mirror of https://github.com/golang-jwt/jwt.git
minor refactor of HMAC verify for legibility. no functional changes
This commit is contained in:
parent
127f538a32
commit
581ca99478
30
hmac.go
30
hmac.go
|
@ -44,26 +44,36 @@ func (m *SigningMethodHMAC) Alg() string {
|
||||||
return m.Name
|
return m.Name
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Verify the signature of HSXXX tokens. Returns nil if the signature is valid.
|
||||||
func (m *SigningMethodHMAC) Verify(signingString, signature string, key interface{}) error {
|
func (m *SigningMethodHMAC) Verify(signingString, signature string, key interface{}) error {
|
||||||
if keyBytes, ok := key.([]byte); ok {
|
// Verify the key is the right type
|
||||||
var sig []byte
|
keyBytes, ok := key.([]byte)
|
||||||
var err error
|
if !ok {
|
||||||
if sig, err = DecodeSegment(signature); err == nil {
|
return ErrInvalidKey
|
||||||
|
}
|
||||||
|
|
||||||
|
// Decode signature, for comparison
|
||||||
|
sig, err := DecodeSegment(signature)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Can we use the specified hashing method?
|
||||||
if !m.Hash.Available() {
|
if !m.Hash.Available() {
|
||||||
return ErrHashUnavailable
|
return ErrHashUnavailable
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This signing method is symmetric, so we validate the signature
|
||||||
|
// by reproducing the signature from the signing string and key, then
|
||||||
|
// comparing that against the provided signature.
|
||||||
hasher := hmac.New(m.Hash.New, keyBytes)
|
hasher := hmac.New(m.Hash.New, keyBytes)
|
||||||
hasher.Write([]byte(signingString))
|
hasher.Write([]byte(signingString))
|
||||||
|
|
||||||
if !hmac.Equal(sig, hasher.Sum(nil)) {
|
if !hmac.Equal(sig, hasher.Sum(nil)) {
|
||||||
err = ErrSignatureInvalid
|
return ErrSignatureInvalid
|
||||||
}
|
|
||||||
}
|
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return ErrInvalidKey
|
// No validation errors. Signature is good.
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Implements the Sign method from SigningMethod for this signing method.
|
// Implements the Sign method from SigningMethod for this signing method.
|
||||||
|
|
Loading…
Reference in New Issue