Add support for JWKs with HMAC key type.

lib/jwt/jwk.rb

@@ -1,13 +1,16 @@
 # frozen_string_literal: true
 
 require_relative 'jwk/rsa'
+require_relative 'jwk/hmac'
 require_relative 'jwk/key_finder'
 
 module JWT
   module JWK
     MAPPINGS = {
       'RSA' => ::JWT::JWK::RSA,
-      OpenSSL::PKey::RSA => ::JWT::JWK::RSA
+      OpenSSL::PKey::RSA => ::JWT::JWK::RSA,
+      'oct' => ::JWT::JWK::HMAC,
+      String => ::JWT::JWK::HMAC
     }.freeze
 
     class << self

lib/jwt/jwk/hmac.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class HMAC
+      attr_reader :key
+      attr_reader :kid
+
+      KTY = 'oct'.freeze
+
+      def initialize(key, kid = nil)
+        raise ArgumentError, 'key must be of type String' unless key.is_a?(String)
+
+        @key = key
+        @kid = kid || generate_kid(@key)
+      end
+
+      def private?
+        true
+      end
+
+      # See https://tools.ietf.org/html/rfc7517#appendix-A.3
+      def export
+        {
+          kty: KTY,
+          k: key,
+          kid: kid
+        }
+      end
+
+      private
+
+      def generate_kid(hmac_key)
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::UTF8String.new(hmac_key),
+                                            OpenSSL::ASN1::UTF8String.new(KTY)])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      class << self
+
+        def import(jwk_data)
+          jwk_k = jwk_data[:k] || jwk_data['k']
+          jwk_kid = jwk_data[:kid] || jwk_data['kid']
+
+          raise JWT::JWKError, 'Key format is invalid for HMAC' unless jwk_k
+
+          self.new(jwk_k, jwk_kid)
+        end
+      end
+    end
+  end
+end

spec/jwk/hmac_spec.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require_relative '../spec_helper'
+require 'jwt'
+
+describe JWT::JWK::HMAC do
+  let(:hmac_key) { 'secret-key' }
+
+  describe '.new' do
+    subject { described_class.new(key) }
+
+    context 'when a secret key given' do
+      let(:key) { hmac_key }
+      it 'creates an instance of the class' do
+        expect(subject).to be_a described_class
+        expect(subject.private?).to eq true
+      end
+    end
+  end
+
+  describe '#export' do
+    let(:kid) { nil }
+    subject { described_class.new(key, kid).export }
+
+    context 'when key is exported' do
+      let(:key) { hmac_key }
+      it 'returns a hash with the key' do
+        expect(subject).to be_a Hash
+        expect(subject).to include(:kty, :kid, :k)
+      end
+    end
+  end
+
+  describe '.import' do
+    subject { described_class.import(params) }
+    let(:exported_key) { described_class.new(key).export }
+
+    context 'when secret key is given' do
+      let(:key) { hmac_key }
+      let(:params) { exported_key }
+
+      it 'returns a key' do
+        expect(subject).to be_a described_class
+        expect(subject.export).to eq(exported_key)
+      end
+
+      context 'with a custom "kid" value' do
+        let(:exported_key) {
+          super().merge(kid: 'custom_key_identifier')
+        }
+        it 'imports that "kid" value' do
+          expect(subject.kid).to eq('custom_key_identifier')
+        end
+      end
+    end
+  end
+end

spec/jwk_spec.rb

@@ -43,11 +43,9 @@
       it { is_expected.to be_a ::JWT::JWK::RSA }
     end
 
-    context 'when unsupported key is given' do
-      let(:keypair) { 'key' }
-      it 'raises an error' do
-        expect { subject }.to raise_error(::JWT::JWKError, 'Cannot create JWK from a String')
-      end
+    context 'when secret key is given' do
+      let(:keypair) { 'secret-key' }
+      it { is_expected.to be_a ::JWT::JWK::HMAC }
     end
   end
 end