RubyGems - jwt - Versions diffs - 2.5.0 → 2.8.1 - Mend

jwt 2.5.0 → 2.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +92 -23
data/CONTRIBUTING.md +7 -7
data/README.md +125 -47
data/lib/jwt/base64.rb +16 -2
data/lib/jwt/claims_validator.rb +1 -1
data/lib/jwt/configuration/container.rb +14 -3
data/lib/jwt/decode.rb +41 -24
data/lib/jwt/deprecations.rb +29 -0
data/lib/jwt/encode.rb +23 -19
data/lib/jwt/error.rb +1 -0
data/lib/jwt/{algos → jwa}/ecdsa.rb +19 -7
data/lib/jwt/jwa/eddsa.rb +42 -0
data/lib/jwt/jwa/hmac.rb +75 -0
data/lib/jwt/jwa/hmac_rbnacl.rb +50 -0
data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +46 -0
data/lib/jwt/{algos → jwa}/none.rb +4 -2
data/lib/jwt/jwa/ps.rb +30 -0
data/lib/jwt/jwa/rsa.rb +25 -0
data/lib/jwt/{algos → jwa}/unsupported.rb +1 -1
data/lib/jwt/jwa/wrapper.rb +26 -0
data/lib/jwt/jwa.rb +62 -0
data/lib/jwt/jwk/ec.rb +168 -116
data/lib/jwt/jwk/hmac.rb +64 -28
data/lib/jwt/jwk/key_base.rb +33 -11
data/lib/jwt/jwk/key_finder.rb +19 -35
data/lib/jwt/jwk/okp_rbnacl.rb +110 -0
data/lib/jwt/jwk/rsa.rb +142 -77
data/lib/jwt/jwk/set.rb +80 -0
data/lib/jwt/jwk.rb +14 -11
data/lib/jwt/verify.rb +8 -4
data/lib/jwt/version.rb +20 -3
data/lib/jwt/x5c_key_finder.rb +0 -3
data/lib/jwt.rb +1 -0
data/ruby-jwt.gemspec +11 -4
metadata +35 -27
data/.codeclimate.yml +0 -8
data/.github/workflows/coverage.yml +0 -27
data/.github/workflows/test.yml +0 -67
data/.gitignore +0 -13
data/.reek.yml +0 -22
data/.rspec +0 -2
data/.rubocop.yml +0 -67
data/.sourcelevel.yml +0 -17
data/Appraisals +0 -13
data/Gemfile +0 -7
data/Rakefile +0 -16
data/lib/jwt/algos/eddsa.rb +0 -35
data/lib/jwt/algos/hmac.rb +0 -36
data/lib/jwt/algos/ps.rb +0 -43
data/lib/jwt/algos/rsa.rb +0 -22
data/lib/jwt/algos.rb +0 -44
data/lib/jwt/security_utils.rb +0 -59
data/lib/jwt/signature.rb +0 -35

