MCPcopy
hub / github.com/smallstep/cli / verifyAction

Function verifyAction

command/crypto/jwt/verify.go:118–250  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

116}
117
118func verifyAction(ctx *cli.Context) error {
119 token, err := utils.ReadString(os.Stdin)
120 if err != nil {
121 return errors.Wrap(err, "error reading token")
122 }
123
124 tok, err := jose.ParseSigned(token)
125 if err != nil {
126 return errors.Errorf("error parsing token: %s", jose.TrimPrefix(err))
127 }
128
129 // Validate key, jwks and kid
130 key := ctx.String("key")
131 jwks := ctx.String("jwks")
132 kid := ctx.String("kid")
133 alg := ctx.String("alg")
134 switch {
135 case key == "" && jwks == "":
136 return errs.RequiredOrFlag(ctx, "key", "jwks")
137 case key != "" && jwks != "":
138 return errs.MutuallyExclusiveFlags(ctx, "key", "jwks")
139 case jwks != "" && kid == "":
140 if tok.Headers[0].KeyID == "" {
141 return errs.RequiredWithFlag(ctx, "kid", "jwks")
142 }
143 kid = tok.Headers[0].KeyID
144 }
145
146 // Validate subtle
147 isSubtle := ctx.Bool("subtle")
148 iss := ctx.String("iss")
149 aud := ctx.String("aud")
150 if !isSubtle {
151 switch {
152 case iss == "":
153 return errs.RequiredUnlessSubtleFlag(ctx, "iss")
154 case aud == "":
155 return errs.RequiredUnlessSubtleFlag(ctx, "aud")
156 }
157 }
158
159 // Validate no-exp-check with insecure
160 if ctx.Bool("no-exp-check") && !ctx.Bool("insecure") {
161 return errs.RequiredInsecureFlag(ctx, "no-exp-check")
162 }
163
164 // Add parse options
165 var options []jose.Option
166 options = append(options, jose.WithUse("sig"))
167 if alg != "" {
168 options = append(options, jose.WithAlg(alg))
169 }
170 if kid != "" {
171 options = append(options, jose.WithKid(kid))
172 }
173 if isSubtle {
174 options = append(options, jose.WithSubtle(true))
175 }

Callers

nothing calls this directly

Calls 5

ReadStringFunction · 0.92
validateClaimsWithLeewayFunction · 0.85
publicKeyFunction · 0.70
printTokenFunction · 0.70
StringMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…