jwt 2.10.2 → 3.2.0

data/UPGRADING.md

@@ -0,0 +1,47 @@
+# Upgrading ruby-jwt to >= 3.0.0
+
+## Removal of the indirect [RbNaCl](https://github.com/RubyCrypto/rbnacl) dependency
+
+Historically, the set of supported algorithms was extended by including the `rbnacl` gem in the application's Gemfile. On load, ruby-jwt tried to load the gem and, if available, extend the algorithms to those provided by the `rbnacl/libsodium` libraries. This indirect dependency has caused some maintenance pain and confusion about which versions of the gem are supported.
+
+Some work to ease the way alternative algorithms can be implemented has been done. This enables the extraction of the algorithm provided by `rbnacl`.
+
+The extracted algorithms now live in the [jwt-eddsa](https://rubygems.org/gems/jwt-eddsa) gem.
+
+### Dropped support for HS512256
+
+The algorithm HS512256 (HMAC-SHA-512 truncated to 256-bits) is not part of any JWA/JWT RFC and therefore will not be supported anymore. It was part of the HMAC algorithms provided by the indirect [RbNaCl](https://github.com/RubyCrypto/rbnacl) dependency. Currently, there are no direct substitutes for the algorithm.
+
+### `JWT::EncodedToken#payload` will raise before token is verified
+
+To avoid accidental use of unverified tokens, the `JWT::EncodedToken#payload` method will raise an error if accessed before the token signature has been verified.
+
+To access the payload before verification, use the method `JWT::EncodedToken#unverified_payload`.
+
+## Stricter requirements on Base64 encoded data
+
+Base64 decoding will no longer fallback on the looser RFC 2045. The biggest difference is that the looser version was ignoring whitespaces and newlines, whereas the stricter version raises errors in such cases.
+
+If you, for example, read tokens from files, there could be problems with trailing newlines. Make sure you trim your input before passing it to the decoding mechanisms.
+
+## Claim verification revamp
+
+Claim verification has been [split into separate classes](https://github.com/jwt/ruby-jwt/pull/605) and has [a new API](https://github.com/jwt/ruby-jwt/pull/626), leading to the following deprecations:
+
+- The `::JWT::ClaimsValidator` class will be removed in favor of the functionality provided by `::JWT::Claims`.
+- The `::JWT::Claims::verify!` method will be removed in favor of `::JWT::Claims::verify_payload!`.
+- The `::JWT::JWA.create` method will be removed.
+- The `::JWT::Verify` class will be removed in favor of the functionality provided by `::JWT::Claims`.
+- Calling `::JWT::Claims::Numeric.new` with a payload will be removed in favor of `::JWT::Claims::verify_payload!(payload, :numeric)`.
+- Calling `::JWT::Claims::Numeric.verify!` with a payload will be removed in favor of `::JWT::Claims::verify_payload!(payload, :numeric)`.
+
+## Algorithm restructuring
+
+The internal algorithms were [restructured](https://github.com/jwt/ruby-jwt/pull/607) to support extensions from separate libraries. The changes led to a few deprecations and new requirements:
+
+- The `sign` and `verify` static methods on all the algorithms (`::JWT::JWA`) will be removed.
+- Custom algorithms are expected to include the `JWT::JWA::SigningAlgorithm` module.
+
+## Base64 the `k´ value for HMAC JWKs
+
+The gem was missing the Base64 encoding and decoding when representing and parsing a HMAC key as a JWK. This issue is now addressed. The added encoding will break compatibility with JWKs produced by older versions of the gem.

data/lib/jwt/base64.rb

@@ -14,22 +14,13 @@ module JWT
       end
 
       # Decode a string with URL-safe Base64 complying with RFC 4648.
-      # Deprecated support for RFC 2045 remains for now. ("All line breaks or other characters not found in Table 1 must be ignored by decoding software")
       # @api private
       def url_decode(str)
         ::Base64.urlsafe_decode64(str)
       rescue ArgumentError => e
         raise unless e.message == 'invalid base64'
-        raise Base64DecodeError, 'Invalid base64 encoding' if JWT.configuration.strict_base64_decoding
 
