bitjwt 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 03c5f720f7f4793aa960a681c94d591b741df0b0
+  data.tar.gz: 41b4999bae9bc4b134b1fab2133ce52010239612
+SHA512:
+  metadata.gz: bdf041a9d5b60a6f0fc006a4fe07bc1aee9c5acedf47c21c3a8d7c5087d9f92aadb569f8a5efb4553bdc3f39f96d015cc75f28174e7a373e66eb2068fe3dc515
+  data.tar.gz: e7a02f1391dd54e6a2ff1775aa040664404a213f75f5d0b4214a4f8401a1ad1ed57c350c058a23a8e8de3dfcb2220578221f7b294c43ca404012e5049b5bae27

data/.gitignore

@@ -0,0 +1,2 @@
+bin/*
+vendor

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/Gemfile.lock

@@ -0,0 +1,49 @@
+PATH
+  remote: .
+  specs:
+    bitjwt (0.0.1)
+      bitcoin-ruby (= 0.0.8)
+      excon (~> 0.49)
+      ffi (~> 1.9)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.4.0)
+    bitcoin-ruby (0.0.8)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.2.5)
+    excon (0.49.0)
+    ffi (1.9.10)
+    hashdiff (0.3.0)
+    rspec (3.4.0)
+      rspec-core (~> 3.4.0)
+      rspec-expectations (~> 3.4.0)
+      rspec-mocks (~> 3.4.0)
+    rspec-core (3.4.4)
+      rspec-support (~> 3.4.0)
+    rspec-expectations (3.4.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.4.0)
+    rspec-mocks (3.4.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.4.0)
+    rspec-support (3.4.1)
+    safe_yaml (1.0.4)
+    webmock (2.1.0)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bitjwt!
+  rspec (~> 3.4)
+  rspec-mocks (~> 3.4)
+  webmock (~> 2.1)
+
+BUNDLED WITH
+   1.12.5

data/README.md

@@ -0,0 +1,80 @@
+# BitJWT
+
+Simple JWT Ruby implementation based on Bitcoin secp256k1
+inspired by bitjws (https://github.com/deginner/bitjws).
+
+JWT protocol header built on a custom bitcoin algorithm:
+```ruby
+header = {
+    'alg' => 'CUSTOM-BITCOIN-SIGN',
+    'kid' => '<bitcoin public address>',
+    'typ' => 'JWT'
+}
+```
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'bitjwt'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install bitjwt
+
+## Install bitcoin library
+
+Compile and install libsecp256k1 required by bitcoin-ruby:
+(https://github.com/bitcoin/bitcoin/tree/v0.11.0/src/secp256k1)
+
+tag: v0.11.0
+
+commit: d26f951802c762de04fb68e1a112d611929920ba
+
+and place it under your vendor/bitcoin/src/secp256k1/.libs local path
+
+## Usage
+
+```ruby
+# import your WIF private key
+wif_key = 'L2mvkaTyiZMVZ8kPjBkov6FHbp2AVo8DeuXEZVvH7P19KrtpsJtj'
+
+# or generate a new one using Bitcoin library
+wif_key = Bitcoin::Key.generate.to_base58
+
+# instantiate BitJWT crypto object with your private key
+crypto = BitJWT::Crypto.new(wif_key)
+
+# define your payload to send
+payload =
+  {
+    'aud' => '/api/audience',
+    'data' => {
+      'key1' => 'value1',
+      'key2' => 0
+    }
+  }
+# 'aud'  relative URL path of your request
+# 'data' data to send
+
+#build BitJWT protocol request
+request = BitJWT::Protocol.build_request(crypto, payload)
+
+# send request to base URL
+begin
+    response = request.send('http://service_base_url', 'POST')
+    # check returned data contains a valid signature
+    if response.verify
+        # get your decoded response
+        payload = response.payload_to_h
+    end
+rescue BitJWT::ProtocolError => e
+    # e.status  http error status code
+    # e.body    application returned error
+end
+```

