# 
# JSON Web Token implementation
# 
# Minimum implementation based on this spec:
# http://self-issued.info/docs/draft-jones-json-web-token-01.html

require "base64"
require "openssl"
require "json"

module JWT
  class DecodeError < Exception; end
  
  def self.sign(algorithm, msg, key)
    raise NotImplementedError.new("Unsupported signing method") unless ["HS256", "HS384", "HS512"].include?(algorithm)
    OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
  end
  
  def self.base64url_decode(str)
    str += '=' * (4 - str.length.modulo(4))
    Base64.decode64(str.gsub("-", "+").gsub("_", "/"))
  end
  
  def self.base64url_encode(str)
    Base64.encode64(str).gsub("+", "-").gsub("/", "_").gsub("\n", "").gsub('=', '')
  end  
  
  def self.encode(payload, key, algorithm='HS256')
    segments = []
    header = {"typ" => "JWT", "alg" => algorithm}
    segments << base64url_encode(header.to_json)
    segments << base64url_encode(payload.to_json)
    signing_input = segments.join('.')
    signature = sign(algorithm, signing_input, key)
    segments << base64url_encode(signature)
    segments.join('.')
  end
  
  def self.decode(jwt, key=nil, verify=true)
    segments = jwt.split('.')
    raise JWT::DecodeError.new("Not enough or too many segments") unless segments.length == 3
    header_segment, payload_segment, crypto_segment = segments
    signing_input = [header_segment, payload_segment].join('.')
    begin
      header = JSON.parse(base64url_decode(header_segment))
      payload = JSON.parse(base64url_decode(payload_segment))
      signature = base64url_decode(crypto_segment)
    rescue JSON::ParserError
      raise JWT::DecodeError.new("Invalid segment encoding")
    end
    if verify
      begin
        if not signature == sign(header['alg'], signing_input, key)
          raise JWT::DecodeError.new("Signature verification failed")
        end
      rescue NotImplementedError
        raise JWT::DecodeError.new("Algorithm not supported")
      end
    end
    payload
  end

end