fix: use JWTKit to speed up RSA signer

.github/workflows/swift.yml

@@ -2,27 +2,22 @@ name: Swift
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
 
 jobs:
-
   build-ubuntu:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-    - name: Install Swift
-      run: |
-        SWIFT_URL=https://swift.org/builds/swift-5.1.1-release/ubuntu1404/swift-5.1.1-RELEASE/swift-5.1.1-RELEASE-ubuntu14.04.tar.gz
-        curl -fSsL $SWIFT_URL -o swift.tar.gz
-        sudo tar -xzf swift.tar.gz --strip-components=2 --directory=/usr/local
-        which swift
-    - name: Build
-      run: |
-        swift package -v resolve
-        make all
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Install swift version
+        uses: swift-actions/setup-swift@v1
+      - name: Build
+        run: |
+          swift package -v resolve
+          make all
 
   build-macos:
     runs-on: macOS-latest

Package.swift

@@ -1,4 +1,4 @@
-// swift-tools-version:5.0
+// swift-tools-version:5.1
 
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,7 +19,7 @@ import PackageDescription
 let package = Package(
   name: "Auth",
   platforms: [
-    .macOS(.v10_12), .iOS(.v9), .tvOS(.v9)
+    .macOS(.v10_15), .iOS(.v9), .tvOS(.v9)
   ],
   products: [
     .library(name: "OAuth1", targets: ["OAuth1"]),
@@ -29,17 +29,27 @@ let package = Package(
   ],
   dependencies: [
     .package(url: "https://github.com/apple/swift-nio.git", from: "2.59.0"),
-    .package(url: "https://github.com/krzyzanowskim/CryptoSwift.git", "1.1.3"..."1.3.2"),
-    .package(url: "https://github.com/attaswift/BigInt", from: "5.0.0"),
+    .package(url: "https://github.com/krzyzanowskim/CryptoSwift.git", from: "1.8.1"),
+    .package(url: "https://github.com/attaswift/BigInt.git", from: "5.0.0"),
+    .package(url: "https://github.com/vapor/jwt-kit.git", from: "4.0.0"),
   ],
   targets: [
     .target(name: "OAuth1",
-            dependencies: ["CryptoSwift", "TinyHTTPServer"]),
+            dependencies: [
+                .product(name: "CryptoSwift", package: "CryptoSwift"),
+                "TinyHTTPServer"
+            ]),
     .target(name: "OAuth2",
-            dependencies: ["CryptoSwift", "TinyHTTPServer", "BigInt", "SwiftyBase64"],
+            dependencies: [.product(name: "CryptoSwift", package: "CryptoSwift"),
+                           "TinyHTTPServer",
+                           .product(name: "BigInt", package: "BigInt"),
+                           "SwiftyBase64",
+                           .product(name: "JWTKit", package: "jwt-kit")
+                          ],
             exclude: ["FCMTokenProvider"]),
     .target(name: "TinyHTTPServer",
-	    dependencies: ["NIO", "NIOHTTP1"]),
+	    dependencies: [.product(name: "NIO" , package: "swift-nio"),
+                       .product(name: "NIOHTTP1" , package: "swift-nio")]),
     .target(name: "SwiftyBase64"),
     .target(name: "TokenSource", dependencies: ["OAuth2"], path: "Sources/Examples/TokenSource"),
     .target(name: "Google",      dependencies: ["OAuth2"], path: "Sources/Examples/Google"),

Sources/OAuth1/Connection.swift

@@ -49,7 +49,7 @@ public class Connection {
 
     // generate the signature
     let hmac = try! CryptoSwift.HMAC(key: secret, variant: .sha1).authenticate(Array(signatureBaseString.utf8))
-    parameters["oauth_signature"] = hmac.toBase64()!
+    parameters["oauth_signature"] = hmac.toBase64()
   }
 
   public class func performRequest(

Sources/OAuth2/ServiceAccountTokenProvider/JWT.swift

@@ -15,6 +15,7 @@
 import Foundation
 import CryptoSwift
 import SwiftyBase64
+import JWTKit
 
 struct JWTHeader : Codable {
   let Algorithm : String
@@ -51,9 +52,8 @@ struct JWT {
     let claims = SwiftyBase64.EncodeString(Array(claimsData), alphabet:.URLAndFilenameSafe)
     let body = header + "." + claims
     let bodyData = body.data(using: String.Encoding.utf8)!
-    let sha2 = SHA2(variant: SHA2.Variant(rawValue:256)!)
-    let hash = sha2.calculate(for:Array(bodyData))
-    let signature = rsaKey.sign(hash:hash)
+    let signer = JWTSigner.rs256(key: rsaKey)
+    let signature = try signer.algorithm.sign(bodyData)
     let signatureString = SwiftyBase64.EncodeString(signature, alphabet:.URLAndFilenameSafe)
     return body + "." + signatureString
   }

Sources/OAuth2/ServiceAccountTokenProvider/ServiceAccountTokenProvider.swift

@@ -16,6 +16,7 @@ import Foundation
 #if canImport(FoundationNetworking)
   import FoundationNetworking
 #endif
+import JWTKit
 
 struct ServiceAccountCredentials : Codable {
   let CredentialType : String
@@ -58,7 +59,7 @@ public class ServiceAccountTokenProvider : TokenProvider {
     }
     self.credentials = credentials
     self.scopes = scopes
-    guard let rsaKey = RSAKey(privateKey:credentials.PrivateKey)
+    guard let rsaKey = try? RSAKey.private(pem: credentials.PrivateKey)
       else {
         return nil
     }