view release on metacpan or  search on metacpan

lib/Acme/JWT.pm  view on Meta::CPAN

        my $signature = $self->sign($algorithm, $key, $signing_input);
        push(@$segments, encode_base64url($signature));
    } else {
        push(@$segments, '');
    }
    return join('.', @$segments);
}

sub decode {
    my $self = shift;
    my ($jwt, $key, $verify) = @_;
    unless (defined($verify)) {
        $verify = 1;
    }
    my $segments = [split(/\./, $jwt)];
    die 'Not enough or to many segments' unless (@$segments == 2 or @$segments == 3);
    my ($header_segment, $payload_segment, $crypt_segment) = @$segments;
    my $signing_input = join('.', $header_segment, $payload_segment);
    my $header;
    my $payload;
    my $signature;
    try {
        $header = decode_json(decode_base64url($header_segment));
        $payload = decode_json(decode_base64url($payload_segment));
        $signature = decode_base64url($crypt_segment) if ($verify);
    } catch {
        warn $_;
    };
    if ($verify) {
        my $algo = $header->{alg};
        my $hmac = sub {
            my ($algo, $key, $signing_input, $signature) = @_;
            $signature eq $self->sign_hmac($algo, $key, $signing_input);
        };
        my $verify_method = sub {
            my ($algo, $key, $signing_input, $signature) = @_;
            $self->verify_rsa($algo, $key, $signing_input, $signature);
        };
        my $algorithm = {
            HS256 => $hmac,
            HS384 => $hmac,
            HS512 => $hmac,
        };

        if ($has_sha2) {
            $algorithm = {
                %$algorithm,
                (
                    RS256 => $verify_method,
                    RS384 => $verify_method,
                    RS512 => $verify_method,
                ),
            };
        }
        if (exists($algorithm->{$algo})) {
            unless ($algorithm->{$algo}->($algo, $key, $signing_input, $signature)) {
                die 'Signature verifacation failed';
            }
        } else {
            die 'Algorithm not supported';
        }

lib/Acme/JWT.pm  view on Meta::CPAN

sub sign_rsa {
    my $self = shift;
    my ($algo, $key, $msg) = @_;
    $algo =~ s/\D+//;
    my $private_key = Crypt::OpenSSL::RSA->new_private_key($key);
    $private_key->can("use_sha${algo}_hash")->($private_key);
    $private_key->sign($msg);
}

sub verify_rsa {
    my $self = shift;
    my ($algo, $key, $signing_input, $signature) = @_;
    $algo =~ s/\D+//;
    my $public_key = Crypt::OpenSSL::RSA->new_public_key($key);
    $public_key->can("use_sha${algo}_hash")->($public_key);
    $public_key->verify($signing_input, $signature);
}

sub sign_hmac {
    my $self = shift;
    my ($algo, $key, $msg) = @_;
    $algo =~ s/\D+//;
    my $method = $self->can("hmac_sha$algo");
    $method->($msg, $key);
}