Module: JWT::Algos::Ps

Defined in:

lib/jwt/algos/ps.rb

Constant Summary

SUPPORTED =

%w[PS256 PS384 PS512].freeze

Class Method Summary

• .require_openssl! ⇒ Object
• .sign(algorithm, msg, key) ⇒ Object
• .verify(algorithm, public_key, signing_input, signature) ⇒ Object

Class Method Details

.require_openssl! ⇒ Object

# File 'lib/jwt/algos/ps.rb', line 30

def require_openssl!
  if Object.const_defined?('OpenSSL')
    if ::Gem::Version.new(OpenSSL::VERSION) < ::Gem::Version.new('2.1')
      raise JWT::RequiredDependencyError, "You currently have OpenSSL #{OpenSSL::VERSION}. PS support requires >= 2.1"
    end
  else
    raise JWT::RequiredDependencyError, 'PS signing requires OpenSSL +2.1'
  end
end

.sign(algorithm, msg, key) ⇒ Object

Raises:

• (EncodeError)

# File 'lib/jwt/algos/ps.rb', line 12

def sign(algorithm, msg, key)
  require_openssl!

  raise EncodeError, "The given key is a #{key_class}. It has to be an OpenSSL::PKey::RSA instance." if key.is_a?(String)

  translated_algorithm = algorithm.sub('PS', 'sha')

  key.sign_pss(translated_algorithm, msg, salt_length: :digest, mgf1_hash: translated_algorithm)
end

.verify(algorithm, public_key, signing_input, signature) ⇒ Object

# File 'lib/jwt/algos/ps.rb', line 22

def verify(algorithm, public_key, signing_input, signature)
  require_openssl!
  translated_algorithm = algorithm.sub('PS', 'sha')
  public_key.verify_pss(translated_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: translated_algorithm)
rescue OpenSSL::PKey::PKeyError
  raise JWT::VerificationError, 'Signature verification raised'
end