doxygen/html/a04175_source.html

/* -*- mode: c++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-

 *

 * Copyright (C) 2025 Marco Craveiro <marco.craveiro@gmail.com>

 *

 * This program is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License as published by the Free Software

 * Foundation; either version 3 of the License, or (at your option) any later

 * version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS

 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more

 * details.

 *

 * You should have received a copy of the GNU General Public License along with

 * this program; if not, write to the Free Software Foundation, Inc., 51

 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

 *

 */

#ifndef ORES_SECURITY_JWT_JWT_AUTHENTICATOR_HPP

#define ORES_SECURITY_JWT_JWT_AUTHENTICATOR_HPP


#include <string>

#include <optional>

#include <expected>

#include "ores.security/jwt/jwt_claims.hpp"

#include "ores.security/jwt/jwt_error.hpp"

#include "ores.logging/make_logger.hpp"


namespace ores::security::jwt {


class jwt_authenticator final {

public:

    static jwt_authenticator create_hs256(const std::string& secret,

        const std::string& issuer = "",

        const std::string& audience = "");


    static jwt_authenticator create_rs256_signer(

        const std::string& private_key_pem,

        const std::string& issuer = "",

        const std::string& audience = "");


    static jwt_authenticator create_rs256_verifier(

        const std::string& public_key_pem,

        const std::string& issuer = "",

        const std::string& audience = "");


    std::expected<jwt_claims, jwt_error> validate(const std::string& token) const;


    std::expected<jwt_claims, jwt_error>

    validate_allow_expired(const std::string& token) const;


    std::optional<std::string> create_token(const jwt_claims& claims) const;


    bool is_configured() const { return configured_; }


    std::string get_public_key_pem() const;


private:

    enum class algorithm_type { hs256, rs256_signer, rs256_verifier };


    jwt_authenticator() = default;


    inline static std::string_view logger_name =

        "ores.security.jwt.jwt_authenticator";


    static auto& lg() {

        using namespace ores::logging;

        static auto instance = make_logger(logger_name);

        return instance;

    }


    bool configured_ = false;

    algorithm_type algorithm_ = algorithm_type::hs256;

    std::string secret_;         // HS256

    std::string private_key_;    // RS256 signer

    std::string public_key_;     // RS256 verifier

    std::string issuer_;

    std::string audience_;

};


}


#endif

ores::logging
Implements logging infrastructure for ORE Studio.
Definition boost_severity.hpp:28

ores::security::jwt::jwt_authenticator
JWT authentication primitive.
Definition jwt_authenticator.hpp:45

ores::security::jwt::jwt_authenticator::validate
std::expected< jwt_claims, jwt_error > validate(const std::string &token) const
Validates a JWT token and extracts claims.
Definition jwt_authenticator.cpp:90

ores::security::jwt::jwt_authenticator::create_rs256_verifier
static jwt_authenticator create_rs256_verifier(const std::string &public_key_pem, const std::string &issuer="", const std::string &audience="")
Creates an RS256 verifier using an RSA public key (PEM).
Definition jwt_authenticator.cpp:71

ores::security::jwt::jwt_authenticator::get_public_key_pem
std::string get_public_key_pem() const
Extracts the RSA public key PEM from the private key.
Definition jwt_authenticator.cpp:439

ores::security::jwt::jwt_authenticator::create_rs256_signer
static jwt_authenticator create_rs256_signer(const std::string &private_key_pem, const std::string &issuer="", const std::string &audience="")
Creates an RS256 signer using an RSA private key (PEM).
Definition jwt_authenticator.cpp:52

ores::security::jwt::jwt_authenticator::is_configured
bool is_configured() const
Checks if the authenticator is properly configured.
Definition jwt_authenticator.hpp:103

ores::security::jwt::jwt_authenticator::create_token
std::optional< std::string > create_token(const jwt_claims &claims) const
Creates a new JWT token with the given claims.
Definition jwt_authenticator.cpp:322

ores::security::jwt::jwt_authenticator::validate_allow_expired
std::expected< jwt_claims, jwt_error > validate_allow_expired(const std::string &token) const
Validates a JWT token and extracts claims, ignoring expiry.
Definition jwt_authenticator.cpp:225

ores::security::jwt::jwt_authenticator::create_hs256
static jwt_authenticator create_hs256(const std::string &secret, const std::string &issuer="", const std::string &audience="")
Creates an authenticator using a symmetric secret (HS256).
Definition jwt_authenticator.cpp:34

ores::security::jwt::jwt_claims
Represents the claims extracted from a JWT token.
Definition jwt_claims.hpp:33