data/bitjwt.gemspec

@@ -0,0 +1,26 @@
+$:.push File.expand_path("../lib", __FILE__)
+require 'bitjwt/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'bitjwt'
+  s.version     = BitJWT::VERSION
+  s.date        = '2016-06-16'
+  s.summary     = 'Bitcoin JWT implementation'
+  s.description = 'JWT protocol implementation using Bitcoin secp256k1'
+  s.authors     = ['Federico Barbazza']
+  s.email       = 'federico.barbazza@gmail.com'
+  s.files       = ['lib/bitjwt.rb']
+  s.homepage    =
+    'http://rubygems.org/gems/bitjwt'
+  s.license       = 'MIT'
+  s.files         = `git ls-files -z`.split("\x0")
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  s.require_paths = ['lib']
+
+  s.add_dependency 'ffi', '~> 1.9'
+  s.add_dependency 'bitcoin-ruby', '0.0.8'
+  s.add_dependency 'excon', '~> 0.49'
+  s.add_development_dependency 'rspec', '~> 3.4'
+  s.add_development_dependency 'rspec-mocks', '~> 3.4'
+  s.add_development_dependency 'webmock', '~> 2.1'
+end

data/lib/bitjwt.rb

@@ -0,0 +1,8 @@
+require 'bitjwt/version'
+require 'bitjwt/util'
+require 'bitjwt/crypto'
+require 'bitjwt/protocol_error'
+require 'bitjwt/protocol'
+
+module BitJWT
+end

data/lib/bitjwt/crypto.rb

@@ -0,0 +1,24 @@
+require 'bitcoin'
+
+module BitJWT
+  class Crypto
+    def initialize(private_key)
+      @key = Bitcoin::Key.from_base58(private_key)
+    end
+
+    def bitcoin_address
+      @key.addr
+    end
+
+    def sign(data)
+      bsm = Bitcoin.bitcoin_signed_message_hash(data)
+      signature = Bitcoin::Secp256k1.sign_compact(bsm, Util.hex_to_bin(@key.priv))
+      Base64.strict_encode64(signature)
+    end
+
+    def self.verify(data, signature_base64, pub_address)
+      pubkey = Bitcoin::Key.recover_compact_signature_to_key(data, signature_base64)
+      pubkey.addr == pub_address
+    end
+  end
+end

data/lib/bitjwt/protocol.rb

@@ -0,0 +1,93 @@
+module BitJWT
+  class Protocol
+    attr_reader :header, :payload, :signature
+
+    def initialize(header, payload, signature = nil)
+      @header = header
+      @payload = payload
+      @signature = signature
+    end
+
+    def header_to_h
+      JSON.parse(header)
+    end
+
+    def payload_to_h
+      JSON.parse(payload)
+    end
+
+    def header_encoded
+      Util.base64url_encode(header)
+    end
+
+    def payload_encoded
+      Util.base64url_encode(payload)
+    end
+
+    def header_payload_encoded
+      "#{header_encoded}.#{payload_encoded}"
+    end
+
+    def signature_encoded
+      Util.base64url_encode(signature)
+    end
+
+    def build_signature(crypto)
+      @signature ||= crypto.sign(header_payload_encoded)
+    end
+
+    def send(url, method)
+      connection = Excon.new(url, omit_default_port: true)
+      response = connection.request(path: payload_to_h['aud'],
+                                    method: method,
+                                    headers: {
+                                      'Content-Type' => 'application/jose',
+                                      'User-Agent' => 'bitjwt_client'
+                                    },
+                                    body: "#{header_payload_encoded}.#{signature_encoded}")
+      raise ProtocolError.new(response.status, response.body) unless (200..299).cover?(response.status)
+      build_response(response.body)
+    end
+
+    def build_response(response)
+      header, payload, signature = response.split('.')
+      header_decoded = Base64.decode64(header)
+      payload_decoded = Base64.decode64(payload)
+      signature_decoded = Base64.decode64(signature)
+      self.class.new(header_decoded, payload_decoded, signature_decoded)
+    end
+
+    def verify
+      Crypto.verify(header_payload_encoded, signature, header_to_h['kid'])
+    end
+
+    def self.build_request(crypto, payload = {})
+      header = default_header.merge({ 'kid' => crypto.bitcoin_address })
+      payload = default_payload.merge(payload)
+      bitjws = new(header.to_json, payload.to_json)
+      bitjws.build_signature(crypto)
+      bitjws
+    end
+
+    private
+
+    class << self
+      def default_header
+        {
+          'alg' => 'CUSTOM-BITCOIN-SIGN',
+          'kid' => '',
+          'typ' => 'JWT'
+        }
+      end
+
+      def default_payload
+        {
+          'aud'  => '',
+          'data' => {},
+          'exp'  => Time.now.to_f + 3600,
+          'iat'  => Time.now.to_f
+        }
+      end
+    end
+  end
+end

