module JsonWebToken::Util

Utility methods

Public Instance Methods

constant_time_compare?(a, b) click to toggle source

@param a [String] @param b [String] @return [Boolean] a predicate that compares two strings for equality in constant-time

to avoid timing attacks

@example

Util.constant_time_compare?("a", "A")
# => false

@see tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-3.2 @see cf. rails activesupport/lib/active_support/security_utils.rb

# File lib/json_web_token/util.rb, line 16
def constant_time_compare?(a, b)
  return false if a.nil? || b.nil? || a.empty? || b.empty?
  secure_compare(a, b)
end
secure_compare(a, b) click to toggle source
# File lib/json_web_token/util.rb, line 32
def secure_compare(a, b)
  return false unless a.bytesize == b.bytesize
  l = a.unpack "C#{a.bytesize}"
  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end
symbolize_keys(hsh) click to toggle source

@param hsh [Hash] @return [Hash] a new hash with all keys converted to symbols,

as long as they respond to to_sym

@example

Util.symbolize_keys({'a' =>  0, 'b' => '2', c: '3'})
# => {a: 0, b: '2', c: '3'}

@see cf. rails activesupport/lib/active_support/core_ext/hash/keys.rb

# File lib/json_web_token/util.rb, line 28
def symbolize_keys(hsh)
  transform_keys(hsh) { |key| key.to_sym rescue key }
end
transform_keys(hsh) { |k| ... } click to toggle source
# File lib/json_web_token/util.rb, line 40
def transform_keys(hsh)
  result = Hash.new
  hsh.keys.each { |k| result[yield(k)] = hsh[k] }
  result
end