golang-jwt · dillonstreator · Oct 12, 2022
diff --git a/hmac.go b/hmac.go
@@ -48,9 +48,9 @@ func (m *SigningMethodHMAC) Alg() string {
 // Verify implements token verification for the SigningMethod. Returns nil if the signature is valid.
 func (m *SigningMethodHMAC) Verify(signingString, signature string, key interface{}) error {
 	// Verify the key is the right type
-	keyBytes, ok := key.([]byte)
-	if !ok {
-		return ErrInvalidKeyType
+	keyBytes, err := m.keyBytesFrom(key)
+	if err != nil {
+		return err
 	}
 
 	// Decode signature, for comparison
@@ -80,16 +80,28 @@ func (m *SigningMethodHMAC) Verify(signingString, signature string, key interfac
 // Sign implements token signing for the SigningMethod.
 // Key must be []byte
 func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) (string, error) {
-	if keyBytes, ok := key.([]byte); ok {
-		if !m.Hash.Available() {
-			return "", ErrHashUnavailable
-		}
-
-		hasher := hmac.New(m.Hash.New, keyBytes)
-		hasher.Write([]byte(signingString))
+	keyBytes, err := m.keyBytesFrom(key)
+	if err != nil {
+		return "", err
+	}
 
-		return EncodeSegment(hasher.Sum(nil)), nil
+	if !m.Hash.Available() {
+		return "", ErrHashUnavailable
 	}
 
-	return "", ErrInvalidKeyType
+	hasher := hmac.New(m.Hash.New, keyBytes)
+	hasher.Write([]byte(signingString))
+
+	return EncodeSegment(hasher.Sum(nil)), nil
+}
+
+func (m *SigningMethodHMAC) keyBytesFrom(value interface{}) ([]byte, error) {
+	switch v := value.(type) {
+	case []byte:
+		return v, nil
+	case string:
+		return []byte(v), nil
+	default:
+		return nil, ErrInvalidKeyType
+	}
 }
diff --git a/hmac_test.go b/hmac_test.go
@@ -48,17 +48,21 @@ var hmacTestData = []struct {
 // Sample data from http://tools.ietf.org/html/draft-jones-json-web-signature-04#appendix-A.1
 var hmacTestKey, _ = os.ReadFile("test/hmacTestKey")
 
+var hmacTestKeyString = string(hmacTestKey)
+
 func TestHMACVerify(t *testing.T) {
 	for _, data := range hmacTestData {
 		parts := strings.Split(data.tokenString, ".")
 
 		method := jwt.GetSigningMethod(data.alg)
-		err := method.Verify(strings.Join(parts[0:2], "."), parts[2], hmacTestKey)
-		if data.valid && err != nil {
-			t.Errorf("[%v] Error while verifying key: %v", data.name, err)
-		}
-		if !data.valid && err == nil {
-			t.Errorf("[%v] Invalid key passed validation", data.name)
+		for _, hmacTestKey := range []interface{}{hmacTestKey, hmacTestKeyString} {
+			err := method.Verify(strings.Join(parts[0:2], "."), parts[2], hmacTestKey)
+			if data.valid && err != nil {
+				t.Errorf("[%v] Error while verifying key: %v", data.name, err)
+			}
+			if !data.valid && err == nil {
+				t.Errorf("[%v] Invalid key passed validation", data.name)
+			}
 		}
 	}
 }
@@ -68,12 +72,14 @@ func TestHMACSign(t *testing.T) {
 		if data.valid {
 			parts := strings.Split(data.tokenString, ".")
 			method := jwt.GetSigningMethod(data.alg)
-			sig, err := method.Sign(strings.Join(parts[0:2], "."), hmacTestKey)
-			if err != nil {
-				t.Errorf("[%v] Error signing token: %v", data.name, err)
-			}
-			if sig != parts[2] {
-				t.Errorf("[%v] Incorrect signature.\nwas:\n%v\nexpecting:\n%v", data.name, sig, parts[2])
+			for _, hmacTestKey := range []interface{}{hmacTestKey, hmacTestKeyString} {
+				sig, err := method.Sign(strings.Join(parts[0:2], "."), hmacTestKey)
+				if err != nil {
+					t.Errorf("[%v] Error signing token: %v", data.name, err)
+				}
+				if sig != parts[2] {
+					t.Errorf("[%v] Incorrect signature.\nwas:\n%v\nexpecting:\n%v", data.name, sig, parts[2])
+				}
 			}
 		}
 	}