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.5.0
+  version: 2.8.1
 platform: ruby
 authors:
 - Tim Rudat
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-25 00:00:00.000000000 Z
+date: 2024-02-29 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: reek
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -101,32 +115,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".codeclimate.yml"
-- ".github/workflows/coverage.yml"
-- ".github/workflows/test.yml"
-- ".gitignore"
-- ".reek.yml"
-- ".rspec"
-- ".rubocop.yml"
-- ".sourcelevel.yml"
 - AUTHORS
-- Appraisals
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
-- Gemfile
 - LICENSE
 - README.md
-- Rakefile
 - lib/jwt.rb
-- lib/jwt/algos.rb
-- lib/jwt/algos/ecdsa.rb
-- lib/jwt/algos/eddsa.rb
-- lib/jwt/algos/hmac.rb
-- lib/jwt/algos/none.rb
-- lib/jwt/algos/ps.rb
-- lib/jwt/algos/rsa.rb
-- lib/jwt/algos/unsupported.rb
 - lib/jwt/base64.rb
 - lib/jwt/claims_validator.rb
 - lib/jwt/configuration.rb
@@ -134,19 +129,31 @@ files:
 - lib/jwt/configuration/decode_configuration.rb
 - lib/jwt/configuration/jwk_configuration.rb
 - lib/jwt/decode.rb
+- lib/jwt/deprecations.rb
 - lib/jwt/encode.rb
 - lib/jwt/error.rb
 - lib/jwt/json.rb
+- lib/jwt/jwa.rb
+- lib/jwt/jwa/ecdsa.rb
+- lib/jwt/jwa/eddsa.rb
+- lib/jwt/jwa/hmac.rb
+- lib/jwt/jwa/hmac_rbnacl.rb
+- lib/jwt/jwa/hmac_rbnacl_fixed.rb
+- lib/jwt/jwa/none.rb
+- lib/jwt/jwa/ps.rb
+- lib/jwt/jwa/rsa.rb
+- lib/jwt/jwa/unsupported.rb
+- lib/jwt/jwa/wrapper.rb
 - lib/jwt/jwk.rb
 - lib/jwt/jwk/ec.rb
 - lib/jwt/jwk/hmac.rb
 - lib/jwt/jwk/key_base.rb
 - lib/jwt/jwk/key_finder.rb
 - lib/jwt/jwk/kid_as_key_digest.rb
+- lib/jwt/jwk/okp_rbnacl.rb
 - lib/jwt/jwk/rsa.rb
+- lib/jwt/jwk/set.rb
 - lib/jwt/jwk/thumbprint.rb
-- lib/jwt/security_utils.rb
-- lib/jwt/signature.rb
 - lib/jwt/verify.rb
 - lib/jwt/version.rb
 - lib/jwt/x5c_key_finder.rb
@@ -156,7 +163,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.5.0/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.1/CHANGELOG.md
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -172,7 +180,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.21
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: JSON Web Token implementation in Ruby

data/.codeclimate.yml DELETED Viewed

@@ -1,8 +0,0 @@
-plugins:
-  fixme:
-    enabled: true
-  shellcheck:
-    enabled: true
-  rubocop:
-    enabled: true
-    channel: rubocop-1-23-0

data/.github/workflows/coverage.yml DELETED Viewed

@@ -1,27 +0,0 @@
----
-name: coverage
-on:
-  push:
-    branches:
-      - "master"
-jobs:
- coverage:
-    name: coverage
-    runs-on: ubuntu-20.04
-    env:
-      BUNDLE_GEMFILE: 'gemfiles/rbnacl.gemfile'
-      CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
-    steps:
-      - uses: actions/checkout@v2
-      - name: Install libsodium
-        run: |
-          sudo apt-get update -q
-          sudo apt-get install libsodium-dev -y
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: "2.7"
-          bundler-cache: true
-      - uses: paambaati/codeclimate-action@v3.0.0
-        with:
-          coverageCommand: bundle exec rspec

data/.github/workflows/test.yml DELETED Viewed

@@ -1,67 +0,0 @@
----
-name: test
-on:
-  push:
-    branches:
-      - "*"
-  pull_request:
-    branches:
-      - "*"
-jobs:
-  lint:
-    name: RuboCop
-    timeout-minutes: 30
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: "3.0"
-        bundler-cache: true
-    - name: Run RuboCop
-      run: bundle exec rubocop
-  test:
-    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - ubuntu-20.04
-        ruby:
-          - "2.5"
-          - "2.6"
-          - "2.7"
-          - "3.0"
-          - "3.1"
-        gemfile:
-          - gemfiles/standalone.gemfile
-          - gemfiles/openssl.gemfile
-          - gemfiles/rbnacl.gemfile
-        experimental: [false]
-        include:
-          - { os: ubuntu-20.04, ruby: "2.7", gemfile: 'gemfiles/rbnacl.gemfile', experimental: false }
-          - { os: ubuntu-22.04, ruby: "3.1", experimental: false }
-          - { os: ubuntu-20.04, ruby: "truffleruby-head", experimental: true }
-          - { os: ubuntu-22.04, ruby: "head", experimental: true }
-    continue-on-error: ${{ matrix.experimental }}
-    env:
-      BUNDLE_GEMFILE: ${{ matrix.gemfile }}
-    steps:
-    - uses: actions/checkout@v3
-    - name: Install libsodium
-      run: |
-        sudo apt-get update -q
-        sudo apt-get install libsodium-dev -y
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-        bundler-cache: true
-    - name: Run tests
-      run: bundle exec rspec

