nats-by-example icon indicating copy to clipboard operation
nats-by-example copied to clipboard

Published 20 hours ago verified publisher icon ConnectEverything

Verify Chain of Trust

Open jordan-rash opened this issue 1 year ago • 0 comments

In an attempt to better understand the NATs ecosystem, I wanted to programmatically verify the Chain of Trust between the operator, account, and user JWTs. I am using the code below, I am happy to open a PR if this is a valuable example

func main() {
	resolverServer := "http://localhost:9090/jwt/v1"

	claims, _ := jwt.Decode(userJWT) // userJWT provided by user
	url := fmt.Sprintf("%s/accounts/%s", accountServer, claims.Claims().Issuer)
	resp, _ := http.Get(url)
	acctJWT, _ := ioutil.ReadAll(resp.Body)
	resp.Body.Close()

	url = fmt.Sprintf("%s/operator", accountServer)
	resp, _ = http.Get(url)
	opJWT, _ := ioutil.ReadAll(resp.Body)
	resp.Body.Close()

	opc, _ := jwt.DecodeOperatorClaims(string(opJWT))

	acct, _ := jwt.Decode(string(acctJWT))
	aopc, _ := jwt.DecodeAccountClaims(string(acctJWT))
    
        // Does account JWT issuer match operator public key and did the operator public key sign the account JWT
	if aopc.Issuer == opPub && opc.DidSign(acct) { // opPub -> operator public which is const at top of file
		fmt.Println(aopc.DidSign(claims))
	} else {
		log.Fatal("chain of trust not valid")
	}
        log.Print("chain of trust verified")
}

jordan-rash avatar Mar 23 '23 19:03 jordan-rash