kylef
diff --git a/‎JWT.podspec
Lines changed: 1 addition & 0 deletions b/‎JWT.podspec
Lines changed: 1 addition & 0 deletions
diff --git a/‎JWT.xcodeproj/project.pbxproj
Lines changed: 135 additions & 0 deletions b/‎JWT.xcodeproj/project.pbxproj
Lines changed: 135 additions & 0 deletions
diff --git a/‎JWT.xcworkspace/contents.xcworkspacedata
Lines changed: 10 additions & 0 deletions b/‎JWT.xcworkspace/contents.xcworkspacedata
Lines changed: 10 additions & 0 deletions
diff --git a/‎JWT/JWT.swift
Lines changed: 39 additions & 3 deletions b/‎JWT/JWT.swift
Lines changed: 39 additions & 3 deletions
@@ -11,5 +11,6 @@ Pod::Spec.new do |spec|
   spec.ios.deployment_target = '8.0'
   spec.osx.deployment_target = '10.9'
   spec.requires_arc = true
+  spec.dependency 'CryptoSwift', '~> 0.0.8'
 end
 
@@ -11,6 +11,8 @@
 		279D63A81AD07FFF0024E2BC /* JWT.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 279D639C1AD07FFF0024E2BC /* JWT.framework */; };
 		279D63AF1AD07FFF0024E2BC /* JWTTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 279D63AE1AD07FFF0024E2BC /* JWTTests.swift */; };
 		279D63B91AD0803F0024E2BC /* JWT.swift in Sources */ = {isa = PBXBuildFile; fileRef = 279D63B81AD0803F0024E2BC /* JWT.swift */; };
+		885619E9E1C342A9D8BD77B7 /* Pods_JWT.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 540942F3614C41E3827F2013 /* Pods_JWT.framework */; settings = {ATTRIBUTES = (Weak, ); }; };
+		EBEC5851F5183DF2D7BFE1AF /* Pods_JWTTests.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CE8198B6E30BA6B8F8125FA7 /* Pods_JWTTests.framework */; settings = {ATTRIBUTES = (Weak, ); }; };
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
@@ -31,13 +33,20 @@
 		279D63AD1AD07FFF0024E2BC /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		279D63AE1AD07FFF0024E2BC /* JWTTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = JWTTests.swift; sourceTree = "<group>"; };
 		279D63B81AD0803F0024E2BC /* JWT.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = JWT.swift; sourceTree = "<group>"; };
+		3BD8D638895FE8AF4FDDA8A9 /* Pods-JWTTests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-JWTTests.debug.xcconfig"; path = "Pods/Target Support Files/Pods-JWTTests/Pods-JWTTests.debug.xcconfig"; sourceTree = "<group>"; };
+		540942F3614C41E3827F2013 /* Pods_JWT.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_JWT.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+		56671E3EAC540766DE31974E /* Pods-JWT.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-JWT.release.xcconfig"; path = "Pods/Target Support Files/Pods-JWT/Pods-JWT.release.xcconfig"; sourceTree = "<group>"; };
+		85B0E9B465B3B29391C19D14 /* Pods-JWTTests.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-JWTTests.release.xcconfig"; path = "Pods/Target Support Files/Pods-JWTTests/Pods-JWTTests.release.xcconfig"; sourceTree = "<group>"; };
+		8CDC721EB1EAFD72E8CCF46E /* Pods-JWT.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-JWT.debug.xcconfig"; path = "Pods/Target Support Files/Pods-JWT/Pods-JWT.debug.xcconfig"; sourceTree = "<group>"; };
+		CE8198B6E30BA6B8F8125FA7 /* Pods_JWTTests.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_JWTTests.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
 		279D63981AD07FFF0024E2BC /* Frameworks */ = {
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				885619E9E1C342A9D8BD77B7 /* Pods_JWT.framework in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -46,6 +55,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				279D63A81AD07FFF0024E2BC /* JWT.framework in Frameworks */,
+				EBEC5851F5183DF2D7BFE1AF /* Pods_JWTTests.framework in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -58,6 +68,8 @@
 				279D639E1AD07FFF0024E2BC /* JWT */,
 				279D63AB1AD07FFF0024E2BC /* JWTTests */,
 				279D639D1AD07FFF0024E2BC /* Products */,
+				378492BA2DE66F2F8E379F49 /* Pods */,
+				AC8AE547FDAF3DD80EB4DB2F /* Frameworks */,
 			);
 			indentWidth = 2;
 			sourceTree = "<group>";
@@ -107,6 +119,26 @@
 			name = "Supporting Files";
 			sourceTree = "<group>";
 		};
+		378492BA2DE66F2F8E379F49 /* Pods */ = {
+			isa = PBXGroup;
+			children = (
+				8CDC721EB1EAFD72E8CCF46E /* Pods-JWT.debug.xcconfig */,
+				56671E3EAC540766DE31974E /* Pods-JWT.release.xcconfig */,
+				3BD8D638895FE8AF4FDDA8A9 /* Pods-JWTTests.debug.xcconfig */,
+				85B0E9B465B3B29391C19D14 /* Pods-JWTTests.release.xcconfig */,
+			);
+			name = Pods;
+			sourceTree = "<group>";
+		};
+		AC8AE547FDAF3DD80EB4DB2F /* Frameworks */ = {
+			isa = PBXGroup;
+			children = (
+				540942F3614C41E3827F2013 /* Pods_JWT.framework */,
+				CE8198B6E30BA6B8F8125FA7 /* Pods_JWTTests.framework */,
+			);
+			name = Frameworks;
+			sourceTree = "<group>";
+		};
 /* End PBXGroup section */
 
