mirror of https://github.com/golang-jwt/jwt.git
Added support for HS384 and HS512 signing methods
Renamed type SigningMethodHS256 to SigningMethodHMAC Added contstants SigningMethodHS256, SigningMethodHS384, and SigningMethodHS512 to support each of these methods Added simple tests to support these new methods
This commit is contained in:
parent
fbcb3e4b63
commit
5aed334e04
|
@ -0,0 +1,65 @@
|
||||||
|
package jwt
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto"
|
||||||
|
"crypto/hmac"
|
||||||
|
"errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
type SigningMethodHMAC struct {
|
||||||
|
Name string
|
||||||
|
Hash crypto.Hash
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
SigningMethodHS256 *SigningMethodHMAC
|
||||||
|
SigningMethodHS384 *SigningMethodHMAC
|
||||||
|
SigningMethodHS512 *SigningMethodHMAC
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
// HS256
|
||||||
|
SigningMethodHS256 = &SigningMethodHMAC{"HS256", crypto.SHA256}
|
||||||
|
RegisterSigningMethod(SigningMethodHS256.Alg(), func() SigningMethod {
|
||||||
|
return SigningMethodHS256
|
||||||
|
})
|
||||||
|
|
||||||
|
// HS384
|
||||||
|
SigningMethodHS384 = &SigningMethodHMAC{"HS384", crypto.SHA384}
|
||||||
|
RegisterSigningMethod(SigningMethodHS384.Alg(), func() SigningMethod {
|
||||||
|
return SigningMethodHS384
|
||||||
|
})
|
||||||
|
|
||||||
|
// HS512
|
||||||
|
SigningMethodHS512 = &SigningMethodHMAC{"HS512", crypto.SHA512}
|
||||||
|
RegisterSigningMethod(SigningMethodHS512.Alg(), func() SigningMethod {
|
||||||
|
return SigningMethodHS512
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *SigningMethodHMAC) Alg() string {
|
||||||
|
return m.Name
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *SigningMethodHMAC) Verify(signingString, signature string, key []byte) error {
|
||||||
|
// Key
|
||||||
|
var sig []byte
|
||||||
|
var err error
|
||||||
|
if sig, err = DecodeSegment(signature); err == nil {
|
||||||
|
hasher := hmac.New(m.Hash.New, key)
|
||||||
|
hasher.Write([]byte(signingString))
|
||||||
|
|
||||||
|
if !bytes.Equal(sig, hasher.Sum(nil)) {
|
||||||
|
err = errors.New("Signature is invalid")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *SigningMethodHMAC) Sign(signingString string, key []byte) (string, error) {
|
||||||
|
hasher := hmac.New(m.Hash.New, key)
|
||||||
|
hasher.Write([]byte(signingString))
|
||||||
|
|
||||||
|
return EncodeSegment(hasher.Sum(nil)), nil
|
||||||
|
}
|
|
@ -1,44 +1,57 @@
|
||||||
package jwt
|
package jwt
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"io/ioutil"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
|
||||||
var sha256TestData = []struct {
|
var hmacTestData = []struct {
|
||||||
name string
|
name string
|
||||||
tokenString string
|
tokenString string
|
||||||
|
alg string
|
||||||
claims map[string]interface{}
|
claims map[string]interface{}
|
||||||
valid bool
|
valid bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
"web sample",
|
"web sample",
|
||||||
"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
|
"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
|
||||||
|
"HS256",
|
||||||
|
map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
|
||||||
|
true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"HS384",
|
||||||
|
"eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.KWZEuOD5lbBxZ34g7F-SlVLAQ_r5KApWNWlZIIMyQVz5Zs58a7XdNzj5_0EcNoOy",
|
||||||
|
"HS384",
|
||||||
|
map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
|
||||||
|
true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"HS512",
|
||||||
|
"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEuMzAwODE5MzhlKzA5LCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZSwiaXNzIjoiam9lIn0.CN7YijRX6Aw1n2jyI2Id1w90ja-DEMYiWixhYCyHnrZ1VfJRaFQz1bEbjjA5Fn4CLYaUG432dEYmSbS4Saokmw",
|
||||||
|
"HS512",
|
||||||
map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
|
map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
|
||||||
true,
|
true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"web sample: invalid",
|
"web sample: invalid",
|
||||||
"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXo",
|
"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXo",
|
||||||
|
"HS256",
|
||||||
map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
|
map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
|
||||||
false,
|
false,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Sample data from http://tools.ietf.org/html/draft-jones-json-web-signature-04#appendix-A.1
|
// Sample data from http://tools.ietf.org/html/draft-jones-json-web-signature-04#appendix-A.1
|
||||||
var sha256TestKey = []byte{
|
var hmacTestKey, _ = ioutil.ReadFile("test/hmacTestKey")
|
||||||
3, 35, 53, 75, 43, 15, 165, 188, 131, 126, 6, 101, 119, 123, 166,
|
|
||||||
143, 90, 179, 40, 230, 240, 84, 201, 40, 169, 15, 132, 178, 210, 80,
|
|
||||||
46, 191, 211, 251, 90, 146, 210, 6, 71, 239, 150, 138, 180, 195, 119,
|
|
||||||
98, 61, 34, 61, 46, 33, 114, 5, 46, 79, 8, 192, 205, 154, 245, 103,
|
|
||||||
208, 128, 163}
|
|
||||||
|
|
||||||
func TestHS256Verify(t *testing.T) {
|
func TestHMACVerify(t *testing.T) {
|
||||||
for _, data := range sha256TestData {
|
for _, data := range hmacTestData {
|
||||||
parts := strings.Split(data.tokenString, ".")
