RubyGems - jwt - Versions diffs - 2.4.1 → 2.8.1 - Mend

jwt 2.4.1 → 2.8.1

Files changed (60) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +102 -14
data/CONTRIBUTING.md +7 -7
data/README.md +154 -37
data/lib/jwt/base64.rb +33 -0
data/lib/jwt/claims_validator.rb +1 -1
data/lib/jwt/configuration/container.rb +32 -0
data/lib/jwt/configuration/decode_configuration.rb +46 -0
data/lib/jwt/configuration/jwk_configuration.rb +27 -0
data/lib/jwt/configuration.rb +15 -0
data/lib/jwt/decode.rb +44 -29
data/lib/jwt/deprecations.rb +29 -0
data/lib/jwt/encode.rb +24 -20
data/lib/jwt/error.rb +1 -0
data/lib/jwt/{algos → jwa}/ecdsa.rb +19 -7
data/lib/jwt/jwa/eddsa.rb +42 -0
data/lib/jwt/jwa/hmac.rb +75 -0
data/lib/jwt/jwa/hmac_rbnacl.rb +50 -0
data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +46 -0
data/lib/jwt/{algos → jwa}/none.rb +4 -2
data/lib/jwt/jwa/ps.rb +30 -0
data/lib/jwt/jwa/rsa.rb +25 -0
data/lib/jwt/{algos → jwa}/unsupported.rb +1 -1
data/lib/jwt/jwa/wrapper.rb +26 -0
data/lib/jwt/jwa.rb +62 -0
data/lib/jwt/jwk/ec.rb +160 -63
data/lib/jwt/jwk/hmac.rb +69 -24
data/lib/jwt/jwk/key_base.rb +45 -7
data/lib/jwt/jwk/key_finder.rb +19 -35
data/lib/jwt/jwk/kid_as_key_digest.rb +15 -0
data/lib/jwt/jwk/okp_rbnacl.rb +110 -0
data/lib/jwt/jwk/rsa.rb +141 -54
data/lib/jwt/jwk/set.rb +80 -0
data/lib/jwt/jwk/thumbprint.rb +26 -0
data/lib/jwt/jwk.rb +14 -11
data/lib/jwt/verify.rb +8 -4
data/lib/jwt/version.rb +23 -1
data/lib/jwt/x5c_key_finder.rb +1 -4
data/lib/jwt.rb +6 -4
data/ruby-jwt.gemspec +11 -4
metadata +41 -27
data/.codeclimate.yml +0 -8
data/.github/workflows/coverage.yml +0 -27
data/.github/workflows/test.yml +0 -66
data/.gitignore +0 -13
data/.reek.yml +0 -22
data/.rspec +0 -2
data/.rubocop.yml +0 -67
data/.sourcelevel.yml +0 -17
data/Appraisals +0 -13
data/Gemfile +0 -7
data/Rakefile +0 -16
data/lib/jwt/algos/eddsa.rb +0 -33
data/lib/jwt/algos/hmac.rb +0 -36
data/lib/jwt/algos/ps.rb +0 -43
data/lib/jwt/algos/rsa.rb +0 -22
data/lib/jwt/algos.rb +0 -44
data/lib/jwt/default_options.rb +0 -18
data/lib/jwt/security_utils.rb +0 -59
data/lib/jwt/signature.rb +0 -35

