json_web_token 0.1.1 → 0.1.2

data/lib/json_web_token/jwt.rb

@@ -1,32 +1,51 @@
 require 'json_web_token/jws'
 
 module JsonWebToken
+  # Encode claims for transmission as a JSON object that is used as the payload of a JSON Web
+  # Signature (JWS) structure, enabling the claims to be integrity protected with a Message
+  # Authentication Code (MAC), to be later verified
   module Jwt
 
-    ALGORITHM_DEFAULT = 'HS256'
+    ALG_DEFAULT = 'HS256'
     HEADER_DEFAULT = {
       typ: 'JWT',
-      alg: ALGORITHM_DEFAULT
+      alg: ALG_DEFAULT
     }
 
     module_function
 
-    # http://tools.ietf.org/html/rfc7519#page-12
-    def create(claims, options = {})
+    # @param claims [Hash] a collection of name/value pairs asserting information about a subject
+    # @param options [Hash] specify the desired signing algorithm and signing key
+    #   (e.g String for Hmac | OpenSSL::PKey::RSA | OpenSSL::PKey::EC)
+    # @return [String] a JSON Web Token, representing digitally signed claims
+    # @example
+    #   claims = {iss: 'joe', exp: 1300819380, 'http://example.com/is_root' => true}
+    #   options = {alg: 'HS256', key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C'}
+    #   Jwt.sign(claims, options)
+    #   # => 'eyJhbGciOiJIUzI1NiJ9.cGF5bG9hZA.uVTaOdyzp_f4mT_hfzU8LnCzdmlVC4t2itHDEYUZym4'
+    # @see http://tools.ietf.org/html/rfc7519#section-7.1
+    def sign(claims, options = {})
       message = validated_message(claims)
       header = config_header(options)
-      return Jws.unsecured_jws(header, message) if header[:alg] == 'none'
-      Jws.message_signature(header, message, options[:key])
+      return Jws.unsecured_message(header, message) if header[:alg] == 'none'
+      Jws.sign(header, message, options[:key])
     end
 
-    def validate(jwt, options = {})
-      alg = options[:alg] || ALGORITHM_DEFAULT
-      jws = Jws.validate(jwt, alg, options[:key])
-      jws == 'Invalid' ? jws : Util.symbolize_keys(decoded_message_json_to_hash jws)
+    # @param jwt [String] a JSON Web Token
+    # @param options [Hash] specify the desired verifying algorithm and verifying key
+    # @return [Hash] a JWT claims set if the jwt verifies, or +{error: 'Invalid'}+ otherwise
+    # @example
+    #   jwt = 'eyJhbGciOiJIUzI1NiJ9.cGF5bG9hZA.uVTaOdyzp_f4mT_hfzU8LnCzdmlVC4t2itHDEYUZym4'
+    #   options = {alg: 'HS256', key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C'}
+    #   Jwt.verify(jwt, options)
+    #   # => {iss: 'joe', exp: 1300819380, 'http://example.com/is_root' => true}
+    # @see see http://tools.ietf.org/html/rfc7519#section-7.2
+    def verify(jwt, options = {})
+      alg = options[:alg] || ALG_DEFAULT
+      jws = Jws.verify(jwt, alg, options[:key])
+      jws ? Util.symbolize_keys(decoded_message_json_to_hash jws) : {error: 'invalid'}
     end
 
-    # private
-
     def validated_message(claims)
       fail('Claims blank') if !claims || claims.empty?
       claims.to_json

data/lib/json_web_token/util.rb

@@ -4,7 +4,7 @@ module JsonWebToken
     module_function
 
     # https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-3.2
-    def constant_time_compare(a, b)
+    def constant_time_compare?(a, b)
       return false if a.nil? || b.nil? || a.empty? || b.empty?
       secure_compare(a, b)
     end

data/lib/json_web_token/version.rb

@@ -1,3 +1,3 @@
 module JsonWebToken
-  VERSION = '0.1.1'
+  VERSION = '0.1.2'
 end

data/spec/json_web_token/algorithm/ecdsa_spec.rb

@@ -4,51 +4,51 @@ require 'support/ecdsa_key'
 module JsonWebToken
   module Algorithm
     describe Ecdsa do
+      let(:signing_input_0) { '{"iss":"joe","exp":1300819380,"http://example.com/is_root":true}' }
+      let(:signing_input_1) { '{"iss":"mike","exp":1300819380,"http://example.com/is_root":false}' }
       describe 'detect changed signature or data' do
-        let(:signing_input_0) { 'signing_input_0' }
-        let(:signing_input_1) { 'signing_input_1' }
-        shared_examples_for '#signed' do
-          it 'is #verified?' do
+        shared_examples_for '#sign' do
+          it 'does #verify?' do
             private_key_0 = EcdsaKey.curve_new(sha_bits)
             public_key_str_0 = EcdsaKey.public_key_str(private_key_0)
             public_key_0 = EcdsaKey.public_key_new(sha_bits, public_key_str_0)
 
