.alg
end

for _, alg in ipairs(expected_algs) do
if alg == jwt_header.alg then
return true
Expand Down

0 comments on commit 734a3f4

Please sign in to comment.