data/.gitignore DELETED Viewed

@@ -1,13 +0,0 @@
-.idea/
-jwt.gemspec
-pkg
-Gemfile.lock
-coverage/
-.DS_Store
-.rbenv-gemsets
-.ruby-version
-.vscode/
-.bundle
-*gemfile.lock
-.byebug_history
-*.gem

data/.reek.yml DELETED Viewed

@@ -1,22 +0,0 @@
----
-detectors:
-  TooManyStatements:
-    max_statements: 10
-  UtilityFunction:
-    enabled: false
-  LongParameterList:
-    enabled: false
-  DuplicateMethodCall:
-    max_calls: 2
-  IrresponsibleModule:
-    enabled: false
-  NestedIterators:
-    max_allowed_nesting: 2
-  UnusedParameters:
-    enabled: false
-  FeatureEnvy:
-    enabled: false
-  ControlParameter:
-    enabled: false
-  UnusedPrivateMethod:
-    enabled: false

data/.rspec DELETED Viewed

	@@ -1,2 +0,0 @@
1	- --require spec_helper
2	- --color

data/.rubocop.yml DELETED Viewed

@@ -1,67 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.5
-  NewCops: enable
-  SuggestExtensions: false
-  Exclude:
-    - 'gemfiles/*.gemfile'
-    - 'vendor/**/*'
-Style/Documentation:
-  Enabled: false
-Style/BlockDelimiters:
-  Exclude:
-    - spec/**/*_spec.rb
-Style/GuardClause:
-  Enabled: false
-Style/IfUnlessModifier:
-  Enabled: false
-Style/Lambda:
-  Enabled: false
-Style/RaiseArgs:
-  Enabled: false
-Metrics/AbcSize:
-  Max: 25
-Metrics/ClassLength:
-  Max: 112
-Metrics/ModuleLength:
-  Max: 100
-Metrics/MethodLength:
-  Max: 20
-Metrics/BlockLength:
-  Exclude:
-    - spec/**/*_spec.rb
-Layout/LineLength:
-  Enabled: false
-Layout/EndAlignment:
-  EnforcedStyleAlignWith: variable
-Layout/EmptyLineBetweenDefs:
-  Enabled: true
-  AllowAdjacentOneLineDefs: true
-Style/FormatString:
-  Enabled: false
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-Layout/MultilineOperationIndentation:
-  EnforcedStyle: indented
-Style/WordArray:
-  Enabled: false
-Gemspec/RequireMFA:
-  Enabled: false

data/.sourcelevel.yml DELETED Viewed

@@ -1,17 +0,0 @@
-engines:
-  reek:
-    enabled: true
-  fixme:
-    enabled: true
-  rubocop:
-    enabled: true
-    channel: latest
-  duplication:
-    config:
-      languages:
-      - ruby
-    enabled: true
-  remark-lint:
-    enabled: false
-exclude_paths:
-  - spec

data/Appraisals DELETED Viewed

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-appraise 'standalone' do
-  # No additions
-end
-appraise 'openssl' do
-  gem 'openssl', '~> 2.1'
-end
-appraise 'rbnacl' do
-  gem 'rbnacl'
-end

data/Gemfile DELETED Viewed

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-source 'https://rubygems.org'
-gemspec
-gem 'rubocop', '~> 1.23.0' # Keep .codeclimate.yml channel in sync with this one