-            mac_0 = Ecdsa.signed(sha_bits, private_key_0, signing_input_0)
+            mac_0 = Ecdsa.sign(sha_bits, private_key_0, signing_input_0)
             expect(mac_0.bytes.count).to eql expected_mac_byte_count
-            expect(Ecdsa.verified? mac_0, sha_bits, public_key_0, signing_input_0).to be true
+            expect(Ecdsa.verify? mac_0, sha_bits, public_key_0, signing_input_0).to be true
 
             private_key_1 = EcdsaKey.curve_new(sha_bits)
             public_key_str_1 = EcdsaKey.public_key_str(private_key_1)
             public_key_1 = EcdsaKey.public_key_new(sha_bits, public_key_str_1)
 
-            expect(Ecdsa.verified? mac_0, sha_bits, public_key_0, signing_input_1).to be false
-            expect(Ecdsa.verified? mac_0, sha_bits, public_key_1, signing_input_0).to be false
-            expect(Ecdsa.verified? mac_0, sha_bits, public_key_1, signing_input_1).to be false
+            expect(Ecdsa.verify? mac_0, sha_bits, public_key_0, signing_input_1).to be false
+            expect(Ecdsa.verify? mac_0, sha_bits, public_key_1, signing_input_0).to be false
+            expect(Ecdsa.verify? mac_0, sha_bits, public_key_1, signing_input_1).to be false
 
-            mac_1 = Ecdsa.signed(sha_bits, private_key_1, signing_input_1)
-            expect(Ecdsa.verified? mac_1, sha_bits, public_key_0, signing_input_0).to be false
-            expect(Ecdsa.verified? mac_1, sha_bits, public_key_0, signing_input_1).to be false
-            expect(Ecdsa.verified? mac_1, sha_bits, public_key_1, signing_input_0).to be false
-            expect(Ecdsa.verified? mac_1, sha_bits, public_key_1, signing_input_1).to be true
+            mac_1 = Ecdsa.sign(sha_bits, private_key_1, signing_input_1)
+            expect(Ecdsa.verify? mac_1, sha_bits, public_key_0, signing_input_0).to be false
+            expect(Ecdsa.verify? mac_1, sha_bits, public_key_0, signing_input_1).to be false
+            expect(Ecdsa.verify? mac_1, sha_bits, public_key_1, signing_input_0).to be false
+            expect(Ecdsa.verify? mac_1, sha_bits, public_key_1, signing_input_1).to be true
           end
         end
 
         describe 'ES256' do
           let(:sha_bits) { '256' }
           let(:expected_mac_byte_count) { 64 }
-          it_behaves_like '#signed'
+          it_behaves_like '#sign'
         end
 
         describe 'ES384' do
           let(:sha_bits) { '384' }
           let(:expected_mac_byte_count) { 96 }
-          it_behaves_like '#signed'
+          it_behaves_like '#sign'
         end
 
         describe 'ES512' do
           let(:sha_bits) { '512' }
           let(:expected_mac_byte_count) { 132 }
-          it_behaves_like '#signed'
+          it_behaves_like '#sign'
         end
       end
     end

data/spec/json_web_token/algorithm/hmac_spec.rb

@@ -3,80 +3,79 @@ require 'json_web_token/algorithm/hmac'
 module JsonWebToken
   module Algorithm
     describe Hmac do
+      let(:signing_input_0) { '{"iss":"joe","exp":1300819380,"http://example.com/is_root":true}' }
+      let(:signing_input_1) { '{"iss":"mike","exp":1300819380,"http://example.com/is_root":false}' }
       context 'detect changed signing_input or MAC' do
-        let(:signing_input) { 'signing_input' }
-        let(:changed_signing_input) { 'changed_signing_input' }
-        shared_examples_for '#signed' do
-          it 'is #verified?' do
-            mac = Hmac.signed(sha_bits, key, signing_input)
-            expect(Hmac.verified? mac, sha_bits, key, signing_input).to be true
-            expect(Hmac.verified? mac, sha_bits, key, changed_signing_input).to be false
-
-            changed_mac = Hmac.signed(sha_bits, key, changed_signing_input)
-            expect(Hmac.verified? changed_mac, sha_bits, key, signing_input).to be false
+        shared_examples_for '#sign' do
+          it 'does #verify?' do
+            mac = Hmac.sign(sha_bits, shared_key, signing_input_0)
+            expect(Hmac.verify? mac, sha_bits, shared_key, signing_input_0).to be true
+            expect(Hmac.verify? mac, sha_bits, shared_key, signing_input_1).to be false
+
+            changed_mac = Hmac.sign(sha_bits, shared_key, signing_input_1)
+            expect(Hmac.verify? changed_mac, sha_bits, shared_key, signing_input_0).to be false
           end
         end
 
