fcl-web: RS256 using sign/verify

packages/fcl-web/src/jwt/fpjwarsa.pp

@@ -109,7 +109,7 @@ begin
   try
     RSAInitFromPrivateKeyDER(RSA,aKey.AsBytes);
     SetLength(aSignature{%H-},RSA.ModulusLen);
-    if RSAEncryptSign(RSA,@Hash[0],length(Hash),@aSignature[0],false)<RSA.ModulusLen then
+    if RSAEncryptSign(RSA,@Hash[0],length(Hash),@aSignature[0],true)<RSA.ModulusLen then
       raise Exception.Create('20220429223334');
     Result:=Base64URL.Encode(@aSignature[0],Length(aSignature),False);
   finally
@@ -135,9 +135,9 @@ begin
   // decrypt hash
   RSACreate(RSA);
   try
-    RSAInitFromPrivateKeyDER(RSA,aKey.AsBytes);
+    RSAInitFromPublicKeyDER(RSA,aKey.AsBytes);
     SetLength(DecryptedHash{%H-},length(EncryptedHash));
-    HashLen:=RSADecryptVerify(RSA,@EncryptedHash[0],@DecryptedHash[0],length(DecryptedHash),false);
+    HashLen:=RSADecryptVerify(RSA,@EncryptedHash[0],@DecryptedHash[0],length(DecryptedHash),true);
     if HashLen<=0 then exit;
     SetLength(DecryptedHash,HashLen);
   finally

packages/fcl-web/tests/tcjwt.pp

@@ -269,7 +269,6 @@ begin
     S.Free;
   end;
   FKey:=TJWTKey.Create(@aPrivateKey,SizeOf(TEccPrivateKey));
-  writeln('AAA1 TTestJWT.TestVerifyES256Pem ');
   FVerifyResult:=TMyJWT.ValidateJWT(aInput,FKey);
   AssertNotNull('Have result',FVerifyResult);
   AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);
@@ -360,6 +359,16 @@ const
     'dtOAmxMASvsqud3XIM5fO5m3Jpl1phiGhCw4nvVLcYzVWxYY+oWoeCSyECgu5tmT'#10+
     'Fo8vn4EEXCkEAA2YPiEuVcrcYsWkLivCTC19lJDfUNMmpwSdiGz/tDU='#10+
     '-----END RSA PRIVATE KEY-----'#10;
+  APublicKeyPem =
+    '-----BEGIN PUBLIC KEY-----'#10+
+    'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkRfGW8psCZ3G4+hBA6W'#10+
+    '/CR/FHhBLB3k3QLypamPbRFlFBxLtOK2NblBybY22vUiMLZbb5x8OoOj/IhOrJAl'#10+
+    'TqhtbTWLy/0K3qbG09vLm8V40kEK8/p0STrp3UmsxHNkccj9MRSKk7pOyEvxSCY6'#10+
+    'K5JGK1VTsMuDCS7DCYk6Vqr3zjX7qedF1PVM+Z5t0B+f//kt3oBETNlic4IooEpG'#10+
+    '/PN2GUQ0oZpa16DDtfgGu7wT3X3QEZFWLJYQTvGc82NpachBIUvqNdIt1npbK38M'#10+
+    'XU4IPHVrSN/HdK2nQPSMLdKnTV+Eh/HcxpfjBjarg+VjgDqlmqJ9bkosOVn35vsg'#10+
+    '8wIDAQAB'#10+
+    '-----END PUBLIC KEY-----';
 var
   aInput: String;
   Signer: TJWTSignerRSA;
@@ -374,6 +383,7 @@ begin
   // load private key from pem
   FKey.AsBytes:=PemToDER(APrivateKeyPem,_BEGIN_RSA_PRIVATE_KEY,_END_RSA_PRIVATE_KEY);
 
+  // sign
   Signer:=TJWTSignerRSA(SignerClass.Create);
   try
     aInput:=Signer.AppendSignature(JWT,Key);
@@ -381,6 +391,10 @@ begin
     Signer.Free;
   end;
 
+  // load public key from pem
+  FKey.AsBytes:=PemToDER(APublicKeyPem,_BEGIN_PUBLIC_KEY,_END_PUBLIC_KEY);
+
+  // verify
   FVerifyResult:=TMyJWT.ValidateJWT(aInput,FKey);
   AssertNotNull('Have result',FVerifyResult);
   AssertEquals('Correct class',TMyJWT,FVerifyResult.ClassType);