Module: JWT::Algos::HmacRbNaCl

Defined in:

lib/jwt/algos/hmac_rbnacl.rb

Constant Summary

MAPPING =

{
  'HS256' => ::RbNaCl::HMAC::SHA256,
  'HS512256' => ::RbNaCl::HMAC::SHA512256,
  'HS384' => nil,
  'HS512' => ::RbNaCl::HMAC::SHA512
}.freeze

SUPPORTED =

MAPPING.keys

Class Method Summary

• .key_for_rbnacl(hmac, key) ⇒ Object
• .padded_empty_key(length) ⇒ Object
• .resolve_algorithm(algorithm) ⇒ Object
• .sign(algorithm, msg, key) ⇒ Object
• .verify(algorithm, key, signing_input, signature) ⇒ Object

Class Method Details

.key_for_rbnacl(hmac, key) ⇒ Object

Raises:

• (JWT::DecodeError)

# File 'lib/jwt/algos/hmac_rbnacl.rb', line 35

def key_for_rbnacl(hmac, key)
  key ||= ''
  raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)

  return padded_empty_key(hmac.key_bytes) if key == ''

  key
end

.padded_empty_key(length) ⇒ Object

# File 'lib/jwt/algos/hmac_rbnacl.rb', line 48

def padded_empty_key(length)
  Array.new(length, 0x0).pack('C*').encode('binary')
end

.resolve_algorithm(algorithm) ⇒ Object

# File 'lib/jwt/algos/hmac_rbnacl.rb', line 44

def resolve_algorithm(algorithm)
  MAPPING.fetch(algorithm)
end

.sign(algorithm, msg, key) ⇒ Object

# File 'lib/jwt/algos/hmac_rbnacl.rb', line 17

def sign(algorithm, msg, key)
  if (hmac = resolve_algorithm(algorithm))
    hmac.auth(key_for_rbnacl(hmac, key).encode('binary'), msg.encode('binary'))
  else
    Hmac.sign(algorithm, msg, key)
  end
end

.verify(algorithm, key, signing_input, signature) ⇒ Object

# File 'lib/jwt/algos/hmac_rbnacl.rb', line 25

def verify(algorithm, key, signing_input, signature)
  if (hmac = resolve_algorithm(algorithm))
    hmac.verify(key_for_rbnacl(hmac, key).encode('binary'), signature.encode('binary'), signing_input.encode('binary'))
  else
    Hmac.verify(algorithm, key, signing_input, signature)
  end
rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
  false
end