| package jwt |
| |
| func verifyPrincipals(pcpls, auds []string) bool { |
| // "Each principal intended to process the JWT MUST |
| // identify itself with a value in the audience claim." |
| // - https://tools.ietf.org/html/rfc7519#section-4.1.3 |
| |
| found := -1 |
| for i, p := range pcpls { |
| for _, v := range auds { |
| if p == v { |
| found++ |
| break |
| } |
| } |
| if found != i { |
| return false |
| } |
| } |
| return true |
| } |
| |
| // ValidAudience returns true iff: |
| // - a and b are strings and a == b |
| // - a is string, b is []string and a is in b |
| // - a is []string, b is []string and all of a is in b |
| // - a is []string, b is string and len(a) == 1 and a[0] == b |
| func ValidAudience(a, b interface{}) bool { |
| s1, ok := a.(string) |
| if ok { |
| if s2, ok := b.(string); ok { |
| return s1 == s2 |
| } |
| a2, ok := b.([]string) |
| return ok && verifyPrincipals([]string{s1}, a2) |
| } |
| |
| a1, ok := a.([]string) |
| if !ok { |
| return false |
| } |
| if a2, ok := b.([]string); ok { |
| return verifyPrincipals(a1, a2) |
| } |
| s2, ok := b.(string) |
| return ok && len(a1) == 1 && a1[0] == s2 |
| } |