data/lib/bitjwt/protocol_error.rb

@@ -0,0 +1,10 @@
+module BitJWT
+  class ProtocolError < StandardError
+    attr_reader :status, :body
+
+    def initialize(status, body)
+      @status = status
+      @body = body
+    end
+  end
+end

data/lib/bitjwt/util.rb

@@ -0,0 +1,17 @@
+module BitJWT
+  class Util
+    class << self
+      def hex_to_bin(hex)
+        [hex].pack('H*')
+      end
+
+      def bin_to_hex(bin)
+        bin.unpack('H*')[0]
+      end
+
+      def base64url_encode(str)
+        Base64.encode64(str).tr('+/', '-_').gsub(/[\n=]/, '')
+      end
+    end
+  end
+end

data/lib/bitjwt/version.rb

@@ -0,0 +1,3 @@
+module BitJWT
+  VERSION = '0.0.2'
+end

data/spec/lib/crypto_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+require 'json'
+require 'base64'
+
+module BitJWT
+  describe BitJWT::Crypto do
+    let(:wif_key) { 'L2mvkaTyiZMVZ8kPjBkov6FHbp2AVo8DeuXEZVvH7P19KrtpsJtj' }
+    let(:public_key) { '1AyG7DLm14sWEAK1By4seHP33KUQakP3Tc' }
+    let(:crypto) { Crypto.new(wif_key) }
+    let(:data) { JSON.generate(data: 'test') }
+
+    it 'import a valid WIF key' do
+      expect(crypto.bitcoin_address).to eql public_key
+    end
+
+    it 'generate a valid Base64 strict signature' do
+      signature = crypto.sign(data)
+      expect(signature).not_to include('\n')
+    end
+
+    it 'verify signature to recover right public key' do
+      signature = crypto.sign(data)
+      expect(Crypto.verify(data, signature, public_key)).to be_truthy
+    end
+  end
+end

data/spec/lib/protocol_spec.rb

@@ -0,0 +1,79 @@
+require 'spec_helper'
+require 'excon'
+
+module BitJWT
+  describe BitJWT::Protocol do
+    let(:wif_key) { 'L2mvkaTyiZMVZ8kPjBkov6FHbp2AVo8DeuXEZVvH7P19KrtpsJtj' }
+    let(:public_key) { '1AyG7DLm14sWEAK1By4seHP33KUQakP3Tc' }
+    let(:crypto) { Crypto.new(wif_key) }
+    let(:user_payload) {
+      {
+        'aud' => '/endpoint',
+        'data' => 'test'
+      }
+    }
+
+    context 'initialization' do
+      it 'build a valid JWT request' do
+        request = Protocol.build_request(crypto, user_payload)
+        expect(request.verify).to be_truthy
+        header = request.header_to_h
+        payload = request.payload_to_h
+        # check JWT header
+        expect(header).to have_key('alg')
+        expect(header).to have_key('kid')
+        expect(header).to have_key('typ')
+        expect(header['alg']).to eql 'CUSTOM-BITCOIN-SIGN'
+        expect(header['kid']).to eql public_key
+        expect(header['typ']).to eql 'JWT'
+        # check JWT payload
+        expect(payload).to have_key('aud')
+        expect(payload).to have_key('data')
+        expect(payload).to have_key('exp')
+        expect(payload).to have_key('iat')
+        expect(payload['aud']).to eql user_payload['aud']
+        expect(payload['data']).to eql user_payload['data']
+      end
+    end
+
+    context 'send request' do
+      let(:url) { 'http://localhost' }
+      let(:request) { Protocol.build_request(crypto, user_payload) }
+      let(:peer_wif_key) { 'L13zZXQnhgAHuQ8n5GkSasMitEoHFWxV3MC3xJ4U66NJWt2uyNA2' }
+      let(:peer_public_key) { '1CAnfBknvhbrpoRmGjRtZ8WsXjMg22wgLf' }
+      let(:jwt_stub) { JWTStub.new(peer_wif_key, url, user_payload['aud']) }
+
+      it 'receive a valid response' do
+        jwt_stub.valid_response
+        response = request.send(url, 'POST')
+        header = response.header_to_h
+        payload = response.payload_to_h
+        expect(response.verify).to be_truthy
+        expect(header['kid']).to eql peer_public_key
+        expect(payload['aud']).to eql JWTStub::PAYLOAD['aud']
+        expect(payload['data']).to eql JWTStub::PAYLOAD['data']
+      end
+
+      it 'receive an invalid response (tampered payload)' do
+        jwt_stub.invalid_response
+        response = request.send(url, 'POST')
+        expect(response.verify).to be_falsey
+      end
+
+      it 'receive a protocol error' do
+        jwt_stub.protocol_error
+        expect{request.send(url, 'POST')}.to raise_error(BitJWT::ProtocolError)
+      end
+
+      it 'get explict error from  exception' do
+        jwt_stub.protocol_error
+        begin
+          request.send(url, 'POST')
+        rescue BitJWT::ProtocolError => e
+          expect(e.status).to eql JWTStub::STATUS_ERROR
+          expect(e.body).to eql JWTStub::PAYLOAD_ERROR.to_json
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,15 @@
+require 'webmock/rspec'
+require File.expand_path('../lib/bitjwt.rb', File.dirname(__FILE__))
+require 'stubs/jwt_stub'
+
+RSpec.configure do |config|
+  config.order = 'random'
+  config.filter_run focus: true
+  config.run_all_when_everything_filtered = true
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+end

