Acme-JWT
2 results

 view release on metacpan or  search on metacpan

lib/Acme/JWT.pm  view on Meta::CPAN 

    unless (exists($algorithm->{$algo})) {
        die 'Unsupported signing method';
    }
    $algorithm->{$algo}->($algo, $key, $signing_input);
}

sub sign_rsa {
    my $self = shift;
    my ($algo, $key, $msg) = @_;
    $algo =~ s/\D+//;
    my $private_key = Crypt::OpenSSL::RSA->new_private_key($key);
    $private_key->can("use_sha${algo}_hash")->($private_key);
    $private_key->sign($msg);
}

sub verify_rsa {
    my $self = shift;
    my ($algo, $key, $signing_input, $signature) = @_;
    $algo =~ s/\D+//;
    my $public_key = Crypt::OpenSSL::RSA->new_public_key($key);
    $public_key->can("use_sha${algo}_hash")->($public_key);
    $public_key->verify($signing_input, $signature);
}

t/01_spec.t  view on Meta::CPAN 

}


{
    my $algorithm = 'HS512';
    if ($Acme::JWT::has_sha2) {
        $algorithm = 'RS256';
    }
    my $name = 'encodes and decodes JWTs for RSA signaturese';
    my $rsa = Crypt::OpenSSL::RSA->generate_key(512);
    my $jwt = Acme::JWT->encode($payload, $rsa->get_private_key_string, $algorithm);
    my $decoded_payload = Acme::JWT->decode($jwt, $rsa->get_public_key_string);
    is_d $decoded_payload, $payload, $name;
}

{
    my $name = 'decodes valid JWTs';
    my $example_payload = {hello => 'world'};
    my $example_secret = 'secret';
    my $example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8';
    my $decoded_payload = Acme::JWT->decode($example_jwt, $example_secret);

t/01_spec.t  view on Meta::CPAN 

    eval {
        Acme::JWT->decode($jwt_message, $bad_secret);
    };
    like $@, qr/^Signature verifacation failed/, $name;
}

{
    my $name = 'raises exception with wrong rsa key';
    my $right_rsa = Crypt::OpenSSL::RSA->generate_key(512);
    my $bad_rsa = Crypt::OpenSSL::RSA->generate_key(512);
    my $jwt = Acme::JWT->encode($payload, $right_rsa->get_private_key_string, 'RS256');
    eval {
        Acme::JWT->decode($jwt, $bad_rsa->get_public_key_string);
    };
    like $@, qr/^Signature verifacation failed/, $name;
}

{
    my $name = 'allows decoding without key';
    my $right_secret = 'foo';
    my $bad_secret = 'bar';



( run in 0.872 second using v1.01-cache-2.11-cpan-a5abf4f5562 )