Loading...
Searching...
No Matches
kcenon::pacs::web::auth Namespace Reference
Namespaces | |
| namespace | dicomweb_scopes |
| Standard OAuth 2.0 scopes for DICOMweb operations. | |
Classes | |
| struct | auth_result |
| Result of a successful OAuth 2.0 authentication. More... | |
| struct | jwk_key |
| Represents a single JSON Web Key converted to PEM format. More... | |
| class | jwks_provider |
| struct | jwt_claims |
| Decoded JWT claims (payload) More... | |
| struct | jwt_header |
| Decoded JWT header (JOSE header) More... | |
| struct | jwt_token |
| Decoded JWT token with raw segments for signature verification. More... | |
| class | jwt_validator |
| struct | oauth2_config |
| OAuth 2.0 configuration for DICOMweb authorization. More... | |
| class | oauth2_middleware |
Typedefs | |
| using | jwks_fetch_callback |
| Callback type for fetching JWKS JSON from a URL. | |
Enumerations | |
| enum class | jwt_error { none , malformed_token , invalid_base64 , invalid_json , unsupported_algorithm , invalid_signature , token_expired , token_not_yet_valid , invalid_issuer , invalid_audience , missing_required_claim , signature_not_available } |
| JWT validation error codes. More... | |
Functions | |
| std::string_view | jwt_error_message (jwt_error error) noexcept |
| Get human-readable description for a JWT error. | |
| std::optional< std::string > | base64url_decode (std::string_view input) |
| Decode a Base64url-encoded string (RFC 4648 Section 5) | |
Typedef Documentation
◆ jwks_fetch_callback
Initial value:
std::function<std::optional<std::string>(const std::string& url)>
Callback type for fetching JWKS JSON from a URL.
The callback receives a URL string and should return the JWKS JSON response body, or std::nullopt on failure.
Definition at line 48 of file jwks_provider.h.
Enumeration Type Documentation
◆ jwt_error
|
strong |
JWT validation error codes.
Definition at line 75 of file jwt_validator.h.
75 {
76 none,
77 malformed_token,
78 invalid_base64,
79 invalid_json,
82 token_expired,
84 invalid_issuer,
85 invalid_audience,
88};
@ invalid_signature
Signature verification failed.
@ invalid_audience
Audience doesn't match expected value.
@ invalid_issuer
Issuer doesn't match expected value.
@ malformed_token
Token doesn't have 3 dot-separated parts.
@ token_not_yet_valid
Token not yet valid (nbf claim)
@ signature_not_available
OpenSSL not available for verification.
@ unsupported_algorithm
Algorithm not in allowed list.
@ missing_required_claim
Required claim is missing.
Function Documentation
◆ base64url_decode()
|
nodiscard |
Decode a Base64url-encoded string (RFC 4648 Section 5)
- Parameters
-
input Base64url string (no padding required)
- Returns
- Decoded bytes, or empty optional on error
Definition at line 108 of file jwt_validator.cpp.
108 {
109 if (input.empty()) return std::string{};
110
111 // Calculate output size (3 bytes per 4 chars)
112 size_t padding = (4 - (input.size() % 4)) % 4;
113 size_t total_len = input.size() + padding;
114 size_t output_len = (total_len / 4) * 3;
115
116 std::string result;
117 result.reserve(output_len);
118
119 uint32_t buffer = 0;
120 int bits_collected = 0;
121
122 for (char c : input) {
123 if (c == '=') continue; // Skip padding if present
124
125 int val = kDecodeTable[static_cast<unsigned char>(c)];
126 if (val < 0) return std::nullopt; // Invalid character
127
128 buffer = (buffer << 6) | static_cast<uint32_t>(val);
129 bits_collected += 6;
130
131 if (bits_collected >= 8) {
132 bits_collected -= 8;
133 result += static_cast<char>((buffer >> bits_collected) & 0xFF);
134 }
135 }
136
137 return result;
138}
Referenced by kcenon::pacs::web::auth::jwt_validator::decode().
Here is the caller graph for this function:
◆ jwt_error_message()
|
nodiscardnoexcept |
Get human-readable description for a JWT error.
- Parameters
-
error The error code
- Returns
- Error description string
Definition at line 144 of file jwt_validator.cpp.
144 {
145 switch (error) {
146 case jwt_error::none:
147 return "no error";
148 case jwt_error::malformed_token:
149 return "malformed JWT token: expected 3 dot-separated segments";
150 case jwt_error::invalid_base64:
151 return "invalid Base64url encoding in JWT segment";
152 case jwt_error::invalid_json:
153 return "invalid JSON in JWT segment";
154 case jwt_error::unsupported_algorithm:
155 return "unsupported JWT signing algorithm";
156 case jwt_error::invalid_signature:
157 return "JWT signature verification failed";
158 case jwt_error::token_expired:
159 return "JWT token has expired";
160 case jwt_error::token_not_yet_valid:
161 return "JWT token is not yet valid";
162 case jwt_error::invalid_issuer:
163 return "JWT issuer does not match expected value";
164 case jwt_error::invalid_audience:
165 return "JWT audience does not match expected value";
166 case jwt_error::missing_required_claim:
167 return "required JWT claim is missing";
168 case jwt_error::signature_not_available:
169 return "signature verification not available (OpenSSL required)";
170 }
171 return "unknown JWT error";
172}
References invalid_audience, invalid_base64, invalid_issuer, invalid_json, invalid_signature, malformed_token, missing_required_claim, none, signature_not_available, token_expired, token_not_yet_valid, and unsupported_algorithm.
Referenced by kcenon::pacs::web::auth::oauth2_middleware::authenticate().
Here is the caller graph for this function:
