feat: Reduce dependencies

* Use `pointycastle` for HMAC calculation instead of `crypto` * Implement custom deep list equality instead of using the `collection` package
2025-07-15 02:59:09 +08:00 · 2025-03-12 15:40:36 +01:00
parent 368d05a1a5
commit 5ac703a4b2
4 changed files with 18 additions and 15 deletions
--- a/lib/src/algorithms.dart
+++ b/lib/src/algorithms.dart
@ -1,7 +1,6 @@
 import 'dart:math';
 import 'dart:typed_data';

-import 'package:crypto/crypto.dart';
 import 'package:ed25519_edwards/ed25519_edwards.dart' as ed;
 import 'package:pointycastle/pointycastle.dart' as pc;

@ -148,12 +147,10 @@ class HMACAlgorithm extends JWTAlgorithm {

    final keyBytes = decodeHMACSecret(secretKey.key, secretKey.isBase64Encoded);

-    final hmac = Hmac(
-      _getHash(name),
-      keyBytes,
-    );
+    final hmac = pc.Mac('${_getHash(name)}/HMAC');
+    hmac.init(pc.KeyParameter(keyBytes));

-    return Uint8List.fromList(hmac.convert(body).bytes);
+    return Uint8List.fromList(hmac.process(body));
  }

  @override
@ -171,14 +168,14 @@ class HMACAlgorithm extends JWTAlgorithm {
    return true;
  }

-  Hash _getHash(String name) {
+  String _getHash(String name) {
    switch (name) {
      case 'HS256':
-        return sha256;
+        return 'SHA-256';
      case 'HS384':
-        return sha384;
+        return 'SHA-384';
      case 'HS512':
-        return sha512;
+        return 'SHA-512';
      default:
        throw ArgumentError.value(name, 'name', 'unknown hash name');
    }
--- a/lib/src/helpers.dart
+++ b/lib/src/helpers.dart
@ -159,3 +159,13 @@ ECDSAAlgorithm? ecCurveToAlgorithm(String curveName) {
      return null;
  }
 }
+
+bool isListEquals<T>(List<T>? a, List<T>? b) {
+  if (identical(a, b)) return true;
+  if (a == null || b == null) return false;
+  if (a.length != b.length) return false;
+  for (var i = 0; i < a.length; i++) {
+    if (a[i] != b[i]) return false;
+  }
+  return true;
+}
--- a/lib/src/jwt.dart
+++ b/lib/src/jwt.dart
@ -2,8 +2,6 @@ import 'dart:collection';
 import 'dart:convert';
 import 'dart:typed_data';

-import 'package:collection/collection.dart';
-
 import 'algorithms.dart';
 import 'exceptions.dart';
 import 'helpers.dart';
@ -112,7 +110,7 @@ class JWT {
            if (payload['aud'] is String && payload['aud'] != audience.first) {
              throw JWTInvalidException('invalid audience');
            } else if (payload['aud'] is List &&
-                !ListEquality().equals(payload['aud'], audience)) {
+                !isListEquals(payload['aud'], audience)) {
              throw JWTInvalidException('invalid audience');
            }
          } else {
--- a/pubspec.yaml
+++ b/pubspec.yaml
@ -13,10 +13,8 @@ false_secrets:
  - /README.md

 dependencies:
-  crypto: ^3.0.6
  pointycastle: ^4.0.0
  convert: ^3.1.2
-  collection: ^1.17.1
  ed25519_edwards: ^0.3.1
  clock: ^1.1.2