lib/jwt/jwa/hmac.rb in jwt-2.8.2 vs lib/jwt/jwa/hmac.rb in jwt-2.9.0
- old
+ new
@@ -1,36 +1,40 @@
# frozen_string_literal: true
module JWT
module JWA
- module Hmac
- module_function
+ class Hmac
+ include JWT::JWA::SigningAlgorithm
- MAPPING = {
- 'HS256' => OpenSSL::Digest::SHA256,
- 'HS384' => OpenSSL::Digest::SHA384,
- 'HS512' => OpenSSL::Digest::SHA512
- }.freeze
+ def initialize(alg, digest)
+ @alg = alg
+ @digest = digest
+ end
- SUPPORTED = MAPPING.keys
+ def sign(data:, signing_key:)
+ signing_key ||= ''
+ raise_verify_error!('HMAC key expected to be a String') unless signing_key.is_a?(String)
- def sign(algorithm, msg, key)
- key ||= ''
-
- raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
-
- OpenSSL::HMAC.digest(MAPPING[algorithm].new, key, msg)
+ OpenSSL::HMAC.digest(digest.new, signing_key, data)
rescue OpenSSL::HMACError => e
- if key == '' && e.message == 'EVP_PKEY_new_mac_key: malloc failure'
- raise JWT::DecodeError, 'OpenSSL 3.0 does not support nil or empty hmac_secret'
+ if signing_key == '' && e.message == 'EVP_PKEY_new_mac_key: malloc failure'
+ raise_verify_error!('OpenSSL 3.0 does not support nil or empty hmac_secret')
end
raise e
end
- def verify(algorithm, key, signing_input, signature)
- SecurityUtils.secure_compare(signature, sign(algorithm, signing_input, key))
+ def verify(data:, signature:, verification_key:)
+ SecurityUtils.secure_compare(signature, sign(data: data, signing_key: verification_key))
end
+
+ register_algorithm(new('HS256', OpenSSL::Digest::SHA256))
+ register_algorithm(new('HS384', OpenSSL::Digest::SHA384))
+ register_algorithm(new('HS512', OpenSSL::Digest::SHA512))
+
+ private
+
+ attr_reader :digest
# Copy of https://github.com/rails/rails/blob/v7.0.3.1/activesupport/lib/active_support/security_utils.rb
# rubocop:disable Naming/MethodParameterName, Style/StringLiterals, Style/NumericPredicate
module SecurityUtils
# Constant time string comparison, for fixed length strings.