-        loose_urlsafe_decode64(str).tap do
-          Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt', only_if_valid: true)
-        end
-      end
-
-      def loose_urlsafe_decode64(str)
-        str += '=' * (4 - str.length.modulo(4))
-        ::Base64.decode64(str.tr('-_', '+/'))
+        raise Base64DecodeError, 'Invalid base64 encoding'
       end
     end
   end

data/lib/jwt/claims/numeric.rb

@@ -5,18 +5,6 @@ module JWT
     # The Numeric class is responsible for validating numeric claims in a JWT token.
     # The numeric claims are: exp, iat and nbf
     class Numeric
-      # The Compat class provides backward compatibility for numeric claim validation.
-      # @api private
-      class Compat
-        def initialize(payload)
-          @payload = payload
-        end
-
-        def verify!
-          JWT::Claims.verify_payload!(@payload, :numeric)
-        end
-      end
-
       # List of numeric claims that can be validated.
       NUMERIC_CLAIMS = %i[
         exp
@@ -26,14 +14,6 @@ module JWT
 
       private_constant(:NUMERIC_CLAIMS)
 
-      # @api private
-      def self.new(*args)
-        return super if args.empty?
-
-        Deprecations.warning('Calling ::JWT::Claims::Numeric.new with the payload will be removed in the next major version of ruby-jwt')
-        Compat.new(*args)
-      end
-
       # Verifies the numeric claims in the JWT context.
       #
       # @param context [Object] the context containing the JWT payload.
@@ -43,18 +23,6 @@ module JWT
         validate_numeric_claims(context.payload)
       end
 
-      # Verifies the numeric claims in the JWT payload.
-      #
-      # @param payload [Hash] the JWT payload containing the claims.
-      # @param _args [Hash] additional arguments (not used).
-      # @raise [JWT::InvalidClaimError] if any numeric claim is invalid.
-      # @return [nil]
-      # @deprecated The ::JWT::Claims::Numeric.verify! method will be removed in the next major version of ruby-jwt
-      def self.verify!(payload:, **_args)
-        Deprecations.warning('The ::JWT::Claims::Numeric.verify! method will be removed in the next major version of ruby-jwt.')
-        JWT::Claims.verify_payload!(payload, :numeric)
-      end
-
       private
 
       def validate_numeric_claims(payload)

data/lib/jwt/claims.rb

@@ -11,7 +11,6 @@ require_relative 'claims/not_before'
 require_relative 'claims/numeric'
 require_relative 'claims/required'
 require_relative 'claims/subject'
-require_relative 'claims/verification_methods'
 require_relative 'claims/verifier'
 
 module JWT
@@ -33,12 +32,6 @@ module JWT
     Error = Struct.new(:message, keyword_init: true)
 
     class << self
-      # @deprecated Use {verify_payload!} instead. Will be removed in the next major version of ruby-jwt.
-      def verify!(payload, options)
-        Deprecations.warning('The ::JWT::Claims.verify! method is deprecated will be removed in the next major version of ruby-jwt')
-        DecodeVerifier.verify!(payload, options)
-      end
-
       # Checks if the claims in the JWT payload are valid.
       # @example
       #

data/lib/jwt/configuration/container.rb

@@ -30,7 +30,6 @@ module JWT
       def reset!
         @decode                 = DecodeConfiguration.new
         @jwk                    = JwkConfiguration.new
-        @strict_base64_decoding = false
 
         self.deprecation_warnings = :once
       end

data/lib/jwt/configuration/decode_configuration.rb

@@ -24,6 +24,8 @@ module JWT
       #   @return [Array<String>] the list of acceptable algorithms.
       # @!attribute [rw] required_claims
       #   @return [Array<String>] the list of required claims.
+      # @!attribute [rw] enforce_hmac_key_length
+      #   @return [Boolean] whether to enforce minimum HMAC key lengths. false disables validation (default).
 
