raise verification error for signiture verification

lib/jwt.rb

@@ -10,6 +10,7 @@
 
 module JWT
   class DecodeError < StandardError; end
+  class VerificationError < DecodeError; end
   class ExpiredSignature < StandardError; end
   class ImmatureSignature < StandardError; end
   extend JWT::Json
@@ -132,14 +133,14 @@ def signature_algorithm_and_key(header, key, &keyfinder)
   def verify_signature(algo, key, signing_input, signature)
     begin
       if ["HS256", "HS384", "HS512"].include?(algo)
-        raise JWT::DecodeError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
+        raise JWT::VerificationError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
       elsif ["RS256", "RS384", "RS512"].include?(algo)
-        raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
+        raise JWT::VerificationError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
       else
-        raise JWT::DecodeError.new("Algorithm not supported")
+        raise JWT::VerificationError.new("Algorithm not supported")
       end
     rescue OpenSSL::PKey::PKeyError
-      raise JWT::DecodeError.new("Signature verification failed")
+      raise JWT::VerificationError.new("Signature verification failed")
     ensure
       OpenSSL.errors.clear
     end

spec/jwt_spec.rb

@@ -37,42 +37,42 @@
     expect(decoded_payload).to include(example_payload)
   end
 
-  it "raises exception when the token is invalid" do
+  it "raises decode exception when the token is invalid" do
     example_secret = 'secret'
     # Same as above exmaple with some random bytes replaced
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHiMomlwIjogIkJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8'
     expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
 
-  it "raises exception with wrong hmac key" do
+  it "raises verification exception with wrong hmac key" do
     right_secret = 'foo'
     bad_secret = 'bar'
     jwt_message = JWT.encode(@payload, right_secret, "HS256")
-    expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::VerificationError)
   end
 
-  it "raises exception with wrong rsa key" do
+  it "raises verification exception with wrong rsa key" do
     right_private_key = OpenSSL::PKey::RSA.generate(512)
     bad_private_key = OpenSSL::PKey::RSA.generate(512)
     jwt = JWT.encode(@payload, right_private_key, "RS256")
-    expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::VerificationError)
   end
 
-  it "raises exception with invalid signature" do
+  it "raises decode exception with invalid signature" do
     example_secret = 'secret'
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.'
     expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
 
-  it "raises exception with nonexistent header" do
+  it "raises decode exception with nonexistent header" do
     expect { JWT.decode("..stuff") }.to raise_error(JWT::DecodeError)
   end
 
-  it "raises exception with nonexistent payload" do
+  it "raises decode exception with nonexistent payload" do
     expect { JWT.decode("eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..stuff") }.to raise_error(JWT::DecodeError)
   end
 
-  it "raises exception with nil jwt" do
+  it "raises decode exception with nil jwt" do
     expect { JWT.decode(nil) }.to raise_error(JWT::DecodeError)
   end