jose 0.1.0

data/lib/jose/jws/alg.rb

@@ -0,0 +1,10 @@
+module JOSE::JWS::ALG
+
+  extend self
+
+end
+
+require 'jose/jws/alg_ecdsa'
+require 'jose/jws/alg_hmac'
+require 'jose/jws/alg_rsa_pkcs1_v1_5'
+require 'jose/jws/alg_rsa_pss'

data/lib/jose/jws/alg_ecdsa.rb

@@ -0,0 +1,41 @@
+class JOSE::JWS::ALG_ECDSA < Struct.new(:digest)
+
+  # JOSE::JWS callbacks
+
+  def self.from_map(fields)
+    case fields['alg']
+    when 'ES256'
+      return new(OpenSSL::Digest::SHA256), fields.delete('alg')
+    when 'ES384'
+      return new(OpenSSL::Digest::SHA384), fields.delete('alg')
+    when 'ES512'
+      return new(OpenSSL::Digest::SHA512), fields.delete('alg')
+    else
+      raise ArgumentError, "invalid 'alg' for JWS: #{fields['alg'].inspect}"
+    end
+  end
+
+  def to_map(fields)
+    alg = if digest == OpenSSL::Digest::SHA256
+      'ES256'
+    elsif digest == OpenSSL::Digest::SHA384
+      'ES384'
+    elsif digest == OpenSSL::Digest::SHA512
+      'ES512'
+    else
+      raise ArgumentError, "unhandled ECDSA digest type: #{digest.inspect}"
+    end
+    return fields.put('alg', alg)
+  end
+
+  # JOSE::JWS::ALG callbacks
+
+  def sign(jwk, message)
+    return jwk.kty.sign(message, digest)
+  end
+
+  def verify(jwk, message, signature)
+    return jwk.kty.verify(message, digest, signature)
+  end
+
+end

data/lib/jose/jws/alg_hmac.rb

@@ -0,0 +1,41 @@
+class JOSE::JWS::ALG_HMAC < Struct.new(:hmac)
+
+  # JOSE::JWS callbacks
+
+  def self.from_map(fields)
+    case fields['alg']
+    when 'HS256'
+      return new(OpenSSL::Digest::SHA256), fields.delete('alg')
+    when 'HS384'
+      return new(OpenSSL::Digest::SHA384), fields.delete('alg')
+    when 'HS512'
+      return new(OpenSSL::Digest::SHA512), fields.delete('alg')
+    else
+      raise ArgumentError, "invalid 'alg' for JWS: #{fields['alg'].inspect}"
+    end
+  end
+
+  def to_map(fields)
+    alg = if hmac == OpenSSL::Digest::SHA256
+      'HS256'
+    elsif hmac == OpenSSL::Digest::SHA384
+      'HS384'
+    elsif hmac == OpenSSL::Digest::SHA512
+      'HS512'
+    else
+      raise ArgumentError, "unhandled HMAC digest type: #{hmac.inspect}"
+    end
+    return fields.put('alg', alg)
+  end
+
+  # JOSE::JWS::ALG callbacks
+
+  def sign(jwk, message)
+    return jwk.kty.sign(message, hmac)
+  end
+
+  def verify(jwk, message, signature)
+    return jwk.kty.verify(message, hmac, signature)
+  end
+
+end

data/lib/jose/jws/alg_rsa_pkcs1_v1_5.rb

@@ -0,0 +1,41 @@
+class JOSE::JWS::ALG_RSA_PKCS1_V1_5 < Struct.new(:digest)
+
+  # JOSE::JWS callbacks
+
+  def self.from_map(fields)
+    case fields['alg']
+    when 'RS256'
+      return new(OpenSSL::Digest::SHA256), fields.delete('alg')
+    when 'RS384'
+      return new(OpenSSL::Digest::SHA384), fields.delete('alg')
+    when 'RS512'
+      return new(OpenSSL::Digest::SHA512), fields.delete('alg')
+    else
+      raise ArgumentError, "invalid 'alg' for JWS: #{fields['alg'].inspect}"
+    end
+  end
+
+  def to_map(fields)
+    alg = if digest == OpenSSL::Digest::SHA256
+      'RS256'
+    elsif digest == OpenSSL::Digest::SHA384
+      'RS384'
+    elsif digest == OpenSSL::Digest::SHA512
+      'RS512'
+    else
+      raise ArgumentError, "unhandled RSA_PKCS1_v1_5 digest type: #{digest.inspect}"
+    end
+    return fields.put('alg', alg)
+  end
+
+  # JOSE::JWS::ALG callbacks
+
+  def sign(jwk, message)
+    return jwk.kty.sign(message, digest, padding: :rsa_pkcs1_padding)
+  end
+
+  def verify(jwk, message, signature)
+    return jwk.kty.verify(message, digest, signature, padding: :rsa_pkcs1_padding)
+  end
+
+end