         describe 'HS256' do
           let(:sha_bits) { '256' }
-          let(:key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
-          it_behaves_like '#signed'
+          let(:shared_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
+          it_behaves_like '#sign'
         end
 
         describe 'HS384' do
           let(:sha_bits) { '384' }
-          let(:key) { 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS' }
-          it_behaves_like '#signed'
+          let(:shared_key) { 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS' }
+          it_behaves_like '#sign'
         end
 
         describe 'HS512' do
           let(:sha_bits) { '512' }
-          let(:key) { 'ysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hc' }
-          it_behaves_like '#signed'
+          let(:shared_key) { 'ysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hc' }
+          it_behaves_like '#sign'
         end
       end
 
       describe 'changed key' do
         let(:sha_bits) { '256' }
-        let(:key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
+        let(:shared_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
         let(:changed_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9Z' }
-        let(:data) { 'data' }
-        it 'fails #verified?' do
-          mac = Hmac.signed(sha_bits, key, data)
-          expect(Hmac.verified? mac, sha_bits, key, data).to be true
-          expect(Hmac.verified? mac, sha_bits, changed_key, data).to be false
+        it 'fails to #verify?' do
+          mac = Hmac.sign(sha_bits, shared_key, signing_input_0)
+          expect(Hmac.verify? mac, sha_bits, shared_key, signing_input_0).to be true
+          expect(Hmac.verify? mac, sha_bits, changed_key, signing_input_0).to be false
         end
       end
 
       context 'param validation' do
-        let(:data) { 'data' }
         shared_examples_for 'invalid key' do
           it 'raises' do
-            expect { Hmac.signed(sha_bits, key, data) }.to raise_error(RuntimeError, 'Invalid key')
+            expect { Hmac.sign(sha_bits, shared_key, signing_input_0) }
+              .to raise_error(RuntimeError, 'Invalid shared key')
           end
         end
 
         context 'w 256 sha_bits' do
           let(:sha_bits) { '256' }
-          describe 'key nil' do
-            let(:key) { nil }
+          describe 'shared_key nil' do
+            let(:shared_key) { nil }
             it_behaves_like 'invalid key'
           end
 
-          describe "key 'empty string'" do
-            let(:key) { '' }
+          describe "shared_key 'empty string'" do
+            let(:shared_key) { '' }
             it_behaves_like 'invalid key'
           end
 
-          describe 'key length (31) < MAC length (32)' do
-            let(:key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9' }
+          describe 'shared_key length (31) < MAC length (32)' do
+            let(:shared_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9' }
             it_behaves_like 'invalid key'
           end
 
-          describe 'key length (32) == MAC length (32)' do
-            let(:key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
+          describe 'shared_key length (32) == MAC length (32)' do
+            let(:shared_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
             it 'returns a 32-byte MAC string' do
-              mac = Hmac.signed(sha_bits, key, data)
+              mac = Hmac.sign(sha_bits, shared_key, signing_input_0)
               expect(mac.bytesize).to eql 32
             end
           end
@@ -84,15 +83,15 @@ module JsonWebToken
 
         context 'w 384 sha_bits' do
           let(:sha_bits) { '384' }
-          describe 'key length (47) < MAC length (48)' do
-            let(:key) { 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1q' }
+          describe 'shared_key length (47) < MAC length (48)' do
+            let(:shared_key) { 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1q' }
             it_behaves_like 'invalid key'
           end
 
-          describe 'key length (48) == MAC length (48)' do
-            let(:key) { 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS' }
+          describe 'shared_key length (48) == MAC length (48)' do
+            let(:shared_key) { 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS' }
             it 'returns a 48-byte MAC string' do
-              mac = Hmac.signed(sha_bits, key, data)
+              mac = Hmac.sign(sha_bits, shared_key, signing_input_0)
               expect(mac.bytesize).to eql 48
             end
           end
@@ -100,15 +99,15 @@ module JsonWebToken
 
         context 'w 512 sha_bits' do
           let(:sha_bits) { '512' }
-          describe 'key length (63) < MAC length (64)' do
-            let(:key) { 'ysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4h' }
+          describe 'shared_key length (63) < MAC length (64)' do
+            let(:shared_key) { 'ysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4h' }
             it_behaves_like 'invalid key'
           end
 
