class JWT::JWK::HMAC
def []=(key, value)
def []=(key, value) if HMAC_KEY_ELEMENTS.include?(key.to_sym) raise ArgumentError, 'cannot overwrite cryptographic key attributes' end super(key, value) end
def check_jwk(keypair, params)
def check_jwk(keypair, params) raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (HMAC_KEY_ELEMENTS & params.keys).empty? raise JWT::JWKError, "Incorrect 'kty' value: #{keypair[:kty]}, expected #{KTY}" unless keypair[:kty] == KTY raise JWT::JWKError, 'Key format is invalid for HMAC' unless keypair[:k] end
def export(options = {})
def export(options = {}) exported = parameters.clone exported.reject! { |k, _| HMAC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true exported end
def extract_key_params(key)
def extract_key_params(key) case key when JWT::JWK::HMAC key.export(include_private: true) when String # Accept String key as input { kty: KTY, k: key } when Hash key.transform_keys(&:to_sym) else raise ArgumentError, 'key must be of type String or Hash with key parameters' end end
def import(jwk_data)
def import(jwk_data) new(jwk_data) end
def initialize(key, params = nil, options = {})
def initialize(key, params = nil, options = {}) params ||= {} # For backwards compatibility when kid was a String params = { kid: params } if params.is_a?(String) key_params = extract_key_params(key) params = params.transform_keys(&:to_sym) check_jwk(key_params, params) super(options, key_params.merge(params)) end
def key_digest
def key_digest sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::UTF8String.new(signing_key), OpenSSL::ASN1::UTF8String.new(KTY)]) OpenSSL::Digest::SHA256.hexdigest(sequence.to_der) end
def keypair
def keypair secret end
def members
def members HMAC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] } end
def private?
def private? true end
def public_key
def public_key nil end
def secret
def secret self[:k] end
def signing_key
def signing_key secret end
def verify_key
def verify_key secret end