added hmac sha256 support

This commit is contained in:
Dave Grijalva 2012-07-06 15:02:02 -07:00
parent 0008f0b730
commit af74bdc9d2
2 changed files with 82 additions and 0 deletions

34
sha256.go Normal file
View File

@ -0,0 +1,34 @@
package jwt
import (
"crypto/sha256"
"crypto/hmac"
"bytes"
"errors"
)
type SigningMethodHS256 struct{}
func init() {
RegisterSigningMethod("HS256", func() SigningMethod {
return new(SigningMethodHS256)
})
}
func (m *SigningMethodHS256) Verify(signingString, signature string, key []byte) (err error) {
// Key
var sig []byte
if sig, err = DecodeSegment(signature); err == nil {
hasher := hmac.New(sha256.New, key)
hasher.Write([]byte(signingString))
if !bytes.Equal(sig, hasher.Sum(nil)) {
err = errors.New("Signature is invalid")
}
}
return
}
func (m *SigningMethodHS256) Sign(token *Token, key []byte) error {
return nil
}

48
sha256_test.go Normal file
View File

@ -0,0 +1,48 @@
package jwt
import (
"strings"
"testing"
)
var sha256TestData = []struct {
name string
tokenString string
claims map[string]interface{}
valid bool
}{
{
"web sample",
"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
true,
},
{
"web sample: invalid",
"eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXo",
map[string]interface{}{"iss": "joe", "exp": 1300819380, "http://example.com/is_root": true},
false,
},
}
// Sample data from http://tools.ietf.org/html/draft-jones-json-web-signature-04#appendix-A.1
var sha256TestKey = []byte{
3, 35, 53, 75, 43, 15, 165, 188, 131, 126, 6, 101, 119, 123, 166,
143, 90, 179, 40, 230, 240, 84, 201, 40, 169, 15, 132, 178, 210, 80,
46, 191, 211, 251, 90, 146, 210, 6, 71, 239, 150, 138, 180, 195, 119,
98, 61, 34, 61, 46, 33, 114, 5, 46, 79, 8, 192, 205, 154, 245, 103,
208, 128, 163 }
func TestHS256Verify(t *testing.T) {
for _, data := range sha256TestData {
parts := strings.Split(data.tokenString, ".")
method, _ := GetSigningMethod("HS256")
err := method.Verify(strings.Join(parts[0:2], "."), parts[2], sha256TestKey)
if data.valid && err != nil {
t.Errorf("[%v] Error while verifying key: %v", data.name, err)
}
if !data.valid && err == nil {
t.Errorf("[%v] Invalid key passed validation", data.name)
}
}
}