|
parts := strings.Split(data.tokenString, ".")
|
||||||
|
|
||||||
method := GetSigningMethod("HS256")
|
method := GetSigningMethod(data.alg)
|
||||||
err := method.Verify(strings.Join(parts[0:2], "."), parts[2], sha256TestKey)
|
err := method.Verify(strings.Join(parts[0:2], "."), parts[2], hmacTestKey)
|
||||||
if data.valid && err != nil {
|
if data.valid && err != nil {
|
||||||
t.Errorf("[%v] Error while verifying key: %v", data.name, err)
|
t.Errorf("[%v] Error while verifying key: %v", data.name, err)
|
||||||
}
|
}
|
||||||
|
@ -48,12 +61,12 @@ func TestHS256Verify(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestHS256Sign(t *testing.T) {
|
func TestHMACSign(t *testing.T) {
|
||||||
for _, data := range sha256TestData {
|
for _, data := range hmacTestData {
|
||||||
if data.valid {
|
if data.valid {
|
||||||
parts := strings.Split(data.tokenString, ".")
|
parts := strings.Split(data.tokenString, ".")
|
||||||
method := GetSigningMethod("HS256")
|
method := GetSigningMethod(data.alg)
|
||||||
sig, err := method.Sign(strings.Join(parts[0:2], "."), sha256TestKey)
|
sig, err := method.Sign(strings.Join(parts[0:2], "."), hmacTestKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("[%v] Error signing token: %v", data.name, err)
|
t.Errorf("[%v] Error signing token: %v", data.name, err)
|
||||||
}
|
}
|
41
sha256.go
41
sha256.go
|
@ -1,41 +0,0 @@
|
||||||
package jwt
|
|
||||||
|
|
||||||
import (
|
|
||||||
"bytes"
|
|
||||||
"crypto/hmac"
|
|
||||||
"crypto/sha256"
|
|
||||||
"errors"
|
|
||||||
)
|
|
||||||
|
|
||||||
type SigningMethodHS256 struct{}
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
RegisterSigningMethod("HS256", func() SigningMethod {
|
|
||||||
return new(SigningMethodHS256)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *SigningMethodHS256) Alg() string {
|
|
||||||
return "HS256"
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *SigningMethodHS256) Verify(signingString, signature string, key []byte) (err error) {
|
|
||||||
// Key
|
|
||||||
var sig []byte
|
|
||||||
if sig, err = DecodeSegment(signature); err == nil {
|
|
||||||
hasher := hmac.New(sha256.New, key)
|
|
||||||
hasher.Write([]byte(signingString))
|
|
||||||
|
|
||||||
if !bytes.Equal(sig, hasher.Sum(nil)) {
|
|
||||||
err = errors.New("Signature is invalid")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *SigningMethodHS256) Sign(signingString string, key []byte) (string, error) {
|
|
||||||
hasher := hmac.New(sha256.New, key)
|
|
||||||
hasher.Write([]byte(signingString))
|
|
||||||
|
|
||||||
return EncodeSegment(hasher.Sum(nil)), nil
|
|
||||||
}
|
|
|
@ -0,0 +1 @@
|
||||||
|
#5K+・シミew{ヲ住ウ(跼Tノ(ゥ┫メP.ソモ燾辻G<>感テwb="=.!r.Oタヘ奎gミ」
|
Loading…
Reference in New Issue