Merge pull request #11 from dinosaure/digestif

Use `digestif` instead of `cryptokit`

jwto.opam

@@ -17,9 +17,9 @@ build: [
 
 depends: [
   "ocaml" {>= "4.05"}
-  "dune" {build}
+  "dune" {>= "1.7"}
   "alcotest" {with-test}
-  "cryptokit" {>= "1.10"}
+  "digestif" {>= "1.0.0"}
   "fmt" {>= "0.8"}
   "yojson" {>= "1.6"}
   "base64" {>= "3.1"}
@@ -28,4 +28,4 @@ depends: [
 ]
 
 synopsis: "JWT encoding, decoding and verification"
-description: "JWT encoding, decoding and verification"
+description: "JWT encoding, decoding and verification"

lib/dune

@@ -3,4 +3,4 @@
  (public_name jwto)
  (preprocess
   (pps ppx_deriving.std))
- (libraries ppx_deriving.std base64 cryptokit re.str yojson fmt))
+ (libraries ppx_deriving.std base64 digestif re.str yojson fmt))

lib/jwto.ml

@@ -33,10 +33,10 @@ type algorithm =
   | Unknown
   [@@deriving show, eq]
 
-let fn_for_algorithm = function
-  | HS256 -> Cryptokit.MAC.hmac_sha256
-  | HS512 -> Cryptokit.MAC.hmac_sha512
-  | Unknown -> Cryptokit.MAC.hmac_sha256
+let fn_for_algorithm alg ~secret str = match alg with
+  | HS256 -> Digestif.SHA256.hmac_string ~key:secret str |> Digestif.SHA256.to_raw_string
+  | HS512 -> Digestif.SHA512.hmac_string ~key:secret str |> Digestif.SHA512.to_raw_string
+  | Unknown -> Digestif.SHA256.hmac_string ~key:secret str |> Digestif.SHA256.to_raw_string
 
 let algorithm_to_string (alg : algorithm) : string =
   match alg with 
@@ -161,13 +161,7 @@ let sign (secret : string) (unsigned_token : unsigned_token) : (string, string)
     fn_for_algorithm unsigned_token.header.alg 
   in
   encode_unsigned unsigned_token
-    |> map_result (fun encoded_token ->
-      (
-        Cryptokit.hash_string
-          (algo_fn secret)
-          encoded_token
-      )
-    ) 
+    |> map_result (fun encoded_token -> algo_fn ~secret encoded_token)
 
 let make_signed_token (secret : string) (unsigned_token : unsigned_token) : (t, string) result =
   sign secret unsigned_token