added rsa 256

Author: popwarfour

.DS_Store

@@ -5,25 +5,25 @@ import Foundation
 public enum InvalidToken: CustomStringConvertible, Error {
   /// Decoding the JWT itself failed
   case decodeError(String)
-
+  
   /// The JWT uses an unsupported algorithm
   case invalidAlgorithm
-
+  
   /// The issued claim has expired
   case expiredSignature
-
+  
   /// The issued claim is for the future
   case immatureSignature
-
+  
   /// The claim is for the future
   case invalidIssuedAt
-
+  
   /// The audience of the claim doesn't match
   case invalidAudience
-
+  
   /// The issuer claim failed to verify
   case invalidIssuer
-
+  
   /// Returns a readable description of the error
   public var description: String {
     switch self {
@@ -49,12 +49,12 @@ public enum InvalidToken: CustomStringConvertible, Error {
 /// Decode a JWT
 public func decode(_ jwt: String, algorithms: [Algorithm], verify: Bool = true, audience: String? = nil, issuer: String? = nil) throws -> ClaimSet {
   let (header, claims, signature, signatureInput) = try load(jwt)
-
+  
   if verify {
     try claims.validate(audience: audience, issuer: issuer)
     try verifySignature(algorithms, header: header, signingInput: signatureInput, signature: signature)
   }
-
+  
   return claims
 }
 
@@ -82,35 +82,35 @@ func load(_ jwt: String) throws -> (header: JOSEHeader, payload: ClaimSet, signa
   if segments.count != 3 {
     throw InvalidToken.decodeError("Not enough segments")
   }
-
+  
   let headerSegment = segments[0]
   let payloadSegment = segments[1]
   let signatureSegment = segments[2]
   let signatureInput = "\(headerSegment).\(payloadSegment)"
-
+  
   guard let headerData = base64decode(headerSegment) else {
     throw InvalidToken.decodeError("Header is not correctly encoded as base64")
   }
-
+  
   let header = (try? JSONSerialization.jsonObject(with: headerData, options: JSONSerialization.ReadingOptions(rawValue: 0))) as? Payload
   if header == nil {
     throw InvalidToken.decodeError("Invalid header")
   }
-
+  
   let payloadData = base64decode(payloadSegment)
   if payloadData == nil {
     throw InvalidToken.decodeError("Payload is not correctly encoded as base64")
   }
-
+  
   let payload = (try? JSONSerialization.jsonObject(with: payloadData!, options: JSONSerialization.ReadingOptions(rawValue: 0))) as? Payload
   if payload == nil {
     throw InvalidToken.decodeError("Invalid payload")
   }
-
+  
   guard let signature = base64decode(signatureSegment) else {
     throw InvalidToken.decodeError("Signature is not correctly encoded as base64")
   }
-
+  
   return (header: JOSEHeader(parameters: header!), payload: ClaimSet(claims: payload!), signature: signature, signatureInput: signatureInput)
 }
 
@@ -120,11 +120,11 @@ func verifySignature(_ algorithms: [Algorithm], header: JOSEHeader, signingInput
   guard let alg = header.algorithm else {
     throw InvalidToken.decodeError("Missing Algorithm")
   }
-
-  let verifiedAlgorithms = algorithms
+  
+  let verifiedAlgorithms = try algorithms
     .filter { algorithm in algorithm.description == alg }
-    .filter { algorithm in algorithm.verify(signingInput, signature: signature) }
-
+    .filter { algorithm in try algorithm.verify(signingInput, signature: signature) }
+  
   if verifiedAlgorithms.isEmpty {
     throw InvalidToken.invalidAlgorithm
   }

Sources/Decode.swift

@@ -5,25 +5,25 @@ import Foundation
  - parameter algorithm: The algorithm to sign the payload with
  - returns: The JSON web token as a String
  */
-public func encode(claims: ClaimSet, algorithm: Algorithm, headers: [String: String]? = nil) -> String {
+public func encode(claims: ClaimSet, algorithm: Algorithm, headers: [String: String]? = nil) throws -> String {
   func encodeJSON(_ payload: [String: Any]) -> String? {
     if let data = try? JSONSerialization.data(withJSONObject: payload) {
       return base64encode(data)
     }
-
+    
     return nil
   }
-
+  
   var headers = headers ?? [:]
   if !headers.keys.contains("typ") {
     headers["typ"] = "JWT"
   }
   headers["alg"] = algorithm.description
-
+  
   let header = encodeJSON(headers)!
   let payload = encodeJSON(claims.claims)!
   let signingInput = "\(header).\(payload)"
-  let signature = algorithm.sign(signingInput)
+  let signature = try algorithm.sign(signingInput)
   return "\(signingInput).\(signature)"
 }
 
