cf-uaa-lib 1.3.6 → 1.3.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/lib/uaa/token_coder.rb +2 -2
  2. data/lib/uaa/version.rb +1 -1
  3. data/spec/token_coder_spec.rb +39 -0
  4. metadata +4 -4
data/lib/uaa/token_coder.rb CHANGED
@@ -113,10 +113,10 @@ class TokenCoder
113
113
  signature = Util.decode64(crypto_segment)
114
114
  if ["HS256", "HS384", "HS512"].include?(algo)
115
115
  raise InvalidSignature, "Signature verification failed" unless
116
- signature == OpenSSL::HMAC.digest(init_digest(algo), options[:skey], signing_input)
116
+ options[:skey] && signature == OpenSSL::HMAC.digest(init_digest(algo), options[:skey], signing_input)
117
117
  elsif ["RS256", "RS384", "RS512"].include?(algo)
118
118
  raise InvalidSignature, "Signature verification failed" unless
119
- options[:pkey].verify(init_digest(algo), signature, signing_input)
119
+ options[:pkey] && options[:pkey].verify(init_digest(algo), signature, signing_input)
120
120
  else
121
121
  raise SignatureNotSupported, "Algorithm not supported"
122
122
  end
data/lib/uaa/version.rb CHANGED
@@ -14,6 +14,6 @@
14
14
  # Cloud Foundry namespace
15
15
  module CF
16
16
  module UAA
17
- VERSION = "1.3.6"
17
+ VERSION = "1.3.7"
18
18
  end
19
19
  end
data/spec/token_coder_spec.rb CHANGED
@@ -91,6 +91,45 @@ describe TokenCoder do
91
91
  expect { subject.decode("bEaReR #{tkn}") }.to raise_exception(InvalidSignature)
92
92
  end
93
93
 
94
+ it "raises an error if the token is public-key signed and we try to decode with symmetric key" do
95
+ pem = <<-DATA.gsub(/^ +/, '')
96
+ -----BEGIN RSA PRIVATE KEY-----
97
+ MIIBOwIBAAJBAN+5O6n85LSs/fj46Ht1jNbc5e+3QX+suxVPJqICvuV6sIukJXXE
98
+ zfblneN2GeEVqgeNvglAU9tnm3OIKzlwM5UCAwEAAQJAEhJ2fV7OYsHuqiQBM6fl
99
+ Pp4NfPXCtruPSUNhjYjHPuYpnqo6cpuUNAzRvqAdDkJJsPCPt1E5AWOYUYOmLE+d
100
+ AQIhAO/XxMb9GrTDyqJDvS8T1EcJpLCaUIReae0jSg1RnBrhAiEA7st6WLmOyTxX
101
+ JgLcO6LUfW6RsE3pgi9NGL25P3eOAzUCIQDUFKi1CJR36XWh/GIqYc9grX9KhnnS
102
+ QqZKAd12X4a5IQIhAMTOJKaNP/Xwai7kupfX6mL6Rs5UWDg4PcU/UDbTlNJlAiBv
103
+ 2yrlT5h164jGCxqe7++1kIl4ollFCgz6QJ8lcmb/2Q==
104
+ -----END RSA PRIVATE KEY-----
105
+ DATA
106
+ coder = TokenCoder.new(:audience_ids => "test_resource", :pkey => pem)
107
+ coder2 = TokenCoder.new(:audience_ids => "test_resource", :skey => 'randomness')
108
+
109
+ tkn = coder.encode(@tkn_body, 'RS256')
110
+
111
+ expect { coder2.decode("bEaReR #{tkn}") }.to raise_exception(InvalidSignature)
112
+ end
113
+
114
+ it "raises an error if the token is symmetric-key signed and we try to decode with a public key" do
115
+ pem = <<-DATA.gsub(/^ +/, '')
116
+ -----BEGIN RSA PRIVATE KEY-----
117
+ MIIBOwIBAAJBAN+5O6n85LSs/fj46Ht1jNbc5e+3QX+suxVPJqICvuV6sIukJXXE
118
+ zfblneN2GeEVqgeNvglAU9tnm3OIKzlwM5UCAwEAAQJAEhJ2fV7OYsHuqiQBM6fl
119
+ Pp4NfPXCtruPSUNhjYjHPuYpnqo6cpuUNAzRvqAdDkJJsPCPt1E5AWOYUYOmLE+d
120
+ AQIhAO/XxMb9GrTDyqJDvS8T1EcJpLCaUIReae0jSg1RnBrhAiEA7st6WLmOyTxX
121
+ JgLcO6LUfW6RsE3pgi9NGL25P3eOAzUCIQDUFKi1CJR36XWh/GIqYc9grX9KhnnS
122
+ QqZKAd12X4a5IQIhAMTOJKaNP/Xwai7kupfX6mL6Rs5UWDg4PcU/UDbTlNJlAiBv
123
+ 2yrlT5h164jGCxqe7++1kIl4ollFCgz6QJ8lcmb/2Q==
124
+ -----END RSA PRIVATE KEY-----
125
+ DATA
126
+ coder = TokenCoder.new(:audience_ids => "test_resource", :pkey => pem)
127
+ coder2 = TokenCoder.new(:audience_ids => "test_resource", :skey => 'randomness')
128
+ tkn = coder2.encode(@tkn_body)
129
+
130
+ expect { coder.decode("bEaReR #{tkn}") }.to raise_exception(InvalidSignature)
131
+ end
132
+
94
133
  it "raises an error if the token is an unknown signing algorithm" do
95
134
  segments = [Util.json_encode64(:typ => "JWT", :alg =>"BADALGO")]
96
135
  segments << Util.json_encode64(@tkn_body)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cf-uaa-lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.6
4
+ version: 1.3.7
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
- date: 2013-01-29 00:00:00.000000000 Z
16
+ date: 2013-02-05 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: multi_json
@@ -195,7 +195,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
195
195
  version: '0'
196
196
  segments:
197
197
  - 0
198
- hash: 1720438765571027333
198
+ hash: -1584033744634561596
199
199
  required_rubygems_version: !ruby/object:Gem::Requirement
200
200
  none: false
201
201
  requirements:
@@ -204,7 +204,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
204
204
  version: '0'
205
205
  segments:
206
206
  - 0
207
- hash: 1720438765571027333
207
+ hash: -1584033744634561596
208
208
  requirements: []
209
209
  rubyforge_project: cf-uaa-lib
210
210
  rubygems_version: 1.8.23