From 87cad68c189e01dc346a8c5ce781acfb4241e088 Mon Sep 17 00:00:00 2001
From: paweldomas <pawel.domas@jitsi.org>
Date: Fri, 29 Jul 2016 16:13:37 -0500
Subject: [PATCH 1/2] Add RS256 support

---
 luajwt.lua | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/luajwt.lua b/luajwt.lua
index 841c605..e0a92ee 100644
--- a/luajwt.lua
+++ b/luajwt.lua
@@ -12,6 +12,14 @@ local alg_verify = {
 	['HS256'] = function(data, signature, key) return signature == alg_sign['HS256'](data, key) end,
 	['HS384'] = function(data, signature, key) return signature == alg_sign['HS384'](data, key) end,
 	['HS512'] = function(data, signature, key) return signature == alg_sign['HS512'](data, key) end,
+	['RS256'] = function(data, signature, key)
+		local pubkey = crypto.pkey.from_pem(key)
+		if pubkey ~= nil then
+			return crypto.verify("sha256", data, signature, pubkey)
+		else
+			return nil, "Invalid PEM key configured"
+		end
+	end
 }
 
 local function b64_encode(input)	
@@ -131,7 +139,11 @@ function M.decode(data, key, verify)
 			return nil, "Algorithm not supported"
 		end
 
-		if not alg_verify[header.alg](headerb64 .. "." .. bodyb64, sig, key) then
+		local verify_result, error
+			= alg_verify[header.alg](headerb64 .. "." .. bodyb64, sig, key);
+		if verify_result == nil then
+			return nil, error
+		elseif verify_result == false then
 			return nil, "Invalid signature"
 		end
 

From 8397a14974aee55491b7cc189c4b79e920fd6e53 Mon Sep 17 00:00:00 2001
From: paweldomas <pawel.domas@jitsi.org>
Date: Tue, 2 Aug 2016 09:30:12 -0500
Subject: [PATCH 2/2] Add support for signing with RS256

---
 luajwt.lua | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/luajwt.lua b/luajwt.lua
index e0a92ee..0d2012f 100644
--- a/luajwt.lua
+++ b/luajwt.lua
@@ -6,6 +6,14 @@ local alg_sign = {
 	['HS256'] = function(data, key) return crypto.hmac.digest('sha256', data, key, true) end,
 	['HS384'] = function(data, key) return crypto.hmac.digest('sha384', data, key, true) end,
 	['HS512'] = function(data, key) return crypto.hmac.digest('sha512', data, key, true) end,
+	['RS256'] = function(data, key)
+		local privkey = crypto.pkey.from_pem(key, true)
+		if privkey == nil then
+			return nil, "Not a private PEM key"
+		else
+			return crypto.sign("sha256", data, privkey)
+		end
+	end
 }
 
 local alg_verify = {
@@ -14,10 +22,10 @@ local alg_verify = {
 	['HS512'] = function(data, signature, key) return signature == alg_sign['HS512'](data, key) end,
 	['RS256'] = function(data, signature, key)
 		local pubkey = crypto.pkey.from_pem(key)
-		if pubkey ~= nil then
-			return crypto.verify("sha256", data, signature, pubkey)
+		if pubkey == nil then
+			return nil, "Not a public PEM key"
 		else
-			return nil, "Invalid PEM key configured"
+			return crypto.verify("sha256", data, signature, pubkey)
 		end
 	end
 }
@@ -85,8 +93,10 @@ function M.encode(data, key, alg)
 	}
 
 	local signing_input = table.concat(segments, ".")
-
-	local signature = alg_sign[alg](signing_input, key)
+	local signature, error = alg_sign[alg](signing_input, key)
+	if signature == nil then
+		return nil, error
+	end
 
 	segments[#segments+1] = b64_encode(signature)