       attr_accessor :verify_expiration,
                     :verify_not_before,
@@ -34,7 +36,8 @@ module JWT
                     :verify_sub,
                     :leeway,
                     :algorithms,
-                    :required_claims
+                    :required_claims,
+                    :enforce_hmac_key_length
 
       # Initializes a new DecodeConfiguration instance with default settings.
       def initialize
@@ -48,6 +51,7 @@ module JWT
         @leeway = 0
         @algorithms = ['HS256']
         @required_claims = []
+        @enforce_hmac_key_length = false
       end
 
       # @api private
@@ -62,7 +66,8 @@ module JWT
           verify_sub: verify_sub,
           leeway: leeway,
           algorithms: algorithms,
-          required_claims: required_claims
+          required_claims: required_claims,
+          enforce_hmac_key_length: enforce_hmac_key_length
         }
       end
     end

data/lib/jwt/decode.rb

@@ -6,6 +6,11 @@ require 'jwt/x5c_key_finder'
 module JWT
   # The Decode class is responsible for decoding and verifying JWT tokens.
   class Decode
+    # Order is very important - first check for string keys, next for symbols
+    ALGORITHM_KEYS = ['algorithm',
+                      :algorithm,
+                      'algorithms',
+                      :algorithms].freeze
     # Initializes a new Decode instance.
     #
     # @param jwt [String] the JWT to decode.
@@ -33,10 +38,10 @@ module JWT
         verify_algo
         set_key
         verify_signature
-        Claims::DecodeVerifier.verify!(token.payload, @options)
+        Claims::DecodeVerifier.verify!(token.unverified_payload, @options)
       end
 
-      [token.payload, token.header]
+      [token.unverified_payload, token.header]
     end
 
     private
@@ -53,14 +58,21 @@ module JWT
 
     def verify_algo
       raise JWT::IncorrectAlgorithm, 'An algorithm must be specified' if allowed_algorithms.empty?
-      raise JWT::DecodeError, 'Token header not a JSON object' unless token.header.is_a?(Hash)
+      raise JWT::DecodeError, 'Token header not a JSON object' unless valid_token_header?
       raise JWT::IncorrectAlgorithm, 'Token is missing alg header' unless alg_in_header
       raise JWT::IncorrectAlgorithm, 'Expected a different algorithm' if allowed_and_valid_algorithms.empty?
     end
 
     def set_key
       @key = find_key(&@keyfinder) if @keyfinder
-      @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks], allow_nil_kid: @options[:allow_nil_kid]).key_for(token.header['kid']) if @options[:jwks]
+      if @options[:jwks]
+        @key = ::JWT::JWK::KeyFinder.new(
+          jwks: @options[:jwks],
+          allow_nil_kid: @options[:allow_nil_kid],
+          key_fields: @options[:key_fields]
+        ).call(token)
+      end
+
       return unless (x5c_options = @options[:x5c])
 
       @key = X5cKeyFinder.new(x5c_options[:root_certificates], x5c_options[:crls]).from(token.header['x5c'])
@@ -70,18 +82,9 @@ module JWT
       @allowed_and_valid_algorithms ||= allowed_algorithms.select { |alg| alg.valid_alg?(alg_in_header) }
     end
 
-    # Order is very important - first check for string keys, next for symbols
-    ALGORITHM_KEYS = ['algorithm',
-                      :algorithm,
-                      'algorithms',
-                      :algorithms].freeze
-
     def given_algorithms
-      ALGORITHM_KEYS.each do |alg_key|
-        alg = @options[alg_key]
-        return Array(alg) if alg
-      end
-      []
+      alg_key = ALGORITHM_KEYS.find { |key| @options[key] }
+      Array(@options[alg_key])
     end
 
     def allowed_algorithms
@@ -93,7 +96,7 @@ module JWT
     end
 
     def find_key(&keyfinder)
-      key = (keyfinder.arity == 2 ? yield(token.header, token.payload) : yield(token.header))
+      key = (keyfinder.arity == 2 ? yield(token.header, token.unverified_payload) : yield(token.header))
       # key can be of type [string, nil, OpenSSL::PKey, Array]
       return key if key && !Array(key).empty?
 
