module JsonWebToken::Jwa

Choose a cryptographic algorithm to be used for a JSON Web Signature (JWS) @see tools.ietf.org/html/rfc7518

Constants

ALGORITHMS
ALG_LENGTH

Public Instance Methods

destructured_alg(algorithm) click to toggle source
# File lib/json_web_token/jwa.rb, line 48
def destructured_alg(algorithm)
  match = algorithm.match(ALGORITHMS)
  return unless match && match[0].length == ALG_LENGTH
  alg_module = validated_constant(match[1].downcase)
  sha_bits = match[2]
  [alg_module, sha_bits]
end
sign(algorithm, key, signing_input) click to toggle source

@param algorithm [String] 'alg' header parameter value for JWS @param key [String | OpenSSL::PKey::RSA | OpenSSL::PKey::EC] secret key used to sign

a digital signature, or mac

@param signing_input [String] input payload for a mac computation @return [BinaryString] a digital signature, or mac @example

key = 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C'
Jwa.sign('HS256', key, 'signing_input').bytes
# => [90, 34, 44, 252, 147, 130, 167, 173, 86, 191, 247, 93, 94, 12, 200, 30, 173, 115, 248, 89, 246, 222, 4, 213, 119, 74, 70, 20, 231, 194, 104, 103]
# File lib/json_web_token/jwa.rb, line 24
def sign(algorithm, key, signing_input)
  alg_module, sha_bits = validated_alg(algorithm)
  alg_module.sign(sha_bits, key, signing_input)
end
validated_alg(algorithm) click to toggle source
# File lib/json_web_token/jwa.rb, line 43
def validated_alg(algorithm)
  alg = destructured_alg(algorithm)
  alg ? alg : fail('Unrecognized algorithm')
end
validated_constant(str) click to toggle source
# File lib/json_web_token/jwa.rb, line 56
def validated_constant(str)
  case str
  when 'hs' then Algorithm::Hmac
  when 'rs' then Algorithm::Rsa
  when 'es' then Algorithm::Ecdsa
  else fail('Unsupported algorithm')
  end
end
verify?(mac, algorithm, key, signing_input) click to toggle source

@param mac [BinaryString] a digital signature, or mac @param algorithm [String] 'alg' header parameter value for JWS @param key [String | OpenSSL::PKey::RSA | OpenSSL::PKey::EC] key used to verify

a digital signature, or mac

@param signing_input [String] input payload for a mac computation @example

key = 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C'
Jwa.verify?(< binary_string >, 'HS256', key, 'signing_input')
# => true
# File lib/json_web_token/jwa.rb, line 38
def verify?(mac, algorithm, key, signing_input)
  alg_module, sha_bits = validated_alg(algorithm)
  alg_module.verify?(mac, sha_bits, key, signing_input)
end