forked from ebhomengo/niki
1
0
Fork 0
niki/vendor/github.com/golang-jwt/jwt/v5/hmac.go

170 lines
3.3 KiB
Go
Raw Normal View History

2024-02-18 10:42:21 +00:00
package jwt
import (
"crypto"
"crypto/hmac"
"errors"
)
// SigningMethodHMAC implements the HMAC-SHA family of signing methods.
2024-02-18 10:42:21 +00:00
// Expects key type of []byte for both signing and validation
2024-02-18 10:42:21 +00:00
type SigningMethodHMAC struct {
Name string
2024-02-18 10:42:21 +00:00
Hash crypto.Hash
}
// Specific instances for HS256 and company
2024-02-18 10:42:21 +00:00
var (
SigningMethodHS256 *SigningMethodHMAC
SigningMethodHS384 *SigningMethodHMAC
SigningMethodHS512 *SigningMethodHMAC
2024-02-18 10:42:21 +00:00
ErrSignatureInvalid = errors.New("signature is invalid")
)
func init() {
2024-02-18 10:42:21 +00:00
// HS256
2024-02-18 10:42:21 +00:00
SigningMethodHS256 = &SigningMethodHMAC{"HS256", crypto.SHA256}
2024-02-18 10:42:21 +00:00
RegisterSigningMethod(SigningMethodHS256.Alg(), func() SigningMethod {
2024-02-18 10:42:21 +00:00
return SigningMethodHS256
2024-02-18 10:42:21 +00:00
})
// HS384
2024-02-18 10:42:21 +00:00
SigningMethodHS384 = &SigningMethodHMAC{"HS384", crypto.SHA384}
2024-02-18 10:42:21 +00:00
RegisterSigningMethod(SigningMethodHS384.Alg(), func() SigningMethod {
2024-02-18 10:42:21 +00:00
return SigningMethodHS384
2024-02-18 10:42:21 +00:00
})
// HS512
2024-02-18 10:42:21 +00:00
SigningMethodHS512 = &SigningMethodHMAC{"HS512", crypto.SHA512}
2024-02-18 10:42:21 +00:00
RegisterSigningMethod(SigningMethodHS512.Alg(), func() SigningMethod {
2024-02-18 10:42:21 +00:00
return SigningMethodHS512
2024-02-18 10:42:21 +00:00
})
2024-02-18 10:42:21 +00:00
}
func (m *SigningMethodHMAC) Alg() string {
2024-02-18 10:42:21 +00:00
return m.Name
2024-02-18 10:42:21 +00:00
}
// Verify implements token verification for the SigningMethod. Returns nil if
2024-02-18 10:42:21 +00:00
// the signature is valid. Key must be []byte.
2024-02-18 10:42:21 +00:00
//
2024-02-18 10:42:21 +00:00
// Note it is not advised to provide a []byte which was converted from a 'human
2024-02-18 10:42:21 +00:00
// readable' string using a subset of ASCII characters. To maximize entropy, you
2024-02-18 10:42:21 +00:00
// should ideally be providing a []byte key which was produced from a
2024-02-18 10:42:21 +00:00
// cryptographically random source, e.g. crypto/rand. Additional information
2024-02-18 10:42:21 +00:00
// about this, and why we intentionally are not supporting string as a key can
2024-02-18 10:42:21 +00:00
// be found on our usage guide
2024-02-18 10:42:21 +00:00
// https://golang-jwt.github.io/jwt/usage/signing_methods/#signing-methods-and-key-types.
2024-02-18 10:42:21 +00:00
func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interface{}) error {
2024-02-18 10:42:21 +00:00
// Verify the key is the right type
2024-02-18 10:42:21 +00:00
keyBytes, ok := key.([]byte)
2024-02-18 10:42:21 +00:00
if !ok {
2024-02-18 10:42:21 +00:00
return ErrInvalidKeyType
2024-02-18 10:42:21 +00:00
}
// Can we use the specified hashing method?
2024-02-18 10:42:21 +00:00
if !m.Hash.Available() {
2024-02-18 10:42:21 +00:00
return ErrHashUnavailable
2024-02-18 10:42:21 +00:00
}
// This signing method is symmetric, so we validate the signature
2024-02-18 10:42:21 +00:00
// by reproducing the signature from the signing string and key, then
2024-02-18 10:42:21 +00:00
// comparing that against the provided signature.
2024-02-18 10:42:21 +00:00
hasher := hmac.New(m.Hash.New, keyBytes)
2024-02-18 10:42:21 +00:00
hasher.Write([]byte(signingString))
2024-02-18 10:42:21 +00:00
if !hmac.Equal(sig, hasher.Sum(nil)) {
2024-02-18 10:42:21 +00:00
return ErrSignatureInvalid
2024-02-18 10:42:21 +00:00
}
// No validation errors. Signature is good.
2024-02-18 10:42:21 +00:00
return nil
2024-02-18 10:42:21 +00:00
}
// Sign implements token signing for the SigningMethod. Key must be []byte.
2024-02-18 10:42:21 +00:00
//
2024-02-18 10:42:21 +00:00
// Note it is not advised to provide a []byte which was converted from a 'human
2024-02-18 10:42:21 +00:00
// readable' string using a subset of ASCII characters. To maximize entropy, you
2024-02-18 10:42:21 +00:00
// should ideally be providing a []byte key which was produced from a
2024-02-18 10:42:21 +00:00
// cryptographically random source, e.g. crypto/rand. Additional information
2024-02-18 10:42:21 +00:00
// about this, and why we intentionally are not supporting string as a key can
2024-02-18 10:42:21 +00:00
// be found on our usage guide https://golang-jwt.github.io/jwt/usage/signing_methods/.
2024-02-18 10:42:21 +00:00
func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte, error) {
2024-02-18 10:42:21 +00:00
if keyBytes, ok := key.([]byte); ok {
2024-02-18 10:42:21 +00:00
if !m.Hash.Available() {
2024-02-18 10:42:21 +00:00
return nil, ErrHashUnavailable
2024-02-18 10:42:21 +00:00
}
hasher := hmac.New(m.Hash.New, keyBytes)
2024-02-18 10:42:21 +00:00
hasher.Write([]byte(signingString))
return hasher.Sum(nil), nil
2024-02-18 10:42:21 +00:00
}
return nil, ErrInvalidKeyType
2024-02-18 10:42:21 +00:00
}