@@ -110,9 +113,15 @@ module JWT
     end
 
     def none_algorithm?
+      return false unless valid_token_header?
+
       alg_in_header == 'none'
     end
 
+    def valid_token_header?
+      token.header.is_a?(Hash)
+    end
+
     def alg_in_header
       token.header['alg']
     end

data/lib/jwt/encoded_token/claims_context.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module JWT
+  # @private
+  class EncodedToken
+    # Allow access to the unverified payload for claim verification.
+    class ClaimsContext
+      extend Forwardable
+
+      def_delegators :@token, :header, :unverified_payload
+
+      def initialize(token)
+        @token = token
+      end
+
+      def payload
+        unverified_payload
+      end
+    end
+  end
+end

data/lib/jwt/encoded_token.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative 'encoded_token/claims_context'
+
 module JWT
   # Represents an encoded JWT token
   #
@@ -12,7 +14,9 @@ module JWT
   #   encoded_token.verify_signature!(algorithm: 'HS256', key: 'secret')
   #   encoded_token.payload # => {'pay' => 'load'}
   class EncodedToken
-    include Claims::VerificationMethods
+    DEFAULT_CLAIMS = [:exp].freeze
+
+    private_constant(:DEFAULT_CLAIMS)
 
     # Returns the original token provided to the class.
     # @return [String] The JWT token.
@@ -26,6 +30,9 @@ module JWT
       raise ArgumentError, 'Provided JWT must be a String' unless jwt.is_a?(String)
 
       @jwt = jwt
+      @signature_verified = false
+      @claims_verified    = false
+
       @encoded_header, @encoded_payload, @encoded_signature = jwt.split('.')
     end
 
@@ -53,11 +60,21 @@ module JWT
     # @return [String] the encoded header.
     attr_reader :encoded_header
 
-    # Returns the payload of the JWT token.
+    # Returns the payload of the JWT token. Access requires the signature and claims to have been verified.
     #
     # @return [Hash] the payload.
+    # @raise [JWT::DecodeError] if the signature has not been verified.
     def payload
-      @payload ||= decode_payload
+      raise JWT::DecodeError, 'Verify the token signature before accessing the payload' unless @signature_verified
+      raise JWT::DecodeError, 'Verify the token claims before accessing the payload' unless @claims_verified
+
+      decoded_payload
+    end
+
+    # Returns the payload of the JWT token without requiring the signature to have been verified.
+    # @return [Hash] the payload.
+    def unverified_payload
+      decoded_payload
     end
 
     # Sets or returns the encoded payload of the JWT token.
@@ -72,6 +89,33 @@ module JWT
       [encoded_header, encoded_payload].join('.')
     end
 
