Class: JWT::JWA::Hmac

Inherits:
Object
  • Object
show all
Includes:
SigningAlgorithm
Defined in:
lib/jwt/jwa/hmac.rb

Defined Under Namespace

Modules: SecurityUtils

Instance Attribute Summary

Attributes included from SigningAlgorithm

#alg

Class Method Summary collapse

Instance Method Summary collapse

Methods included from SigningAlgorithm

#header, included, #raise_sign_error!, #raise_verify_error!, #valid_alg?

Constructor Details

#initialize(alg, digest) ⇒ Hmac

Returns a new instance of Hmac.



12
13
14
15
# File 'lib/jwt/jwa/hmac.rb', line 12

def initialize(alg, digest)
  @alg = alg
  @digest = digest
end

Class Method Details

.from_algorithm(algorithm) ⇒ Object



8
9
10
# File 'lib/jwt/jwa/hmac.rb', line 8

def self.from_algorithm(algorithm)
  new(algorithm, OpenSSL::Digest.new(algorithm.downcase.gsub('hs', 'sha')))
end

Instance Method Details

#sign(data:, signing_key:) ⇒ Object



17
18
19
20
21
22
23
24
25
26
27
28
# File 'lib/jwt/jwa/hmac.rb', line 17

def sign(data:, signing_key:)
  signing_key ||= ''
  raise_verify_error!('HMAC key expected to be a String') unless signing_key.is_a?(String)

  OpenSSL::HMAC.digest(digest.new, signing_key, data)
rescue OpenSSL::HMACError => e
  if signing_key == '' && e.message == 'EVP_PKEY_new_mac_key: malloc failure'
    raise_verify_error!('OpenSSL 3.0 does not support nil or empty hmac_secret')
  end

  raise e
end

#verify(data:, signature:, verification_key:) ⇒ Object



30
31
32
# File 'lib/jwt/jwa/hmac.rb', line 30

def verify(data:, signature:, verification_key:)
  SecurityUtils.secure_compare(signature, sign(data: data, signing_key: verification_key))
end