MCPcopy
hub / github.com/smallstep/cli / verifyAction

Function verifyAction

command/crypto/jws/verify.go:90–180  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

88}
89
90func verifyAction(ctx *cli.Context) error {
91 token, err := utils.ReadString(os.Stdin)
92 if err != nil {
93 return errors.Wrap(err, "error reading token")
94 }
95
96 tok, err := jose.ParseJWS(token)
97 if err != nil {
98 return errors.Errorf("error parsing token: %s", jose.TrimPrefix(err))
99 }
100
101 // We don't support multiple signatures
102 if len(tok.Signatures) > 1 {
103 return errors.New("validation failed: multiple signatures are not supported")
104 }
105
106 // Validate key, jwks and kid
107 key := ctx.String("key")
108 jwks := ctx.String("jwks")
109 kid := ctx.String("kid")
110 alg := ctx.String("alg")
111 switch {
112 case key == "" && jwks == "":
113 return errs.RequiredOrFlag(ctx, "key", "jwks")
114 case key != "" && jwks != "":
115 return errs.MutuallyExclusiveFlags(ctx, "key", "jwks")
116 case jwks != "" && kid == "":
117 if tok.Signatures[0].Header.KeyID == "" {
118 return errs.RequiredWithFlag(ctx, "kid", "jwks")
119 }
120 kid = tok.Signatures[0].Header.KeyID
121 }
122
123 // Add parse options
124 var options []jose.Option
125 options = append(options, jose.WithUse("sig"))
126 if alg != "" {
127 options = append(options, jose.WithAlg(alg))
128 }
129 if kid != "" {
130 options = append(options, jose.WithKid(kid))
131 }
132 if !ctx.Bool("insecure") {
133 options = append(options, jose.WithNoDefaults(true))
134 }
135
136 // Read key from --key or --jwks
137 var jwk *jose.JSONWebKey
138 switch {
139 case key != "":
140 jwk, err = jose.ReadKey(key, options...)
141 case jwks != "":
142 jwk, err = jose.ReadKeySet(jwks, options...)
143 default:
144 return errs.RequiredOrFlag(ctx, "key", "jwks")
145 }
146 if err != nil {
147 return err

Callers

nothing calls this directly

Calls 5

ReadStringFunction · 0.92
VerifyMethod · 0.80
publicKeyFunction · 0.70
printTokenFunction · 0.70
StringMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…