 /* Begin PBXHeadersBuildPhase section */
@@ -125,10 +157,13 @@
 			isa = PBXNativeTarget;
 			buildConfigurationList = 279D63B21AD07FFF0024E2BC /* Build configuration list for PBXNativeTarget "JWT" */;
 			buildPhases = (
+				4B9936F743EA727EA58353BD /* Check Pods Manifest.lock */,
 				279D63971AD07FFF0024E2BC /* Sources */,
 				279D63981AD07FFF0024E2BC /* Frameworks */,
 				279D63991AD07FFF0024E2BC /* Headers */,
 				279D639A1AD07FFF0024E2BC /* Resources */,
+				842FB8EA008161B653B5AD81 /* Embed Pods Frameworks */,
+				6D3D4069FD3A7DC06168A6A2 /* Copy Pods Resources */,
 			);
 			buildRules = (
 			);
@@ -143,9 +178,12 @@
 			isa = PBXNativeTarget;
 			buildConfigurationList = 279D63B51AD07FFF0024E2BC /* Build configuration list for PBXNativeTarget "JWTTests" */;
 			buildPhases = (
+				7DCEFCF83F6CF372A33D5219 /* Check Pods Manifest.lock */,
 				279D63A31AD07FFF0024E2BC /* Sources */,
 				279D63A41AD07FFF0024E2BC /* Frameworks */,
 				279D63A51AD07FFF0024E2BC /* Resources */,
+				E68E26141F4DF11E3638A2F0 /* Embed Pods Frameworks */,
+				F7C4974401B24623F6907649 /* Copy Pods Resources */,
 			);
 			buildRules = (
 			);
@@ -209,6 +247,99 @@
 		};
 /* End PBXResourcesBuildPhase section */
 
