(ctx *cli.Context)
| 116 | } |
| 117 | |
| 118 | func verifyAction(ctx *cli.Context) error { |
| 119 | token, err := utils.ReadString(os.Stdin) |
| 120 | if err != nil { |
| 121 | return errors.Wrap(err, "error reading token") |
| 122 | } |
| 123 | |
| 124 | tok, err := jose.ParseSigned(token) |
| 125 | if err != nil { |
| 126 | return errors.Errorf("error parsing token: %s", jose.TrimPrefix(err)) |
| 127 | } |
| 128 | |
| 129 | // Validate key, jwks and kid |
| 130 | key := ctx.String("key") |
| 131 | jwks := ctx.String("jwks") |
| 132 | kid := ctx.String("kid") |
| 133 | alg := ctx.String("alg") |
| 134 | switch { |
| 135 | case key == "" && jwks == "": |
| 136 | return errs.RequiredOrFlag(ctx, "key", "jwks") |
| 137 | case key != "" && jwks != "": |
| 138 | return errs.MutuallyExclusiveFlags(ctx, "key", "jwks") |
| 139 | case jwks != "" && kid == "": |
| 140 | if tok.Headers[0].KeyID == "" { |
| 141 | return errs.RequiredWithFlag(ctx, "kid", "jwks") |
| 142 | } |
| 143 | kid = tok.Headers[0].KeyID |
| 144 | } |
| 145 | |
| 146 | // Validate subtle |
| 147 | isSubtle := ctx.Bool("subtle") |
| 148 | iss := ctx.String("iss") |
| 149 | aud := ctx.String("aud") |
| 150 | if !isSubtle { |
| 151 | switch { |
| 152 | case iss == "": |
| 153 | return errs.RequiredUnlessSubtleFlag(ctx, "iss") |
| 154 | case aud == "": |
| 155 | return errs.RequiredUnlessSubtleFlag(ctx, "aud") |
| 156 | } |
| 157 | } |
| 158 | |
| 159 | // Validate no-exp-check with insecure |
| 160 | if ctx.Bool("no-exp-check") && !ctx.Bool("insecure") { |
| 161 | return errs.RequiredInsecureFlag(ctx, "no-exp-check") |
| 162 | } |
| 163 | |
| 164 | // Add parse options |
| 165 | var options []jose.Option |
| 166 | options = append(options, jose.WithUse("sig")) |
| 167 | if alg != "" { |
| 168 | options = append(options, jose.WithAlg(alg)) |
| 169 | } |
| 170 | if kid != "" { |
| 171 | options = append(options, jose.WithKid(kid)) |
| 172 | } |
| 173 | if isSubtle { |
| 174 | options = append(options, jose.WithSubtle(true)) |
| 175 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…