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.4.1
+  version: 2.8.1
 platform: ruby
 authors:
 - Tim Rudat
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-07 00:00:00.000000000 Z
+date: 2024-02-29 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: reek
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -101,46 +115,45 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".codeclimate.yml"
-- ".github/workflows/coverage.yml"
-- ".github/workflows/test.yml"
-- ".gitignore"
-- ".reek.yml"
-- ".rspec"
-- ".rubocop.yml"
-- ".sourcelevel.yml"
 - AUTHORS
-- Appraisals
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
-- Gemfile
 - LICENSE
 - README.md
-- Rakefile
 - lib/jwt.rb
-- lib/jwt/algos.rb
-- lib/jwt/algos/ecdsa.rb
-- lib/jwt/algos/eddsa.rb
-- lib/jwt/algos/hmac.rb
-- lib/jwt/algos/none.rb
-- lib/jwt/algos/ps.rb
-- lib/jwt/algos/rsa.rb
-- lib/jwt/algos/unsupported.rb
+- lib/jwt/base64.rb
 - lib/jwt/claims_validator.rb
+- lib/jwt/configuration.rb
+- lib/jwt/configuration/container.rb
+- lib/jwt/configuration/decode_configuration.rb
+- lib/jwt/configuration/jwk_configuration.rb
 - lib/jwt/decode.rb
-- lib/jwt/default_options.rb
+- lib/jwt/deprecations.rb
 - lib/jwt/encode.rb
 - lib/jwt/error.rb
 - lib/jwt/json.rb
+- lib/jwt/jwa.rb
+- lib/jwt/jwa/ecdsa.rb
+- lib/jwt/jwa/eddsa.rb
+- lib/jwt/jwa/hmac.rb
+- lib/jwt/jwa/hmac_rbnacl.rb
+- lib/jwt/jwa/hmac_rbnacl_fixed.rb
+- lib/jwt/jwa/none.rb
+- lib/jwt/jwa/ps.rb
+- lib/jwt/jwa/rsa.rb
+- lib/jwt/jwa/unsupported.rb
+- lib/jwt/jwa/wrapper.rb
 - lib/jwt/jwk.rb
 - lib/jwt/jwk/ec.rb
 - lib/jwt/jwk/hmac.rb
 - lib/jwt/jwk/key_base.rb
 - lib/jwt/jwk/key_finder.rb
+- lib/jwt/jwk/kid_as_key_digest.rb
+- lib/jwt/jwk/okp_rbnacl.rb
 - lib/jwt/jwk/rsa.rb
-- lib/jwt/security_utils.rb
-- lib/jwt/signature.rb
+- lib/jwt/jwk/set.rb
+- lib/jwt/jwk/thumbprint.rb
 - lib/jwt/verify.rb
 - lib/jwt/version.rb
 - lib/jwt/x5c_key_finder.rb
@@ -150,7 +163,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.4.1/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.1/CHANGELOG.md
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:

data/.codeclimate.yml DELETED Viewed

@@ -1,8 +0,0 @@
-plugins:
-  fixme:
-    enabled: true
-  shellcheck:
-    enabled: true
-  rubocop:
-    enabled: true
-    channel: rubocop-1-23-0

data/.github/workflows/coverage.yml DELETED Viewed

@@ -1,27 +0,0 @@
----
-name: coverage
-on:
-  push:
-    branches:
-      - "master"
-jobs:
- coverage:
-    name: coverage
-    runs-on: ubuntu-20.04
-    env:
-      BUNDLE_GEMFILE: 'gemfiles/rbnacl.gemfile'
-      CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
-    steps:
-      - uses: actions/checkout@v2
-      - name: Install libsodium
-        run: |
-          sudo apt-get update -q
-          sudo apt-get install libsodium-dev -y
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: "2.7"
-          bundler-cache: true
-      - uses: paambaati/codeclimate-action@v3.0.0
-        with:
-          coverageCommand: bundle exec rspec

data/.github/workflows/test.yml DELETED Viewed

@@ -1,66 +0,0 @@
----
-name: test
-on:
-  push:
-    branches:
-      - "*"
-  pull_request:
-    branches:
-      - "*"
-jobs:
-  lint:
-    name: RuboCop
-    timeout-minutes: 30
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: "3.0"
-        bundler-cache: true
-    - name: Run RuboCop
-      run: bundle exec rubocop
-  test:
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby:
-          - 2.5
-          - 2.6
-          - 2.7
-          - "3.0"
-          - 3.1
-        gemfile:
-          - gemfiles/standalone.gemfile
-          - gemfiles/openssl.gemfile
-          - gemfiles/rbnacl.gemfile
-        experimental: [false]
-        include:
-          - ruby: 2.7
-            gemfile: 'gemfiles/rbnacl.gemfile'
-          - ruby: "ruby-head"
-            experimental: true
-          - ruby: "truffleruby-head"
-            experimental: true
-    runs-on: ubuntu-20.04
-    continue-on-error: ${{ matrix.experimental }}
-    env:
-      BUNDLE_GEMFILE: ${{ matrix.gemfile }}
-    steps:
-    - uses: actions/checkout@v2
-    - name: Install libsodium
-      run: |
-        sudo apt-get update -q
-        sudo apt-get install libsodium-dev -y
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-        bundler-cache: true
-    - name: Run tests
-      run: bundle exec rspec