+    # Verifies the token signature and claims.
+    # By default it verifies the 'exp' claim.
+    #
+    # @example
+    #  encoded_token.verify!(signature: { algorithm: 'HS256', key: 'secret' }, claims: [:exp])
+    #
+    # @param signature [Hash] the parameters for signature verification (see {#verify_signature!}).
+    # @param claims [Array<Symbol>, Hash] the claims to verify (see {#verify_claims!}).
+    # @return [nil]
+    # @raise [JWT::DecodeError] if the signature or claim verification fails.
+    def verify!(signature:, claims: nil)
+      verify_signature!(**signature)
+      claims.is_a?(Array) ? verify_claims!(*claims) : verify_claims!(claims)
+      nil
+    end
+
+    # Verifies the token signature and claims.
+    # By default it verifies the 'exp' claim.
+
+    # @param signature [Hash] the parameters for signature verification (see {#verify_signature!}).
+    # @param claims [Array<Symbol>, Hash] the claims to verify (see {#verify_claims!}).
+    # @return [Boolean] true if the signature and claims are valid, false otherwise.
+    def valid?(signature:, claims: nil)
+      valid_signature?(**signature) &&
+        (claims.is_a?(Array) ? valid_claims?(*claims) : valid_claims?(claims))
+    end
+
     # Verifies the signature of the JWT token.
     #
     # @param algorithm [String, Array<String>, Object, Array<Object>] the algorithm(s) to use for verification.
@@ -81,11 +125,7 @@ module JWT
     # @raise [JWT::VerificationError] if the signature verification fails.
     # @raise [ArgumentError] if neither key nor key_finder is provided, or if both are provided.
     def verify_signature!(algorithm:, key: nil, key_finder: nil)
-      raise ArgumentError, 'Provide either key or key_finder, not both or neither' if key.nil? == key_finder.nil?
-
-      key ||= key_finder.call(self)
-
-      return if valid_signature?(algorithm: algorithm, key: key)
+      return if valid_signature?(algorithm: algorithm, key: key, key_finder: key_finder)
 
       raise JWT::VerificationError, 'Signature verification failed'
     end
@@ -93,20 +133,59 @@ module JWT
     # Checks if the signature of the JWT token is valid.
     #
     # @param algorithm [String, Array<String>, Object, Array<Object>] the algorithm(s) to use for verification.
-    # @param key [String, Array<String>] the key(s) to use for verification.
+    # @param key [String, Array<String>, JWT::JWK::KeyBase, Array<JWT::JWK::KeyBase>] the key(s) to use for verification.
+    # @param key_finder [#call] an object responding to `call` to find the key for verification.
     # @return [Boolean] true if the signature is valid, false otherwise.
-    def valid_signature?(algorithm:, key:)
-      Array(JWA.resolve_and_sort(algorithms: algorithm, preferred_algorithm: header['alg'])).any? do |algo|
-        Array(key).any? do |one_key|
-          algo.verify(data: signing_input, signature: signature, verification_key: one_key)
-        end
+    def valid_signature?(algorithm: nil, key: nil, key_finder: nil)
+      raise ArgumentError, 'Provide either key or key_finder, not both or neither' if key.nil? == key_finder.nil?
+
+      keys      = Array(key || key_finder.call(self))
+      verifiers = JWA.create_verifiers(algorithms: algorithm, keys: keys, preferred_algorithm: header['alg'])
+
+      raise JWT::VerificationError, 'No algorithm provided' if verifiers.empty?
+
+      valid = verifiers.any? do |jwa|
+        jwa.verify(data: signing_input, signature: signature)
+      end
+      valid.tap { |verified| @signature_verified = verified }
+    end
+
+    # Verifies the claims of the token.
+    # @param options [Array<Symbol>, Hash] the claims to verify. By default, it checks the 'exp' claim.
+    # @raise [JWT::DecodeError] if the claims are invalid.
+    def verify_claims!(*options)
+      Claims::Verifier.verify!(ClaimsContext.new(self), *claims_options(options)).tap do
+        @claims_verified = true
       end
+    rescue StandardError
+      @claims_verified = false
+      raise
+    end
+
+    # Returns the errors of the claims of the token.
+    # @param options [Array<Symbol>, Hash] the claims to verify. By default, it checks the 'exp' claim.
+    # @return [Array<Symbol>] the errors of the claims.
+    def claim_errors(*options)
+      Claims::Verifier.errors(ClaimsContext.new(self), *claims_options(options))
+    end
+
+    # Returns whether the claims of the token are valid.
+    # @param options [Array<Symbol>, Hash] the claims to verify. By default, it checks the 'exp' claim.
+    # @return [Boolean] whether the claims are valid.
+    def valid_claims?(*options)
+      claim_errors(*claims_options(options)).empty?.tap { |verified| @claims_verified = verified }
     end
 
     alias to_s jwt
 
     private
 
+    def claims_options(options)
+      return DEFAULT_CLAIMS if options.first.nil?
+
+      options
+    end
+
     def decode_payload
       raise JWT::DecodeError, 'Encoded payload is empty' if encoded_payload == ''
 