data/Rakefile DELETED Viewed

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-require 'bundler/setup'
-require 'bundler/gem_tasks'
-begin
-  require 'rspec/core/rake_task'
-  require 'rubocop/rake_task'
-  RSpec::Core::RakeTask.new(:test)
-  RuboCop::RakeTask.new(:rubocop)
-  task default: %i[rubocop test]
-rescue LoadError
-  puts 'RSpec rake tasks not available. Please run "bundle install" to install missing dependencies.'
-end

data/lib/jwt/algos/eddsa.rb DELETED Viewed

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Algos
-    module Eddsa
-      module_function
-      SUPPORTED = %w[ED25519 EdDSA].freeze
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        if key.class != RbNaCl::Signatures::Ed25519::SigningKey
-          raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey"
-        end
-        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
-          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
-        end
-        key.sign(msg)
-      end
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
-        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
-          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
-        end
-        raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey" if public_key.class != RbNaCl::Signatures::Ed25519::VerifyKey
-        public_key.verify(signature, signing_input)
-      rescue RbNaCl::CryptoError
-        false
-      end
-    end
-  end
-end

data/lib/jwt/algos/hmac.rb DELETED Viewed

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Algos
-    module Hmac
-      module_function
-      SUPPORTED = %w[HS256 HS512256 HS384 HS512].freeze
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        key ||= ''
-        authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, key)
-        if authenticator && padded_key
-          authenticator.auth(padded_key, msg.encode('binary'))
-        else
-          OpenSSL::HMAC.digest(OpenSSL::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
-        end
-      end
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
-        authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, public_key)
-        if authenticator && padded_key
-          begin
-            authenticator.verify(padded_key, signature.encode('binary'), signing_input.encode('binary'))
-          rescue RbNaCl::BadAuthenticatorError
-            false
-          end
-        else
-          SecurityUtils.secure_compare(signature, sign(JWT::Signature::ToSign.new(algorithm, signing_input, public_key)))
-        end
-      end
-    end
-  end
-end

data/lib/jwt/algos/ps.rb DELETED Viewed

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Algos
-    module Ps
-      # RSASSA-PSS signing algorithms
-      module_function
-      SUPPORTED = %w[PS256 PS384 PS512].freeze
-      def sign(to_sign)
-        require_openssl!
-        algorithm, msg, key = to_sign.values
-        key_class = key.class
-        raise EncodeError, "The given key is a #{key_class}. It has to be an OpenSSL::PKey::RSA instance." if key_class == String
-        translated_algorithm = algorithm.sub('PS', 'sha')
-        key.sign_pss(translated_algorithm, msg, salt_length: :digest, mgf1_hash: translated_algorithm)
-      end
-      def verify(to_verify)
-        require_openssl!
-        SecurityUtils.verify_ps(to_verify.algorithm, to_verify.public_key, to_verify.signing_input, to_verify.signature)
-      end
-      def require_openssl!
-        if Object.const_defined?('OpenSSL')
-          if ::Gem::Version.new(OpenSSL::VERSION) < ::Gem::Version.new('2.1')
-            raise JWT::RequiredDependencyError, "You currently have OpenSSL #{OpenSSL::VERSION}. PS support requires >= 2.1"
-          end
-        else
-          raise JWT::RequiredDependencyError, 'PS signing requires OpenSSL +2.1'
-        end
-      end
-    end
-  end
-end

data/lib/jwt/algos/rsa.rb DELETED Viewed

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Algos
-    module Rsa
-      module_function
-      SUPPORTED = %w[RS256 RS384 RS512].freeze
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        raise EncodeError, "The given key is a #{key.class}. It has to be an OpenSSL::PKey::RSA instance." if key.instance_of?(String)
-        key.sign(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), msg)
-      end
-      def verify(to_verify)
-        SecurityUtils.verify_rsa(to_verify.algorithm, to_verify.public_key, to_verify.signing_input, to_verify.signature)
-      end
-    end
-  end
-end

