1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# frozen_string_literal: true
module JWT
module JWA
# Implementation of the RSA family of algorithms
class Rsa
include JWT::JWA::SigningAlgorithm
def initialize(alg)
@alg = alg
@digest = alg.sub('RS', 'SHA')
end
def sign(data:, signing_key:)
raise_sign_error!("The given key is a #{signing_key.class}. It has to be an OpenSSL::PKey::RSA instance") unless signing_key.is_a?(OpenSSL::PKey::RSA)
raise_sign_error!('The key length must be greater than or equal to 2048 bits') if signing_key.n.num_bits < 2048
signing_key.sign(OpenSSL::Digest.new(digest), data)
end
def verify(data:, signature:, verification_key:)
verification_key.verify(OpenSSL::Digest.new(digest), signature, data)
rescue OpenSSL::PKey::PKeyError
raise JWT::VerificationError, 'Signature verification raised'
end
register_algorithm(new('RS256'))
register_algorithm(new('RS384'))
register_algorithm(new('RS512'))
private
attr_reader :digest
end
end
end
|