-          describe 'key length (64) == MAC length (64)' do
-            let(:key) { 'ysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hc' }
+          describe 'shared_key length (64) == MAC length (64)' do
+            let(:shared_key) { 'ysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hc' }
             it 'returns a 64-byte MAC string' do
-              mac = Hmac.signed(sha_bits, key, data)
+              mac = Hmac.sign(sha_bits, shared_key, signing_input_0)
               expect(mac.bytesize).to eql 64
             end
           end
@@ -116,9 +115,9 @@ module JsonWebToken
 
         describe 'w unrecognized sha_bits' do
           let(:sha_bits) { '257' }
-          let(:key) { 'ysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hc' }
+          let(:shared_key) { 'ysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hc' }
           it 'raises' do
-            expect { Hmac.signed(sha_bits, key, data) }
+            expect { Hmac.sign(sha_bits, shared_key, signing_input_0) }
               .to raise_error(RuntimeError, 'Invalid sha_bits')
           end
         end

data/spec/json_web_token/algorithm/rsa_spec.rb

@@ -3,53 +3,51 @@ require 'json_web_token/algorithm/rsa'
 module JsonWebToken
   module Algorithm
     describe Rsa do
+      let(:signing_input_0) { '{"iss":"joe","exp":1300819380,"http://example.com/is_root":true}' }
+      let(:signing_input_1) { '{"iss":"mike","exp":1300819380,"http://example.com/is_root":false}' }
       context 'detect changed signing_input or MAC' do
         let(:private_key) { OpenSSL::PKey::RSA.generate(Rsa::KEY_BITS_MIN) }
         let(:public_key) { private_key.public_key }
-        let(:signing_input) { 'signing_input' }
-        let(:changed_signing_input) { 'changed_signing_input' }
-        shared_examples_for '#signed' do
-          it 'is #verified?' do
-            mac = Rsa.signed(sha_bits, private_key, signing_input)
-            expect(Rsa.verified? mac, sha_bits, public_key, signing_input).to be true
-            expect(Rsa.verified? mac, sha_bits, public_key, changed_signing_input).to be false
-
-            changed_mac = Rsa.signed(sha_bits, private_key, changed_signing_input)
-            expect(Rsa.verified? changed_mac, sha_bits, public_key, signing_input).to be false
+        shared_examples_for '#sign' do
+          it 'does #verify?' do
+            mac = Rsa.sign(sha_bits, private_key, signing_input_0)
+            expect(Rsa.verify? mac, sha_bits, public_key, signing_input_0).to be true
+            expect(Rsa.verify? mac, sha_bits, public_key, signing_input_1).to be false
+
+            changed_mac = Rsa.sign(sha_bits, private_key, signing_input_1)
+            expect(Rsa.verify? changed_mac, sha_bits, public_key, signing_input_0).to be false
           end
         end
 
         context 'RS256' do
           let(:sha_bits) { '256' }
-          it_behaves_like '#signed'
+          it_behaves_like '#sign'
 
           describe 'changed key' do
             let(:changed_public_key) { OpenSSL::PKey::RSA.generate(Rsa::KEY_BITS_MIN).public_key }
-            let(:data) { 'data' }
-            it 'fails #verified?' do
-              mac = Rsa.signed(sha_bits, private_key, data)
-              expect(Rsa.verified? mac, sha_bits, public_key, data).to be true
-              expect(Rsa.verified? mac, sha_bits, changed_public_key, data).to be false
+            it 'fails to #verify?' do
+              mac = Rsa.sign(sha_bits, private_key, signing_input_0)
+              expect(Rsa.verify? mac, sha_bits, public_key, signing_input_0).to be true
+              expect(Rsa.verify? mac, sha_bits, changed_public_key, signing_input_0).to be false
             end
           end
         end
 
         describe 'RS384' do
           let(:sha_bits) { '384' }
-          it_behaves_like '#signed'
+          it_behaves_like '#sign'
         end
 
         describe 'RS512' do
           let(:sha_bits) { '512' }
-          it_behaves_like '#signed'
+          it_behaves_like '#sign'
         end
       end
 
       context 'param validation' do
-        let(:data) { 'data' }
         shared_examples_for 'invalid private_key' do
           it 'raises' do
-            expect { Rsa.signed(sha_bits, private_key, data) }.to raise_error(RuntimeError, 'Invalid private key')
+            expect { Rsa.sign(sha_bits, private_key, signing_input_0) }.to raise_error(RuntimeError, 'Invalid private key')
           end
         end
 