@@ -135,5 +214,9 @@ module JWT
     rescue ::JSON::ParserError
       raise JWT::DecodeError, 'Invalid segment encoding'
     end
+
+    def decoded_payload
+      @decoded_payload ||= decode_payload
+    end
   end
 end

data/lib/jwt/error.rb

@@ -7,9 +7,6 @@ module JWT
   # The DecodeError class is raised when there is an error decoding a JWT.
   class DecodeError < StandardError; end
 
-  # The RequiredDependencyError class is raised when a required dependency is missing.
-  class RequiredDependencyError < StandardError; end
-
   # The VerificationError class is raised when there is an error verifying a JWT.
   class VerificationError < DecodeError; end
 

data/lib/jwt/jwa/ecdsa.rb

@@ -12,14 +12,22 @@ module JWT
       end
 
       def sign(data:, signing_key:)
+        raise_sign_error!("The given key is a #{signing_key.class}. It has to be an OpenSSL::PKey::EC instance") unless signing_key.is_a?(::OpenSSL::PKey::EC)
+        raise_sign_error!('The given key is not a private key') unless signing_key.private?
+
         curve_definition = curve_by_name(signing_key.group.curve_name)
         key_algorithm = curve_definition[:algorithm]
+
         raise IncorrectAlgorithm, "payload algorithm is #{alg} but #{key_algorithm} signing key was provided" if alg != key_algorithm
 
         asn1_to_raw(signing_key.dsa_sign_asn1(OpenSSL::Digest.new(digest).digest(data)), signing_key)
       end
 
       def verify(data:, signature:, verification_key:)
+        verification_key = self.class.create_public_key_from_point(verification_key) if verification_key.is_a?(::OpenSSL::PKey::EC::Point)
+
+        raise_verify_error!("The given key is a #{verification_key.class}. It has to be an OpenSSL::PKey::EC instance") unless verification_key.is_a?(::OpenSSL::PKey::EC)
+
         curve_definition = curve_by_name(verification_key.group.curve_name)
         key_algorithm = curve_definition[:algorithm]
         raise IncorrectAlgorithm, "payload algorithm is #{alg} but #{key_algorithm} verification key was provided" if alg != key_algorithm
@@ -56,16 +64,29 @@ module JWT
         register_algorithm(new(v[:algorithm], v[:digest]))
       end
 
-      def self.from_algorithm(algorithm)
-        new(algorithm, algorithm.downcase.gsub('es', 'sha'))
-      end
-
+      # @api private
       def self.curve_by_name(name)
         NAMED_CURVES.fetch(name) do
           raise UnsupportedEcdsaCurve, "The ECDSA curve '#{name}' is not supported"
         end
       end
 
+      if ::JWT.openssl_3?
+        def self.create_public_key_from_point(point)
+          sequence = OpenSSL::ASN1::Sequence([
+                                               OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(point.group.curve_name)]),
+                                               OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+                                             ])
+          OpenSSL::PKey::EC.new(sequence.to_der)
+        end
+      else
+        def self.create_public_key_from_point(point)
+          OpenSSL::PKey::EC.new(point.group.curve_name).tap do |key|
+            key.public_key = point
+          end
+        end
+      end
+
       private
 
       attr_reader :digest

data/lib/jwt/jwa/hmac.rb

@@ -6,9 +6,14 @@ module JWT
     class Hmac
       include JWT::JWA::SigningAlgorithm
 
