add RS256 support

README.md

@@ -3,8 +3,8 @@ JSON Web Token library for Godot Engine written in GDScript
 
 ## Create JWT
 ```gdscript
-var secret: String = "<your secret token>"
-var jwt_algorithm: JWTAlgorithm = JWTAlgorithm.new(HashingContext.HASH_SHA256, secret)
+var secret: String = JWTAlgorithmBuilder.random_secret(5)
+var jwt_algorithm: JWTAlgorithm = JWTAlgorithmBuilder.HS256(secret)
 var jwt_builder: JWTBuilder = JWT.create() \
 .with_expires_at(OS.get_unix_time()) \
 .with_issuer("Godot") \
@@ -26,7 +26,7 @@ print(JWTUtils.base64URL_decode(jwt_decoder.get_payload()))
 ```gdscript
 var jwt: String = "<a jwt>"
 var secret: String = "<your secret token>"
-var jwt_algorithm: JWTAlgorithm = JWTAlgorithm.new(HashingContext.HASH_SHA256, secret)
+var jwt_algorithm: JWTAlgorithm = JWTAlgorithmBuilder.HS256(secret)
 var jwt_verifier: JWTVerifier = JWT.require(jwt_algorithm) \
 .with_claim("my-claim","my-value") \
 .build() # Reusable Verifier
@@ -40,4 +40,9 @@ else:
 ```gdscript
 JWTUtils.base64URL_encode(bytes: PoolByteArray) -> String
 JWTUtils.base64URL_decode(string: String) -> String
-```
+```
+
+#### Supported Algorithms
+- [x] HS1 (HMAC with SHA1)
+- [x] HS256 (HMAC with SHA256)
+- [x] RS256 (RSA with SHA256)

addons/jwt/plugin.cfg

@@ -3,5 +3,5 @@
 name="JWT"
 description=""
 author="Nicolò (fenix-hub) Santilio"
-version="1.4"
+version="1.5"
 script="plugin.gd"

addons/jwt/src/JWT.gd

@@ -1,8 +1,8 @@
 extends Reference
 class_name JWT
 
-static func create() -> JWTBuilder:
-    return JWTBuilder.new()
+static func create(algorithm: JWTAlgorithm = null, header_claims: Dictionary = {}, payload_claims: Dictionary = {}) -> JWTBuilder:
+    return JWTBuilder.new(algorithm, header_claims, payload_claims)
 
 static func decode(jwt: String) -> JWTDecoder:
     return JWTDecoder.new(jwt)

addons/jwt/src/JWTAlgorithm.gd

@@ -1,34 +1,44 @@
 extends Reference
 class_name JWTAlgorithm
 
+enum Type {
+    HMAC1,
+    HMAC256,
+    RSA256
+}
+
 var _hash: int = -1
 var _secret: String = ""
-var _name: String = ""
 
 var crypto: Crypto = Crypto.new()
-
-func _init(hashing: int = -1, secret: String = ""):
-    self._hash = hashing
-    self._secret = secret
-    self._name = return_name(self._hash)
-
-func return_name(hashing: int) -> String:
-    match hashing:
-        HashingContext.HASH_SHA256: return "HS256"
-    return ""
-
-func HMAC256(secret: String) -> JWTAlgorithm:
-    self._hash = HashingContext.HASH_SHA256
-    self._secret = secret
-    self._name = "HS256"
-    return self
+var _public_crypto: CryptoKey = CryptoKey.new()
+var _private_crypto: CryptoKey = CryptoKey.new()
 
 func get_name() -> String:
-    return _name
+    match _hash:
+        Type.HMAC1: return "HSA1"
+        Type.HMAC256: return "HSA256"
+        Type.RSA256: return "RSA256"
+        _: return ""
+
+func sign(text: String) -> PoolByteArray:
+    var signature_bytes: PoolByteArray = []
+    match self._hash:
+        Type.HMAC1:
+            signature_bytes = self.crypto.hmac_digest(HashingContext.HASH_SHA1, self._secret.to_utf8(), text.to_utf8())
+        Type.HMAC256:
