Class: JWT::JWA::Ecdsa

Inherits:

Object

Object
JWT::JWA::Ecdsa

show all

Includes:: SigningAlgorithm

Defined in:: lib/jwt/jwa/ecdsa.rb

Overview

ECDSA signing algorithm

Constant Summary collapse

NAMED_CURVES =

{
  'prime256v1' => {
    algorithm: 'ES256',
    digest: 'sha256'
  },
  'secp256r1' => { # alias for prime256v1
    algorithm: 'ES256',
    digest: 'sha256'
  },
  'secp384r1' => {
    algorithm: 'ES384',
    digest: 'sha384'
  },
  'secp521r1' => {
    algorithm: 'ES512',
    digest: 'sha512'
  },
  'secp256k1' => {
    algorithm: 'ES256K',
    digest: 'sha256'
  }
}.freeze

Instance Attribute Summary

Attributes included from SigningAlgorithm

#alg

Class Method Summary collapse

Instance Method Summary collapse

#initialize(alg, digest) ⇒ Ecdsa constructor

A new instance of Ecdsa.
#sign(data:, signing_key:) ⇒ Object
#verify(data:, signature:, verification_key:) ⇒ Object

Methods included from SigningAlgorithm

#header, included, #raise_sign_error!, #raise_verify_error!, #valid_alg?

Constructor Details

#initialize(alg, digest) ⇒ `Ecdsa`

Returns a new instance of Ecdsa.

# File 'lib/jwt/jwa/ecdsa.rb', line 9

def initialize(alg, digest)
  @alg = alg
  @digest = OpenSSL::Digest.new(digest)
end

Class Method Details

.curve_by_name(name) ⇒ `Object`

# File 'lib/jwt/jwa/ecdsa.rb', line 63

def self.curve_by_name(name)
  NAMED_CURVES.fetch(name) do
    raise UnsupportedEcdsaCurve, "The ECDSA curve '#{name}' is not supported"
  end
end

.from_algorithm(algorithm) ⇒ `Object`



59
60
61

# File 'lib/jwt/jwa/ecdsa.rb', line 59

def self.from_algorithm(algorithm)
  new(algorithm, algorithm.downcase.gsub('es', 'sha'))
end

Instance Method Details

#sign(data:, signing_key:) ⇒ `Object`

Raises:

(IncorrectAlgorithm)

# File 'lib/jwt/jwa/ecdsa.rb', line 14

def sign(data:, signing_key:)
  curve_definition = curve_by_name(signing_key.group.curve_name)
  key_algorithm = curve_definition[:algorithm]
  raise IncorrectAlgorithm, "payload algorithm is #{alg} but #{key_algorithm} signing key was provided" if alg != key_algorithm

  asn1_to_raw(signing_key.dsa_sign_asn1(digest.digest(data)), signing_key)
end

#verify(data:, signature:, verification_key:) ⇒ `Object`

# File 'lib/jwt/jwa/ecdsa.rb', line 22

def verify(data:, signature:, verification_key:)
  curve_definition = curve_by_name(verification_key.group.curve_name)
  key_algorithm = curve_definition[:algorithm]
  raise IncorrectAlgorithm, "payload algorithm is #{alg} but #{key_algorithm} verification key was provided" if alg != key_algorithm

  verification_key.dsa_verify_asn1(digest.digest(data), raw_to_asn1(signature, verification_key))
rescue OpenSSL::PKey::PKeyError
  raise JWT::VerificationError, 'Signature verification raised'
end

Class: JWT::JWA::Ecdsa

Overview

Constant Summary collapse

Instance Attribute Summary

Attributes included from SigningAlgorithm

Class Method Summary collapse

Instance Method Summary collapse

Methods included from SigningAlgorithm

Constructor Details

#initialize(alg, digest) ⇒ Ecdsa

Class Method Details

.curve_by_name(name) ⇒ Object

.from_algorithm(algorithm) ⇒ Object

Instance Method Details

#sign(data:, signing_key:) ⇒ Object

#verify(data:, signature:, verification_key:) ⇒ Object

#initialize(alg, digest) ⇒ `Ecdsa`

.curve_by_name(name) ⇒ `Object`

.from_algorithm(algorithm) ⇒ `Object`

#sign(data:, signing_key:) ⇒ `Object`

#verify(data:, signature:, verification_key:) ⇒ `Object`