summaryrefslogtreecommitdiff
path: root/lib/atlassian/jira_connect/jwt/symmetric.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/atlassian/jira_connect/jwt/symmetric.rb')
-rw-r--r--lib/atlassian/jira_connect/jwt/symmetric.rb55
1 files changed, 55 insertions, 0 deletions
diff --git a/lib/atlassian/jira_connect/jwt/symmetric.rb b/lib/atlassian/jira_connect/jwt/symmetric.rb
new file mode 100644
index 00000000000..61e5bd923a4
--- /dev/null
+++ b/lib/atlassian/jira_connect/jwt/symmetric.rb
@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Atlassian
+ module JiraConnect
+ module Jwt
+ class Symmetric
+ include Gitlab::Utils::StrongMemoize
+
+ CONTEXT_QSH_STRING = 'context-qsh'
+
+ def initialize(jwt)
+ @jwt = jwt
+ end
+
+ def iss_claim
+ jwt_headers['iss']
+ end
+
+ def sub_claim
+ jwt_headers['sub']
+ end
+
+ def valid?(shared_secret)
+ Atlassian::Jwt.decode(@jwt, shared_secret).present?
+ rescue JWT::DecodeError
+ false
+ end
+
+ def verify_qsh_claim(url_with_query, method, url)
+ qsh_claim == Atlassian::Jwt.create_query_string_hash(url_with_query, method, url)
+ rescue StandardError
+ false
+ end
+
+ def verify_context_qsh_claim
+ qsh_claim == CONTEXT_QSH_STRING
+ end
+
+ private
+
+ def qsh_claim
+ jwt_headers['qsh']
+ end
+
+ def jwt_headers
+ strong_memoize(:jwt_headers) do
+ Atlassian::Jwt.decode(@jwt, nil, false).first
+ rescue JWT::DecodeError
+ {}
+ end
+ end
+ end
+ end
+ end
+end
View Lorry Controller Status