Class: JWT::JWA::Hmac

Inherits:

Object

• Object
• JWT::JWA::Hmac

Includes:

SigningAlgorithm

Defined in:

lib/jwt/jwa/hmac.rb

Defined Under Namespace

Modules: SecurityUtils

Instance Attribute Summary

Attributes included from SigningAlgorithm

#alg

Class Method Summary

• .from_algorithm(algorithm) ⇒ Object

Instance Method Summary

• #initialize(alg, digest) ⇒ Hmac constructor

  A new instance of Hmac.

• #sign(data:, signing_key:) ⇒ Object
• #verify(data:, signature:, verification_key:) ⇒ Object

Methods included from SigningAlgorithm

#header, included, #raise_sign_error!, #raise_verify_error!, #valid_alg?

Constructor Details

#initialize(alg, digest) ⇒ Hmac

Returns a new instance of Hmac.

# File 'lib/jwt/jwa/hmac.rb', line 12

def initialize(alg, digest)
  @alg = alg
  @digest = digest
end

Class Method Details

.from_algorithm(algorithm) ⇒ Object

# File 'lib/jwt/jwa/hmac.rb', line 8

def self.from_algorithm(algorithm)
  new(algorithm, OpenSSL::Digest.new(algorithm.downcase.gsub('hs', 'sha')))
end

Instance Method Details

#sign(data:, signing_key:) ⇒ Object

# File 'lib/jwt/jwa/hmac.rb', line 17

def sign(data:, signing_key:)
  signing_key ||= ''
  raise_verify_error!('HMAC key expected to be a String') unless signing_key.is_a?(String)

  OpenSSL::HMAC.digest(digest.new, signing_key, data)
rescue OpenSSL::HMACError => e
  if signing_key == '' && e.message == 'EVP_PKEY_new_mac_key: malloc failure'
    raise_verify_error!('OpenSSL 3.0 does not support nil or empty hmac_secret')
  end

  raise e
end

#verify(data:, signature:, verification_key:) ⇒ Object

# File 'lib/jwt/jwa/hmac.rb', line 30

def verify(data:, signature:, verification_key:)
  SecurityUtils.secure_compare(signature, sign(data: data, signing_key: verification_key))
end