File: hmac_rbnacl_fixed.rb

package info (click to toggle)
ruby-jwt 2.7.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 736 kB
  • sloc: ruby: 4,326; makefile: 4
file content (52 lines) | stat: -rw-r--r-- 1,494 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# frozen_string_literal: true

module JWT
  module Algos
    module HmacRbNaClFixed
      module_function

      MAPPING = {
        'HS256' => ::RbNaCl::HMAC::SHA256,
        'HS512256' => ::RbNaCl::HMAC::SHA512256,
        'HS384' => nil,
        'HS512' => ::RbNaCl::HMAC::SHA512
      }.freeze

      SUPPORTED = MAPPING.keys

      def sign(algorithm, msg, key)
        key ||= ''

        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)

        if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
          hmac.auth(padded_key_bytes(key, hmac.key_bytes), msg.encode('binary'))
        else
          Hmac.sign(algorithm, msg, key)
        end
      end

      def verify(algorithm, key, signing_input, signature)
        key ||= ''

        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)

        if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
          hmac.verify(padded_key_bytes(key, hmac.key_bytes), signature.encode('binary'), signing_input.encode('binary'))
        else
          Hmac.verify(algorithm, key, signing_input, signature)
        end
      rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
        false
      end

      def resolve_algorithm(algorithm)
        MAPPING.fetch(algorithm)
      end

      def padded_key_bytes(key, bytesize)
        key.bytes.fill(0, key.bytesize...bytesize).pack('C*')
      end
    end
  end
end