RubyGems - cf-uaa-lib - Versions diffs - 1.3.6 → 1.3.7 - Mend

cf-uaa-lib 1.3.6 → 1.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

data/lib/uaa/token_coder.rb CHANGED Viewed

@@ -113,10 +113,10 @@ class TokenCoder
     signature = Util.decode64(crypto_segment)
     if ["HS256", "HS384", "HS512"].include?(algo)
       raise InvalidSignature, "Signature verification failed" unless
-          signature == OpenSSL::HMAC.digest(init_digest(algo), options[:skey], signing_input)
+          options[:skey] && signature == OpenSSL::HMAC.digest(init_digest(algo), options[:skey], signing_input)
     elsif ["RS256", "RS384", "RS512"].include?(algo)
       raise InvalidSignature, "Signature verification failed" unless
-          options[:pkey].verify(init_digest(algo), signature, signing_input)
+          options[:pkey] && options[:pkey].verify(init_digest(algo), signature, signing_input)
     else
       raise SignatureNotSupported, "Algorithm not supported"
     end

data/lib/uaa/version.rb CHANGED Viewed

@@ -14,6 +14,6 @@
 # Cloud Foundry namespace
 module CF
   module UAA
-    VERSION = "1.3.6"
+    VERSION = "1.3.7"
   end
 end

data/spec/token_coder_spec.rb CHANGED Viewed

@@ -91,6 +91,45 @@ describe TokenCoder do
     expect { subject.decode("bEaReR #{tkn}") }.to raise_exception(InvalidSignature)
   end
+  it "raises an error if the token is public-key signed and we try to decode with symmetric key" do
+    pem = <<-DATA.gsub(/^ +/, '')
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIBOwIBAAJBAN+5O6n85LSs/fj46Ht1jNbc5e+3QX+suxVPJqICvuV6sIukJXXE
+      zfblneN2GeEVqgeNvglAU9tnm3OIKzlwM5UCAwEAAQJAEhJ2fV7OYsHuqiQBM6fl
+      Pp4NfPXCtruPSUNhjYjHPuYpnqo6cpuUNAzRvqAdDkJJsPCPt1E5AWOYUYOmLE+d
+      AQIhAO/XxMb9GrTDyqJDvS8T1EcJpLCaUIReae0jSg1RnBrhAiEA7st6WLmOyTxX
+      JgLcO6LUfW6RsE3pgi9NGL25P3eOAzUCIQDUFKi1CJR36XWh/GIqYc9grX9KhnnS
+      QqZKAd12X4a5IQIhAMTOJKaNP/Xwai7kupfX6mL6Rs5UWDg4PcU/UDbTlNJlAiBv
+      2yrlT5h164jGCxqe7++1kIl4ollFCgz6QJ8lcmb/2Q==
+      -----END RSA PRIVATE KEY-----
+    DATA
+    coder = TokenCoder.new(:audience_ids => "test_resource", :pkey => pem)
+    coder2 = TokenCoder.new(:audience_ids => "test_resource", :skey => 'randomness')
+    tkn = coder.encode(@tkn_body, 'RS256')
+    expect { coder2.decode("bEaReR #{tkn}") }.to raise_exception(InvalidSignature)
+  end
+  it "raises an error if the token is symmetric-key signed and we try to decode with a public key" do
+    pem = <<-DATA.gsub(/^ +/, '')
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIBOwIBAAJBAN+5O6n85LSs/fj46Ht1jNbc5e+3QX+suxVPJqICvuV6sIukJXXE
+      zfblneN2GeEVqgeNvglAU9tnm3OIKzlwM5UCAwEAAQJAEhJ2fV7OYsHuqiQBM6fl
+      Pp4NfPXCtruPSUNhjYjHPuYpnqo6cpuUNAzRvqAdDkJJsPCPt1E5AWOYUYOmLE+d
+      AQIhAO/XxMb9GrTDyqJDvS8T1EcJpLCaUIReae0jSg1RnBrhAiEA7st6WLmOyTxX
+      JgLcO6LUfW6RsE3pgi9NGL25P3eOAzUCIQDUFKi1CJR36XWh/GIqYc9grX9KhnnS
+      QqZKAd12X4a5IQIhAMTOJKaNP/Xwai7kupfX6mL6Rs5UWDg4PcU/UDbTlNJlAiBv
+      2yrlT5h164jGCxqe7++1kIl4ollFCgz6QJ8lcmb/2Q==
+      -----END RSA PRIVATE KEY-----
+    DATA
+    coder = TokenCoder.new(:audience_ids => "test_resource", :pkey => pem)
+    coder2 = TokenCoder.new(:audience_ids => "test_resource", :skey => 'randomness')
+    tkn = coder2.encode(@tkn_body)
+    expect { coder.decode("bEaReR #{tkn}") }.to raise_exception(InvalidSignature)
+  end
   it "raises an error if the token is an unknown signing algorithm" do
     segments = [Util.json_encode64(:typ => "JWT", :alg =>"BADALGO")]
     segments << Util.json_encode64(@tkn_body)

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cf-uaa-lib
 version: !ruby/object:Gem::Version
-  version: 1.3.6
+  version: 1.3.7
   prerelease:
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-01-29 00:00:00.000000000 Z
+date: 2013-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -195,7 +195,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1720438765571027333
+      hash: -1584033744634561596
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -204,7 +204,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1720438765571027333
+      hash: -1584033744634561596
 requirements: []
 rubyforge_project: cf-uaa-lib
 rubygems_version: 1.8.23