data/.gitignore DELETED Viewed

@@ -1,13 +0,0 @@
-.idea/
-jwt.gemspec
-pkg
-Gemfile.lock
-coverage/
-.DS_Store
-.rbenv-gemsets
-.ruby-version
-.vscode/
-.bundle
-*gemfile.lock
-.byebug_history
-*.gem

data/.reek.yml DELETED Viewed

@@ -1,22 +0,0 @@
----
-detectors:
-  TooManyStatements:
-    max_statements: 10
-  UtilityFunction:
-    enabled: false
-  LongParameterList:
-    enabled: false
-  DuplicateMethodCall:
-    max_calls: 2
-  IrresponsibleModule:
-    enabled: false
-  NestedIterators:
-    max_allowed_nesting: 2
-  UnusedParameters:
-    enabled: false
-  FeatureEnvy:
-    enabled: false
-  ControlParameter:
-    enabled: false
-  UnusedPrivateMethod:
-    enabled: false

data/.rspec DELETED Viewed

	@@ -1,2 +0,0 @@
1	- --require spec_helper
2	- --color

data/.rubocop.yml DELETED Viewed

@@ -1,67 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.5
-  NewCops: enable
-  SuggestExtensions: false
-  Exclude:
-    - 'gemfiles/*.gemfile'
-    - 'vendor/**/*'
-Style/Documentation:
-  Enabled: false
-Style/BlockDelimiters:
-  Exclude:
-    - spec/**/*_spec.rb
-Style/GuardClause:
-  Enabled: false
-Style/IfUnlessModifier:
-  Enabled: false
-Style/Lambda:
-  Enabled: false
-Style/RaiseArgs:
-  Enabled: false
-Metrics/AbcSize:
-  Max: 25
-Metrics/ClassLength:
-  Max: 105
-Metrics/ModuleLength:
-  Max: 100
-Metrics/MethodLength:
-  Max: 20
-Metrics/BlockLength:
-  Exclude:
-    - spec/**/*_spec.rb
-Layout/LineLength:
-  Enabled: false
-Layout/EndAlignment:
-  EnforcedStyleAlignWith: variable
-Layout/EmptyLineBetweenDefs:
-  Enabled: true
-  AllowAdjacentOneLineDefs: true
-Style/FormatString:
-  Enabled: false
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-Layout/MultilineOperationIndentation:
-  EnforcedStyle: indented
-Style/WordArray:
-  Enabled: false
-Gemspec/RequireMFA:
-  Enabled: false

data/.sourcelevel.yml DELETED Viewed

@@ -1,17 +0,0 @@
-engines:
-  reek:
-    enabled: true
-  fixme:
-    enabled: true
-  rubocop:
-    enabled: true
-    channel: latest
-  duplication:
-    config:
-      languages:
-      - ruby
-    enabled: true
-  remark-lint:
-    enabled: false
-exclude_paths:
-  - spec

data/Appraisals DELETED Viewed

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-appraise 'standalone' do
-  # No additions
-end
-appraise 'openssl' do
-  gem 'openssl', '~> 2.1'
-end
-appraise 'rbnacl' do
-  gem 'rbnacl'
-end

data/Gemfile DELETED Viewed

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-source 'https://rubygems.org'
-gemspec
-gem 'rubocop', '~> 1.23.0' # Keep .codeclimate.yml channel in sync with this one