+/* Begin PBXShellScriptBuildPhase section */
+		4B9936F743EA727EA58353BD /* Check Pods Manifest.lock */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			name = "Check Pods Manifest.lock";
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "diff \"${PODS_ROOT}/../Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [[ $? != 0 ]] ; then\n    cat << EOM\nerror: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\nEOM\n    exit 1\nfi\n";
+			showEnvVarsInLog = 0;
+		};
+		6D3D4069FD3A7DC06168A6A2 /* Copy Pods Resources */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			name = "Copy Pods Resources";
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "\"${SRCROOT}/Pods/Target Support Files/Pods-JWT/Pods-JWT-resources.sh\"\n";
+			showEnvVarsInLog = 0;
+		};
+		7DCEFCF83F6CF372A33D5219 /* Check Pods Manifest.lock */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			name = "Check Pods Manifest.lock";
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "diff \"${PODS_ROOT}/../Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [[ $? != 0 ]] ; then\n    cat << EOM\nerror: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\nEOM\n    exit 1\nfi\n";
+			showEnvVarsInLog = 0;
+		};
+		842FB8EA008161B653B5AD81 /* Embed Pods Frameworks */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			name = "Embed Pods Frameworks";
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "\"${SRCROOT}/Pods/Target Support Files/Pods-JWT/Pods-JWT-frameworks.sh\"\n";
+			showEnvVarsInLog = 0;
+		};
+		E68E26141F4DF11E3638A2F0 /* Embed Pods Frameworks */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			name = "Embed Pods Frameworks";
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "\"${SRCROOT}/Pods/Target Support Files/Pods-JWTTests/Pods-JWTTests-frameworks.sh\"\n";
+			showEnvVarsInLog = 0;
+		};
+		F7C4974401B24623F6907649 /* Copy Pods Resources */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			name = "Copy Pods Resources";
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "\"${SRCROOT}/Pods/Target Support Files/Pods-JWTTests/Pods-JWTTests-resources.sh\"\n";
+			showEnvVarsInLog = 0;
+		};
+/* End PBXShellScriptBuildPhase section */
+
 /* Begin PBXSourcesBuildPhase section */
 		279D63971AD07FFF0024E2BC /* Sources */ = {
 			isa = PBXSourcesBuildPhase;
@@ -320,6 +451,7 @@
 		};
 		279D63B31AD07FFF0024E2BC /* Debug */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReference = 8CDC721EB1EAFD72E8CCF46E /* Pods-JWT.debug.xcconfig */;
 			buildSettings = {
 				CLANG_ENABLE_MODULES = YES;
 				COMBINE_HIDPI_IMAGES = YES;
@@ -339,6 +471,7 @@
 		};
 		279D63B41AD07FFF0024E2BC /* Release */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReference = 56671E3EAC540766DE31974E /* Pods-JWT.release.xcconfig */;
 			buildSettings = {
 				CLANG_ENABLE_MODULES = YES;
 				COMBINE_HIDPI_IMAGES = YES;
@@ -357,6 +490,7 @@
 		};
 		279D63B61AD07FFF0024E2BC /* Debug */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReference = 3BD8D638895FE8AF4FDDA8A9 /* Pods-JWTTests.debug.xcconfig */;
 			buildSettings = {
 				COMBINE_HIDPI_IMAGES = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -375,6 +509,7 @@
 		};
 		279D63B71AD07FFF0024E2BC /* Release */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReference = 85B0E9B465B3B29391C19D14 /* Pods-JWTTests.release.xcconfig */;
 			buildSettings = {
 				COMBINE_HIDPI_IMAGES = YES;
 				FRAMEWORK_SEARCH_PATHS = (
 
@@ -1,4 +1,5 @@
 import Foundation
+import CryptoSwift
 
 public typealias Payload = [String:AnyObject]
 
@@ -10,6 +11,9 @@ public enum InvalidToken : Printable {
   case InvalidIssuedAt
   case InvalidAudience
 
+  case InvalidAlgorithm
+  case InvalidKey
+
   public var description:String {
     switch self {
       case .DecodeError(let error):
@@ -24,6 +28,10 @@ public enum InvalidToken : Printable {
         return "Issued at claim (iat) is in the future"
       case InvalidAudience:
         return "Invalid Audience"
+      case InvalidAlgorithm:
+        return "Unsupported Algorithm"
+      case InvalidKey:
+        return "Invalid Key"
     }
   }
 }
@@ -35,11 +43,11 @@ public enum DecodeResult {
 
 
 /// Decode a JWT
-public func decode(jwt:String, verify:Bool = true, audience:String? = nil, issuer:String? = nil) -> DecodeResult {
+public func decode(jwt:String, key:String? = nil, verify:Bool = true, audience:String? = nil, issuer:String? = nil) -> DecodeResult {
   switch load(jwt) {
     case let .Success(header, payload, signature, signatureInput):
       if verify {
-        if let failure = validateClaims(payload, audience, issuer) {
+        if let failure = validateClaims(payload, audience, issuer) ?? verifySignature(header, signatureInput, signature, key) {
           return .Failure(failure)
         }
       }
@@ -112,7 +120,35 @@ func load(jwt:String) -> LoadResult {
   return .Success(header:header!, payload:payload!, signature:signature!, signatureInput:signatureInput)
 }
 
-// MARK: Validation
+// MARK: Signature Verification
+
+func verifySignature(header:Payload, signingInput:String, signature:NSData, key:String?) -> InvalidToken? {
+  if let alg = header["alg"] as? String {
+    switch alg {
+      case "none":
+        return nil
+      case "HS256":
+        if let key = key?.dataUsingEncoding(NSUTF8StringEncoding, allowLossyConversion: false) {
+          let mac = Authenticator.HMAC(key: key, variant:.sha256)
+          let result = mac.authenticate(signingInput.dataUsingEncoding(NSUTF8StringEncoding, allowLossyConversion: false)!)
+          if result! == signature {
+            return nil
+          } else {
+            return .DecodeError("Signature verification failed")
+          }
+        }
+        break
+      default:
+        break
+    }
+
+    return .InvalidAlgorithm
+  }
+
+  return .DecodeError("Missing Algorithm")
+}
+
+// MARK: Claim Validation
 
 func validateAudience(payload:Payload, audience:String?) -> InvalidToken? {
   if let audience = audience {