+            signature_bytes = self.crypto.hmac_digest(HashingContext.HASH_SHA256, self._secret.to_utf8(), text.to_utf8())
+        Type.RSA256:
+            signature_bytes = self.crypto.encrypt(self._private_crypto, text.to_utf8())
+    return signature_bytes
 
 func verify(jwt: JWTDecoder) -> bool:
     var signature_bytes: PoolByteArray = []
     match self._hash:
-        HashingContext.HASH_SHA256:
-                signature_bytes = crypto.hmac_digest(self._hash, self._secret.to_utf8(), (jwt.parts[0]+"."+jwt.parts[1]).to_utf8())
+        Type.HMAC1:
+            signature_bytes = crypto.hmac_digest(HashingContext.HASH_SHA1, self._secret.to_utf8(), (jwt.parts[0]+"."+jwt.parts[1]).to_utf8())
+        Type.HMAC256:
+            signature_bytes = crypto.hmac_digest(HashingContext.HASH_SHA256, self._secret.to_utf8(), (jwt.parts[0]+"."+jwt.parts[1]).to_utf8())
+        Type.RSA256:
+            signature_bytes = self.crypto.decrypt(self._public_crypto, (jwt.parts[0]+"."+jwt.parts[1]).to_utf8())
     return jwt.parts[2] == JWTUtils.base64URL_encode(signature_bytes)

addons/jwt/src/JWTAlgorithmBuilder.gd

@@ -0,0 +1,29 @@
+extends Reference
+class_name JWTAlgorithmBuilder
+
+static func random_secret(length: int = 10) -> String:
+    return Crypto.new().generate_random_bytes(10).get_string_from_utf8()
+
+static func HSA1(secret: String) -> JWTAlgorithm:
+    var algorithm: JWTAlgorithm = JWTAlgorithm.new()
+    algorithm._secret = secret
+    algorithm._hash = JWTAlgorithm.Type.HMAC1
+    return algorithm
+
+static func HSA256(secret: String) -> JWTAlgorithm:
+    var algorithm: JWTAlgorithm = JWTAlgorithm.new()
+    algorithm._secret = secret
+    algorithm._hash = JWTAlgorithm.Type.HMAC256
+    return algorithm
+
+static func RSA256(public_key: CryptoKey, private_key: CryptoKey) -> JWTAlgorithm:
+    var algorithm: JWTAlgorithm = JWTAlgorithm.new()
+    algorithm._public_crypto = public_key
+    algorithm._private_crypto = private_key
+    return algorithm
+
+static func sign(text: String, algorithm: JWTAlgorithm) -> PoolByteArray:
+    return algorithm.sign(text)
+
+static func verify(jwt: JWTDecoder, algorithm: JWTAlgorithm) -> bool:
+    return algorithm.verify(jwt)

addons/jwt/src/JWTBaseBuilder.gd

@@ -1,7 +1,6 @@
 extends Reference
 class_name JWTBaseBuilder
 
-
 func with_header(header_claims: Dictionary) -> JWTBaseBuilder:
     self.header_claims = header_claims
     return self

addons/jwt/src/JWTBuilder.gd

@@ -36,6 +36,6 @@ func sign(algorithm: JWTAlgorithm = null) -> String:
     with_algorithm(algorithm.get_name())
     var header: String = JWTUtils.base64URL_encode(JSON.print(self.header_claims).to_utf8())
     var payload: String = JWTUtils.base64URL_encode(JSON.print(self.payload_claims).to_utf8())
-    var signature_bytes: PoolByteArray = crypto.hmac_digest(self.algorithm._hash, self.algorithm._secret.to_utf8(), (header+"."+payload).to_utf8())
+    var signature_bytes: PoolByteArray = algorithm.sign(header+"."+payload)
     var signature: String = JWTUtils.base64URL_encode(signature_bytes)
     return "%s.%s.%s" % [header, payload, signature]