-      def self.from_algorithm(algorithm)
-        new(algorithm, OpenSSL::Digest.new(algorithm.downcase.gsub('hs', 'sha')))
-      end
+      # Minimum key lengths for HMAC algorithms based on RFC 7518 Section 3.2.
+      # Keys must be at least the size of the hash output to ensure sufficient
+      # entropy for the algorithm's security level.
+      MIN_KEY_LENGTHS = {
+        'HS256' => 32,
+        'HS384' => 48,
+        'HS512' => 64
+      }.freeze
 
       def initialize(alg, digest)
         @alg = alg
@@ -16,18 +21,17 @@ module JWT
       end
 
       def sign(data:, signing_key:)
-        signing_key ||= ''
-        raise_verify_error!('HMAC key expected to be a String') unless signing_key.is_a?(String)
+        ensure_valid_key!(signing_key)
+        validate_key_length!(signing_key)
 
         OpenSSL::HMAC.digest(digest.new, signing_key, data)
-      rescue OpenSSL::HMACError => e
-        raise_verify_error!('OpenSSL 3.0 does not support nil or empty hmac_secret') if signing_key == '' && e.message == 'EVP_PKEY_new_mac_key: malloc failure'
-
-        raise e
       end
 
       def verify(data:, signature:, verification_key:)
-        SecurityUtils.secure_compare(signature, sign(data: data, signing_key: verification_key))
+        ensure_valid_key!(verification_key)
+        validate_key_length!(verification_key)
+
+        SecurityUtils.secure_compare(signature, OpenSSL::HMAC.digest(digest.new, verification_key, data))
       end
 
       register_algorithm(new('HS256', OpenSSL::Digest::SHA256))
@@ -38,6 +42,20 @@ module JWT
 
       attr_reader :digest
 
+      def ensure_valid_key!(key)
+        raise_verify_error!('HMAC key expected to be a String') unless key.is_a?(String)
+        raise_verify_error!('HMAC key cannot be empty') if key.empty?
+      end
+
+      def validate_key_length!(key)
+        return unless JWT.configuration.decode.enforce_hmac_key_length
+
+        min_length = MIN_KEY_LENGTHS[alg]
+        return if key.bytesize >= min_length
+
+        raise_verify_error!("HMAC key must be at least #{min_length} bytes for #{alg} algorithm")
+      end
+
       # Copy of https://github.com/rails/rails/blob/v7.0.3.1/activesupport/lib/active_support/security_utils.rb
       # rubocop:disable Naming/MethodParameterName, Style/StringLiterals, Style/NumericPredicate
       module SecurityUtils

data/lib/jwt/jwa/ps.rb

@@ -13,6 +13,7 @@ module JWT
 
       def sign(data:, signing_key:)
         raise_sign_error!("The given key is a #{signing_key.class}. It has to be an OpenSSL::PKey::RSA instance.") unless signing_key.is_a?(::OpenSSL::PKey::RSA)
+        raise_sign_error!('The key length must be greater than or equal to 2048 bits') if signing_key.n.num_bits < 2048
 
         signing_key.sign_pss(digest_algorithm, data, salt_length: :digest, mgf1_hash: digest_algorithm)
       end

data/lib/jwt/jwa/rsa.rb

@@ -13,6 +13,7 @@ module JWT
 
       def sign(data:, signing_key:)
         raise_sign_error!("The given key is a #{signing_key.class}. It has to be an OpenSSL::PKey::RSA instance") unless signing_key.is_a?(OpenSSL::PKey::RSA)
+        raise_sign_error!('The key length must be greater than or equal to 2048 bits') if signing_key.n.num_bits < 2048
 
         signing_key.sign(OpenSSL::Digest.new(digest), data)
       end

data/lib/jwt/jwa/signer_context.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    # @api private
+    class SignerContext
+      attr_reader :jwa
+
+      def initialize(jwa:, key:)
+        @jwa = jwa
+        @key = key
+      end
+
+      def sign(*args, **kwargs)
+        @jwa.sign(*args, **kwargs, signing_key: @key)
+      end
+    end
+  end
+end

data/lib/jwt/jwa/signing_algorithm.rb

@@ -14,7 +14,6 @@ module JWT
 
       def self.included(klass)
         klass.extend(ClassMethods)
-        klass.include(JWT::JWA::Compat)
       end
 
       attr_reader :alg