data/lib/jwt/algos.rb DELETED Viewed

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-require 'jwt/algos/hmac'
-require 'jwt/algos/eddsa'
-require 'jwt/algos/ecdsa'
-require 'jwt/algos/rsa'
-require 'jwt/algos/ps'
-require 'jwt/algos/none'
-require 'jwt/algos/unsupported'
-# JWT::Signature module
-module JWT
-  # Signature logic for JWT
-  module Algos
-    extend self
-    ALGOS = [
-      Algos::Hmac,
-      Algos::Ecdsa,
-      Algos::Rsa,
-      Algos::Eddsa,
-      Algos::Ps,
-      Algos::None,
-      Algos::Unsupported
-    ].freeze
-    def find(algorithm)
-      indexed[algorithm && algorithm.downcase]
-    end
-    private
-    def indexed
-      @indexed ||= begin
-        fallback = [Algos::Unsupported, nil]
-        ALGOS.each_with_object(Hash.new(fallback)) do |alg, hash|
-          alg.const_get(:SUPPORTED).each do |code|
-            hash[code.downcase] = [alg, code]
-          end
-        end
-      end
-    end
-  end
-end

data/lib/jwt/security_utils.rb DELETED Viewed

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  # Collection of security methods
-  #
-  # @see: https://github.com/rails/rails/blob/master/activesupport/lib/active_support/security_utils.rb
-  module SecurityUtils
-    module_function
-    def secure_compare(left, right)
-      left_bytesize = left.bytesize
-      return false unless left_bytesize == right.bytesize
-      unpacked_left = left.unpack "C#{left_bytesize}"
-      result = 0
-      right.each_byte { |byte| result |= byte ^ unpacked_left.shift }
-      result.zero?
-    end
-    def verify_rsa(algorithm, public_key, signing_input, signature)
-      public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
-    end
-    def verify_ps(algorithm, public_key, signing_input, signature)
-      formatted_algorithm = algorithm.sub('PS', 'sha')
-      public_key.verify_pss(formatted_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: formatted_algorithm)
-    end
-    def asn1_to_raw(signature, public_key)
-      byte_size = (public_key.group.degree + 7) / 8
-      OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
-    end
-    def raw_to_asn1(signature, private_key)
-      byte_size = (private_key.group.degree + 7) / 8
-      sig_bytes = signature[0..(byte_size - 1)]
-      sig_char = signature[byte_size..-1] || ''
-      OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
-    end
-    def rbnacl_fixup(algorithm, key)
-      algorithm = algorithm.sub('HS', 'SHA').to_sym
-      return [] unless defined?(RbNaCl) && RbNaCl::HMAC.constants(false).include?(algorithm)
-      authenticator = RbNaCl::HMAC.const_get(algorithm)
-      # Fall back to OpenSSL for keys larger than 32 bytes.
-      return [] if key.bytesize > authenticator.key_bytes
-      [
-        authenticator,
-        key.bytes.fill(0, key.bytesize...authenticator.key_bytes).pack('C*')
-      ]
-    end
-  end
-end

data/lib/jwt/signature.rb DELETED Viewed

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-require 'jwt/security_utils'
-require 'openssl'
-require 'jwt/algos'
-begin
-  require 'rbnacl'
-rescue LoadError
-  raise if defined?(RbNaCl)
-end
-# JWT::Signature module
-module JWT
-  # Signature logic for JWT
-  module Signature
-    module_function
-    ToSign = Struct.new(:algorithm, :msg, :key)
-    ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
-    def sign(algorithm, msg, key)
-      algo, code = Algos.find(algorithm)
-      algo.sign ToSign.new(code, msg, key)
-    end
-    def verify(algorithm, key, signing_input, signature)
-      algo, code = Algos.find(algorithm)
-      algo.verify(ToVerify.new(code, key, signing_input, signature))
-    rescue OpenSSL::PKey::PKeyError
-      raise JWT::VerificationError, 'Signature verification raised'
-    ensure
-      OpenSSL.errors.clear
-    end
-  end
-end