data/spec/stubs/jwt_stub.rb

@@ -0,0 +1,42 @@
+module BitJWT
+  class JWTStub
+    attr_reader :crypto, :base_url
+
+    PAYLOAD = {
+      'aud' => '/response',
+      'data' => {
+        'field1' => 'text1',
+        'field2' => 'text2'
+      }
+    }.freeze
+    
+    STATUS_ERROR = 400.freeze
+    PAYLOAD_ERROR = {
+      'error' => 'data invalid'
+    }.freeze
+
+    def initialize(private_key, url, endpoint)
+      @crypto = BitJWT::Crypto.new(private_key)
+      @base_url = url + endpoint
+    end
+
+    def valid_response
+      protocol = BitJWT::Protocol.build_request(crypto, JWTStub::PAYLOAD)
+      returned_payload = "#{protocol.header_payload_encoded}.#{protocol.signature_encoded}"
+      WebMock.stub_request(:post, base_url)
+             .to_return(status: 200, body: returned_payload, headers: {})
+    end
+
+    def invalid_response
+      protocol = BitJWT::Protocol.build_request(crypto, JWTStub::PAYLOAD)
+      returned_payload = "#{protocol.header_payload_encoded}X11111.#{protocol.signature_encoded}"
+      WebMock.stub_request(:post, base_url)
+             .to_return(status: 200, body: returned_payload, headers: {})
+    end
+
+    def protocol_error
+      WebMock.stub_request(:post, base_url)
+             .to_return(status: STATUS_ERROR, body: PAYLOAD_ERROR.to_json, headers: {})
+    end
+  end
+end

metadata

@@ -0,0 +1,146 @@
+--- !ruby/object:Gem::Specification
+name: bitjwt
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Federico Barbazza
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: bitcoin-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.8
+- !ruby/object:Gem::Dependency
+  name: excon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+description: JWT protocol implementation using Bitcoin secp256k1
+email: federico.barbazza@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- README.md
+- bitjwt.gemspec
+- lib/bitjwt.rb
+- lib/bitjwt/crypto.rb
+- lib/bitjwt/protocol.rb
+- lib/bitjwt/protocol_error.rb
+- lib/bitjwt/util.rb
+- lib/bitjwt/version.rb
+- spec/lib/crypto_spec.rb
+- spec/lib/protocol_spec.rb
+- spec/spec_helper.rb
+- spec/stubs/jwt_stub.rb
+homepage: http://rubygems.org/gems/bitjwt
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Bitcoin JWT implementation
+test_files:
+- spec/lib/crypto_spec.rb
+- spec/lib/protocol_spec.rb
+- spec/spec_helper.rb
+- spec/stubs/jwt_stub.rb