data/Rakefile DELETED Viewed

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-require 'bundler/setup'
-require 'bundler/gem_tasks'
-begin
-  require 'rspec/core/rake_task'
-  require 'rubocop/rake_task'
-  RSpec::Core::RakeTask.new(:test)
-  RuboCop::RakeTask.new(:rubocop)
-  task default: %i[rubocop test]
-rescue LoadError
-  puts 'RSpec rake tasks not available. Please run "bundle install" to install missing dependencies.'
-end

data/lib/jwt/algos/eddsa.rb DELETED Viewed

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Algos
-    module Eddsa
-      module_function
-      SUPPORTED = %w[ED25519 EdDSA].freeze
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        if key.class != RbNaCl::Signatures::Ed25519::SigningKey
-          raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey"
-        end
-        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
-          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
-        end
-        key.sign(msg)
-      end
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
-        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
-          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
-        end
-        raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey" if public_key.class != RbNaCl::Signatures::Ed25519::VerifyKey
-        public_key.verify(signature, signing_input)
-      end
-    end
-  end
-end

data/lib/jwt/algos/hmac.rb DELETED Viewed

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Algos
-    module Hmac
-      module_function
-      SUPPORTED = %w[HS256 HS512256 HS384 HS512].freeze
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        key ||= ''
-        authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, key)
-        if authenticator && padded_key
-          authenticator.auth(padded_key, msg.encode('binary'))
-        else
-          OpenSSL::HMAC.digest(OpenSSL::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
-        end
-      end
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
-        authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, public_key)
-        if authenticator && padded_key
-          begin
-            authenticator.verify(padded_key, signature.encode('binary'), signing_input.encode('binary'))
-          rescue RbNaCl::BadAuthenticatorError
-            false
-          end
-        else
-          SecurityUtils.secure_compare(signature, sign(JWT::Signature::ToSign.new(algorithm, signing_input, public_key)))
-        end
-      end
-    end
-  end
-end

data/lib/jwt/algos/ps.rb DELETED Viewed

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Algos
-    module Ps
-      # RSASSA-PSS signing algorithms
-      module_function
-      SUPPORTED = %w[PS256 PS384 PS512].freeze
-      def sign(to_sign)
-        require_openssl!
-        algorithm, msg, key = to_sign.values
-        key_class = key.class
-        raise EncodeError, "The given key is a #{key_class}. It has to be an OpenSSL::PKey::RSA instance." if key_class == String
-        translated_algorithm = algorithm.sub('PS', 'sha')
-        key.sign_pss(translated_algorithm, msg, salt_length: :digest, mgf1_hash: translated_algorithm)
-      end
-      def verify(to_verify)
-        require_openssl!
-        SecurityUtils.verify_ps(to_verify.algorithm, to_verify.public_key, to_verify.signing_input, to_verify.signature)
-      end
-      def require_openssl!
-        if Object.const_defined?('OpenSSL')
-          if ::Gem::Version.new(OpenSSL::VERSION) < ::Gem::Version.new('2.1')
-            raise JWT::RequiredDependencyError, "You currently have OpenSSL #{OpenSSL::VERSION}. PS support requires >= 2.1"
-          end
-        else
-          raise JWT::RequiredDependencyError, 'PS signing requires OpenSSL +2.1'
-        end
-      end
-    end
-  end
-end

data/lib/jwt/algos/rsa.rb DELETED Viewed

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Algos
-    module Rsa
-      module_function
-      SUPPORTED = %w[RS256 RS384 RS512].freeze
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        raise EncodeError, "The given key is a #{key.class}. It has to be an OpenSSL::PKey::RSA instance." if key.instance_of?(String)
-        key.sign(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), msg)
-      end
-      def verify(to_verify)
-        SecurityUtils.verify_rsa(to_verify.algorithm, to_verify.public_key, to_verify.signing_input, to_verify.signature)
-      end
-    end
-  end
-end

