Module: JWT::JWA

Defined in:

lib/jwt/jwa.rb,
lib/jwt/jwa/ps.rb,
lib/jwt/jwa/rsa.rb,
lib/jwt/jwa/hmac.rb,
lib/jwt/jwa/none.rb,
lib/jwt/jwa/ecdsa.rb,
lib/jwt/jwa/unsupported.rb,
lib/jwt/jwa/signing_algorithm.rb

Overview

JSON Web Algorithms

Defined Under Namespace

Modules: SigningAlgorithm, Unsupported Classes: Ecdsa, Hmac, None, Ps, Rsa, SignerContext, VerifierContext

Class Method Summary

• .create_signer(algorithm:, key:) ⇒ Object private
• .create_verifiers(algorithms:, keys:, preferred_algorithm:) ⇒ Object private
• .find(algo) ⇒ Object
• .register_algorithm(algo) ⇒ Object
• .resolve(algorithm) ⇒ Object private
• .resolve_and_sort(algorithms:, preferred_algorithm:) ⇒ Object private
• .validate_jwk_algorithms!(jwks, algorithms, error_class) ⇒ Object private

Class Method Details

.create_signer(algorithm:, key:) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/jwt/jwa.rb', line 66

def create_signer(algorithm:, key:)
  if key.is_a?(JWK::KeyBase)
    validate_jwk_algorithms!(key, algorithm, DecodeError)

    return key
  end

  SignerContext.new(jwa: resolve(algorithm), key: key)
end

.create_verifiers(algorithms:, keys:, preferred_algorithm:) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/jwt/jwa.rb', line 77

def create_verifiers(algorithms:, keys:, preferred_algorithm:)
  jwks, other_keys = keys.partition { |key| key.is_a?(JWK::KeyBase) }

  validate_jwk_algorithms!(jwks, algorithms, VerificationError)

  jwks + resolve_and_sort(algorithms: algorithms,
                          preferred_algorithm: preferred_algorithm)
         .map { |jwa| VerifierContext.new(jwa: jwa, keys: other_keys) }
end

.find(algo) ⇒ Object

# File 'lib/jwt/jwa/signing_algorithm.rb', line 51

def find(algo)
  algorithms.fetch(algo.to_s.downcase, Unsupported)
end

.register_algorithm(algo) ⇒ Object

# File 'lib/jwt/jwa/signing_algorithm.rb', line 47

def register_algorithm(algo)
  algorithms[algo.alg.to_s.downcase] = algo
end

.resolve(algorithm) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raises:

• (ArgumentError)

# File 'lib/jwt/jwa.rb', line 48

def resolve(algorithm)
  return find(algorithm) if algorithm.is_a?(String) || algorithm.is_a?(Symbol)

  raise ArgumentError, 'Algorithm must be provided' if algorithm.nil?

  raise ArgumentError, 'Custom algorithms are required to include JWT::JWA::SigningAlgorithm' unless algorithm.is_a?(SigningAlgorithm)

  algorithm
end

.resolve_and_sort(algorithms:, preferred_algorithm:) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/jwt/jwa.rb', line 59

def resolve_and_sort(algorithms:, preferred_algorithm:)
  Array(algorithms).map { |alg| JWA.resolve(alg) }
                   .partition { |alg| alg.valid_alg?(preferred_algorithm) }
                   .flatten
end

.validate_jwk_algorithms!(jwks, algorithms, error_class) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raises:

• (error_class)

# File 'lib/jwt/jwa.rb', line 88

def validate_jwk_algorithms!(jwks, algorithms, error_class)
  algorithms = Array(algorithms)

  return if algorithms.empty?

  return if Array(jwks).all? do |jwk|
    algorithms.any? do |alg|
      jwk.jwa.valid_alg?(alg)
    end
  end

  raise error_class, "Provided JWKs do not support one of the specified algorithms: #{algorithms.join(', ')}"
end