-
Notifications
You must be signed in to change notification settings - Fork 373
/
hmac_rbnacl.rb
53 lines (43 loc) · 1.39 KB
/
hmac_rbnacl.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# frozen_string_literal: true
module JWT
module Algos
module HmacRbNaCl
module_function
MAPPING = {
'HS256' => ::RbNaCl::HMAC::SHA256,
'HS512256' => ::RbNaCl::HMAC::SHA512256,
'HS384' => nil,
'HS512' => ::RbNaCl::HMAC::SHA512
}.freeze
SUPPORTED = MAPPING.keys
def sign(algorithm, msg, key)
if (hmac = resolve_algorithm(algorithm))
hmac.auth(key_for_rbnacl(hmac, key).encode('binary'), msg.encode('binary'))
else
Hmac.sign(algorithm, msg, key)
end
end
def verify(algorithm, key, signing_input, signature)
if (hmac = resolve_algorithm(algorithm))
hmac.verify(key_for_rbnacl(hmac, key).encode('binary'), signature.encode('binary'), signing_input.encode('binary'))
else
Hmac.verify(algorithm, key, signing_input, signature)
end
rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
false
end
def key_for_rbnacl(hmac, key)
key ||= ''
raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
return padded_empty_key(hmac.key_bytes) if key == ''
key
end
def resolve_algorithm(algorithm)
MAPPING.fetch(algorithm)
end
def padded_empty_key(length)
Array.new(length, 0x0).pack('C*').encode('binary')
end
end
end
end