module Sandal::Util
@private Implements some JWT utility functions. Shouldn’t be needed by most people but may be useful if you’re developing an extension to the library.
Public Class Methods
Base64 decodes a string, in compliance with the JWT specification.
@param s [String] The base64 string to decode. @return [String] The decoded string. @raise [ArgumentError] The base64 string is invalid or contains padding.
# File lib/sandal/util.rb, line 39 def self.jwt_base64_decode(s) if s.end_with?("=") raise ArgumentError, "Base64 strings must not contain padding." end padding_length = (4 - (s.length % 4)) % 4 padding = "=" * padding_length input = s + padding result = Base64.urlsafe_decode64(input) # this bit is primarily for jruby which does a "best effort" decode of # whatever data it can if the input is invalid rather than raising an # ArgumentError - as that could be a security issue we'll check that the # result contains all the data that was in the input string unless input.length == (((result.length - 1) / 3) * 4) + 4 raise ArgumentError, "Invalid base64." end result end
Base64 encodes a string, in compliance with the JWT specification.
@param s [String] The string to encode. @return [String] The encoded base64 string.
# File lib/sandal/util.rb, line 30 def self.jwt_base64_encode(s) Base64.urlsafe_encode64(s).gsub(/=+$/, "") end
A string equality function that compares Unicode codepoints, and also doesn’t short-circuit the equality check to help protect against timing attacks.
@param a [String] The first string. @param b [String] The second string. @return [Boolean] true if the strings are equal; otherwise false.
# File lib/sandal/util.rb, line 20 def self.jwt_strings_equal?(a, b) return true if a.object_id == b.object_id return false if a.nil? || b.nil? || a.length != b.length a.codepoints.zip(b.codepoints).reduce(0) { |r, (x, y)| r |= x ^ y } == 0 end