@@ -73,7 +71,7 @@ module JsonWebToken
 
         shared_examples_for '2048 bit private_key' do
           it 'returns a 256-byte MAC string' do
-            mac = Rsa.signed(sha_bits, private_key, data)
+            mac = Rsa.sign(sha_bits, private_key, signing_input_0)
             expect(mac.bytesize).to eql 256
           end
         end
@@ -106,7 +104,7 @@ module JsonWebToken
           describe 'empty string' do
             let(:private_key) { '' }
             it 'raises' do
-              expect { Rsa.signed(sha_bits, private_key, data) }.to raise_error(NoMethodError)
+              expect { Rsa.sign(sha_bits, private_key, signing_input_0) }.to raise_error(NoMethodError)
             end
           end
         end
@@ -115,7 +113,7 @@ module JsonWebToken
           let(:sha_bits) { '257' }
           let(:private_key) { 'private_key' }
           it 'raises' do
-            expect { Rsa.signed(sha_bits, private_key, data) }
+            expect { Rsa.sign(sha_bits, private_key, signing_input_0) }
               .to raise_error(RuntimeError, 'Invalid sha_bits')
           end
         end

data/spec/json_web_token/jwa_spec.rb

@@ -3,19 +3,19 @@ require 'support/ecdsa_key'
 
 module JsonWebToken
   describe Jwa do
-    shared_examples_for 'w #verified?' do
+    let(:signing_input) { '{"iss":"joe","exp":1300819380,"http://example.com/is_root":true}' }
+    shared_examples_for 'w #verify?' do
       it 'true' do
-        expect(Jwa.verified? mac, algorithm, verifying_key, signing_input).to be true
+        expect(Jwa.verify? mac, algorithm, verifying_key, signing_input).to be true
       end
     end
-    context '#signed' do
-      let(:signing_input) { 'signing_input' }
-      let(:mac) { Jwa.signed(algorithm, private_key, signing_input) }
+    context '#sign' do
+      let(:mac) { Jwa.sign(algorithm, signing_key, signing_input) }
       describe 'HS256' do
         let(:algorithm) { 'HS256' }
-        let(:private_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
-        let(:verifying_key) { private_key }
-        it_behaves_like 'w #verified?'
+        let(:signing_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
+        let(:verifying_key) { signing_key }
+        it_behaves_like 'w #verify?'
 
         it 'returns a 32-byte MAC' do
           expect(mac.bytesize).to eql 32
@@ -24,9 +24,9 @@ module JsonWebToken
 
       describe 'RS256' do
         let(:algorithm) { 'RS256' }
-        let(:private_key) { OpenSSL::PKey::RSA.generate(2048) }
-        let(:verifying_key) { private_key.public_key }
-        it_behaves_like 'w #verified?'
+        let(:signing_key) { OpenSSL::PKey::RSA.generate(2048) }
+        let(:verifying_key) { signing_key.public_key }
+        it_behaves_like 'w #verify?'
 
         it 'returns a 256-byte MAC' do
           expect(mac.bytesize).to eql 256
@@ -35,13 +35,13 @@ module JsonWebToken
 
       describe 'ES256' do
         let(:algorithm) { 'ES256' }
-        it 'w #verified? true, returns a 64-byte MAC' do
+        it 'w #verify? true, returns a 64-byte MAC' do
           private_key = EcdsaKey.curve_new('256')
           public_key_str = EcdsaKey.public_key_str(private_key)
           public_key = EcdsaKey.public_key_new('256', public_key_str)
 
-          mac = Jwa.signed(algorithm, private_key, signing_input)
-          expect(Jwa.verified? mac, algorithm, public_key, signing_input).to be true
+          mac = Jwa.sign(algorithm, private_key, signing_input)
+          expect(Jwa.verify? mac, algorithm, public_key, signing_input).to be true
 
           expect(mac.bytesize).to eql 64
         end
@@ -49,14 +49,13 @@ module JsonWebToken
     end
 
     context 'param validation' do
-      let(:data) { 'data' }
       context 'w HS256 key' do
-        let(:key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
+        let(:shared_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
         describe 'unrecognized algorithm' do
           ['HT256', 'HS257', '', nil].each do |elt|
             let(:algorithm) { "#{elt}" }
             it 'raises' do
-              expect { Jwa.signed(algorithm, key, data) }
+              expect { Jwa.sign(algorithm, shared_key, signing_input) }
                 .to raise_error(RuntimeError, 'Unrecognized algorithm')
             end
           end