data/lib/jwt/algos.rb DELETED Viewed

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-require 'jwt/algos/hmac'
-require 'jwt/algos/eddsa'
-require 'jwt/algos/ecdsa'
-require 'jwt/algos/rsa'
-require 'jwt/algos/ps'
-require 'jwt/algos/none'
-require 'jwt/algos/unsupported'
-# JWT::Signature module
-module JWT
-  # Signature logic for JWT
-  module Algos
-    extend self
-    ALGOS = [
-      Algos::Hmac,
-      Algos::Ecdsa,
-      Algos::Rsa,
-      Algos::Eddsa,
-      Algos::Ps,
-      Algos::None,
-      Algos::Unsupported
-    ].freeze
-    def find(algorithm)
-      indexed[algorithm && algorithm.downcase]
-    end
-    private
-    def indexed
-      @indexed ||= begin
-        fallback = [Algos::Unsupported, nil]
-        ALGOS.each_with_object(Hash.new(fallback)) do |alg, hash|
-          alg.const_get(:SUPPORTED).each do |code|
-            hash[code.downcase] = [alg, code]
-          end
-        end
-      end
-    end
-  end
-end

data/lib/jwt/default_options.rb DELETED Viewed

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module DefaultOptions
-    DEFAULT_OPTIONS = {
-      verify_expiration: true,
-      verify_not_before: true,
-      verify_iss: false,
-      verify_iat: false,
-      verify_jti: false,
-      verify_aud: false,
-      verify_sub: false,
-      leeway: 0,
-      algorithms: ['HS256'],
-      required_claims: []
-    }.freeze
-  end
-end

data/lib/jwt/security_utils.rb DELETED Viewed

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  # Collection of security methods
-  #
-  # @see: https://github.com/rails/rails/blob/master/activesupport/lib/active_support/security_utils.rb
-  module SecurityUtils
-    module_function
-    def secure_compare(left, right)
-      left_bytesize = left.bytesize
-      return false unless left_bytesize == right.bytesize
-      unpacked_left = left.unpack "C#{left_bytesize}"
-      result = 0
-      right.each_byte { |byte| result |= byte ^ unpacked_left.shift }
-      result.zero?
-    end
-    def verify_rsa(algorithm, public_key, signing_input, signature)
-      public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
-    end
-    def verify_ps(algorithm, public_key, signing_input, signature)
-      formatted_algorithm = algorithm.sub('PS', 'sha')
-      public_key.verify_pss(formatted_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: formatted_algorithm)
-    end
-    def asn1_to_raw(signature, public_key)
-      byte_size = (public_key.group.degree + 7) / 8
-      OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
-    end
-    def raw_to_asn1(signature, private_key)
-      byte_size = (private_key.group.degree + 7) / 8
-      sig_bytes = signature[0..(byte_size - 1)]
-      sig_char = signature[byte_size..-1] || ''
-      OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
-    end
-    def rbnacl_fixup(algorithm, key)
-      algorithm = algorithm.sub('HS', 'SHA').to_sym
-      return [] unless defined?(RbNaCl) && RbNaCl::HMAC.constants(false).include?(algorithm)
-      authenticator = RbNaCl::HMAC.const_get(algorithm)
-      # Fall back to OpenSSL for keys larger than 32 bytes.
-      return [] if key.bytesize > authenticator.key_bytes
-      [
-        authenticator,
-        key.bytes.fill(0, key.bytesize...authenticator.key_bytes).pack('C*')
-      ]
-    end
-  end
-end

data/lib/jwt/signature.rb DELETED Viewed

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-require 'jwt/security_utils'
-require 'openssl'
-require 'jwt/algos'
-begin
-  require 'rbnacl'
-rescue LoadError
-  raise if defined?(RbNaCl)
-end
-# JWT::Signature module
-module JWT
-  # Signature logic for JWT
-  module Signature
-    module_function
-    ToSign = Struct.new(:algorithm, :msg, :key)
-    ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
-    def sign(algorithm, msg, key)
-      algo, code = Algos.find(algorithm)
-      algo.sign ToSign.new(code, msg, key)
-    end
-    def verify(algorithm, key, signing_input, signature)
-      algo, code = Algos.find(algorithm)
-      algo.verify(ToVerify.new(code, key, signing_input, signature))
-    rescue OpenSSL::PKey::PKeyError
-      raise JWT::VerificationError, 'Signature verification raised'
-    ensure
-      OpenSSL.errors.clear
-    end
-  end
-end