@@ -32,16 +32,16 @@ public func encode(claims: ClaimSet, algorithm: Algorithm, headers: [String: Str
  - parameter algorithm: The algorithm to sign the payload with
  - returns: The JSON web token as a String
  */
-public func encode(claims: [String: Any], algorithm: Algorithm, headers: [String: String]? = nil) -> String {
-  return encode(claims: ClaimSet(claims: claims), algorithm: algorithm, headers: headers)
+public func encode(claims: [String: Any], algorithm: Algorithm, headers: [String: String]? = nil) throws -> String {
+  return try encode(claims: ClaimSet(claims: claims), algorithm: algorithm, headers: headers)
 }
 
 
 /// Encode a set of claims using the builder pattern
-public func encode(_ algorithm: Algorithm, closure: ((ClaimSetBuilder) -> Void)) -> String {
+public func encode(_ algorithm: Algorithm, closure: ((ClaimSetBuilder) -> Void)) throws -> String {
   let builder = ClaimSetBuilder()
   closure(builder)
-  return encode(claims: builder.claims, algorithm: algorithm)
+  return try encode(claims: builder.claims, algorithm: algorithm)
 }
 
 
@@ -51,6 +51,6 @@ public func encode(_ algorithm: Algorithm, closure: ((ClaimSetBuilder) -> Void))
  - returns: The JSON web token as a String
  */
 @available(*, deprecated, message: "use encode(claims: algorithm:) instead")
-public func encode(_ payload: Payload, algorithm: Algorithm) -> String {
-  return encode(claims: ClaimSet(claims: payload), algorithm: algorithm)
+public func encode(_ payload: Payload, algorithm: Algorithm) throws -> String {
+  return try encode(claims: ClaimSet(claims: payload), algorithm: algorithm)
 }

Sources/Encode.swift

@@ -1,22 +1,26 @@
 import Foundation
 import CryptoSwift
+import SwiftyRSA
 
 public typealias Payload = [String: Any]
 
 /// The supported Algorithms
 public enum Algorithm: CustomStringConvertible {
   /// No Algorithm, i-e, insecure
   case none
-
+  
   /// HMAC using SHA-256 hash algorithm
   case hs256(Data)
-
+  
   /// HMAC using SHA-384 hash algorithm
   case hs384(Data)
-
+  
   /// HMAC using SHA-512 hash algorithm
   case hs512(Data)
-
+  
+  /// RSA using SHA-256 hash algorithm
+  case rsa256(PrivateKey)
+  
   public var description: String {
     switch self {
     case .none:
@@ -27,11 +31,14 @@ public enum Algorithm: CustomStringConvertible {
       return "HS384"
     case .hs512:
       return "HS512"
+    case .rsa256:
+      return "RSA256"
     }
   }
-
+  
   /// Sign a message using the algorithm
-  func sign(_ message: String) -> String {
+  func sign(_ message: String) throws -> String {
+    
     func signHS(_ key: Data, variant: CryptoSwift.HMAC.Variant) -> String {
       let messageData = message.data(using: String.Encoding.utf8, allowLossyConversion: false)!
       let mac = HMAC(key: key.bytes, variant: variant)
@@ -43,24 +50,39 @@ public enum Algorithm: CustomStringConvertible {
       }
       return base64encode(Data(bytes: result))
     }
-
+    
+    func signRSA(_ privateKey: PrivateKey, digestType: Signature.DigestType) throws -> String {
+      
+      let clear = try ClearMessage(string: message, using: .utf8)
+      
+      let signature = try clear.signed(with: privateKey, digestType: digestType)
+      let base64Signature = signature.base64String
+      
+      return base64Signature
+      
+    }
+    
     switch self {
     case .none:
       return ""
-
+      
     case .hs256(let key):
       return signHS(key, variant: .sha256)
-
+      
     case .hs384(let key):
       return signHS(key, variant: .sha384)
-
+      
     case .hs512(let key):
       return signHS(key, variant: .sha512)
+      
+    case .rsa256(let privateKey):
+      return try signRSA(privateKey, digestType: .sha256)
+      
     }
   }
-
+  
   /// Verify a signature for a message using the algorithm
-  func verify(_ message: String, signature: Data) -> Bool {
-    return sign(message) == base64encode(signature)
+  func verify(_ message: String, signature: Data) throws -> Bool {
+    return try sign(message) == base64encode(signature)
   }
 }