Class: JWT::JWA::Ps

Inherits:
Object
  • Object
show all
Includes:
SigningAlgorithm
Defined in:
lib/jwt/jwa/ps.rb

Overview

Implementation of the RSASSA-PSS family of algorithms

Instance Attribute Summary

Attributes included from SigningAlgorithm

#alg

Instance Method Summary collapse

Methods included from SigningAlgorithm

#header, #raise_sign_error!, #raise_verify_error!, #valid_alg?

Constructor Details

#initialize(alg) ⇒ Ps

Returns a new instance of Ps.



9
10
11
12
# File 'lib/jwt/jwa/ps.rb', line 9

def initialize(alg)
  @alg = alg
  @digest_algorithm = alg.sub('PS', 'sha')
end

Instance Method Details

#sign(data:, signing_key:) ⇒ Object



14
15
16
17
18
19
# File 'lib/jwt/jwa/ps.rb', line 14

def sign(data:, signing_key:)
  raise_sign_error!("The given key is a #{signing_key.class}. It has to be an OpenSSL::PKey::RSA instance.") unless signing_key.is_a?(::OpenSSL::PKey::RSA)
  raise_sign_error!('The key length must be greater than or equal to 2048 bits') if signing_key.n.num_bits < 2048

  signing_key.sign_pss(digest_algorithm, data, salt_length: :digest, mgf1_hash: digest_algorithm)
end

#verify(data:, signature:, verification_key:) ⇒ Object



21
22
23
24
25
# File 'lib/jwt/jwa/ps.rb', line 21

def verify(data:, signature:, verification_key:)
  verification_key.verify_pss(digest_algorithm, signature, data, salt_length: :auto, mgf1_hash: digest_algorithm)
rescue OpenSSL::PKey::PKeyError
  raise JWT::VerificationError, 'Signature verification raised'
end