added RS512 support (#48)

SkyLothar · Oct 12, 2016 · 6de9289 · 6de9289
1 parent 165f8f7
commit 6de9289
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/lib/resty/jwt.lua b/lib/resty/jwt.lua
@@ -57,6 +57,7 @@ local str_const = {
   HS256 = "HS256",
   HS512 = "HS512",
   RS256 = "RS256",
+  RS512 = "RS512",
   A128CBC_HS256 = "A128CBC-HS256",
   A256CBC_HS512 = "A256CBC-HS512",
   DIR = "dir",
@@ -747,7 +748,7 @@ function _M.verify_jwt_obj(self, secret, jwt_obj, ...)
       -- signature check
       jwt_obj[str_const.reason] = "signature mismatch: " .. jwt_obj[str_const.signature]
     end
-  elseif alg == str_const.RS256 then
+  elseif alg == str_const.RS256 or alg == str_const.RS512 then
     local cert, err
     if self.trusted_certs_file ~= nil then
       local cert_str = extract_certificate(jwt_obj, self.x5u_content_retriever)
@@ -799,7 +800,11 @@ function _M.verify_jwt_obj(self, secret, jwt_obj, ...)
       return jwt_obj
     end
 
-    local verified, err = verifier:verify(message, sig, evp.CONST.SHA256_DIGEST)
+    if alg == str_const.RS256 then
+      local verified, err = verifier:verify(message, sig, evp.CONST.SHA256_DIGEST)
+    elseif alg == str_const.RS512 then
+      local verified, err = verifier:verify(message, sig, evp.CONST.SHA512_DIGEST)
+    end
     if not verified then
       jwt_obj[str_const.reason] = err
     end