data/lib/jose/jws/alg_rsa_pss.rb

@@ -0,0 +1,41 @@
+class JOSE::JWS::ALG_RSA_PSS < Struct.new(:digest)
+
+  # JOSE::JWS callbacks
+
+  def self.from_map(fields)
+    case fields['alg']
+    when 'PS256'
+      return new(OpenSSL::Digest::SHA256), fields.delete('alg')
+    when 'PS384'
+      return new(OpenSSL::Digest::SHA384), fields.delete('alg')
+    when 'PS512'
+      return new(OpenSSL::Digest::SHA512), fields.delete('alg')
+    else
+      raise ArgumentError, "invalid 'alg' for JWS: #{fields['alg'].inspect}"
+    end
+  end
+
+  def to_map(fields)
+    alg = if digest == OpenSSL::Digest::SHA256
+      'PS256'
+    elsif digest == OpenSSL::Digest::SHA384
+      'PS384'
+    elsif digest == OpenSSL::Digest::SHA512
+      'PS512'
+    else
+      raise ArgumentError, "unhandled RSA_PSS digest type: #{digest.inspect}"
+    end
+    return fields.put('alg', alg)
+  end
+
+  # JOSE::JWS::ALG callbacks
+
+  def sign(jwk, message)
+    return jwk.kty.sign(message, digest, padding: :rsa_pkcs1_pss_padding)
+  end
+
+  def verify(jwk, message, signature)
+    return jwk.kty.verify(message, digest, signature, padding: :rsa_pkcs1_pss_padding)
+  end
+
+end

data/lib/jose/jwt.rb

@@ -0,0 +1,145 @@
+module JOSE
+
+  class JWT < Struct.new(:fields)
+
+    # Decode API
+
+    def self.from(object, modules = {})
+      case object
+      when JOSE::Map, Hash
+        return from_map(object, modules)
+      when String
+        return from_binary(object, modules)
+      when JOSE::JWT
+        return object
+      else
+        raise ArgumentError, "'object' must be a Hash, String, or JOSE::JWT"
+      end
+    end
+
+    def self.from_binary(object, modules = {})
+      case object
+      when String
+        return from_map(JOSE.decode(object), modules)
+      else
+        raise ArgumentError, "'object' must be a String"
+      end
+    end
+
+    def self.from_file(file, modules = {})
+      return from_binary(File.binread(file), modules)
+    end
+
+    def self.from_map(object, modules = {})
+      case object
+      when JOSE::Map, Hash
+        return from_fields(JOSE::JWT.new(JOSE::Map.new(object)), modules)
+      else
+        raise ArgumentError, "'object' must be a Hash"
+      end
+    end
+
+    # Encode API
+
+    def self.to_binary(jwt)
+      return from(jwt).to_binary
+    end
+
+    def to_binary
+      return JOSE.encode(to_map)
+    end
+
+    def self.to_file(jwt, file)
+      return from(jwt).to_file(file)
+    end
+
+    def to_file(file)
+      return File.binwrite(file, to_binary)
+    end
+
+    def self.to_map(jwt)
+      return from(jwt).to_map
+    end
+
+    def to_map
+      return fields
+    end
+
+    # API
+
+    def self.decrypt(jwk, encrypted)
+      decrypted, jwe = JOSE::JWK.block_decrypt(jwk, encrypted)
+      return from_binary(decrypted), jwe
+    end
+
+    def self.encrypt(jwt, jwk, jwe = nil)
+      return from(jwt).encrypt(jwk, jwe)
+    end
+
+    def encrypt(jwk, jwe = nil)
+      plain_text = to_binary
+      if jwe.nil?
+        jwk = JOSE::JWK.from(jwk)
+        jwe = jwk.kty.block_encryptor(jwk.fields, plain_text)
+      end
+      if jwe.is_a?(Hash)
+        jwe = JOSE::Map.new(jwe)
+      end
+      if jwe.is_a?(JOSE::Map) and not jwe.has_key?('typ')
+        jwe = jwe.put('typ', 'JWT')
+      end
+      return JOSE::JWK.block_encrypt(jwk, plain_text, jwe)
+    end
+
+    def self.peek_payload(signed)
+      return JOSE::Map.new(JOSE.decode(JOSE::JWS.peek_payload(signed)))
+    end
+
+    def self.peek_protected(signed)
+      return JOSE::JWS.peek_protected(signed)
+    end
+
+    def self.sign(jwt, jwk, jws = nil, header = nil)
+      return from(jwt).sign(jwk, jws)
+    end
+
+    def sign(jwk, jws = nil, header = nil)
+      plain_text = to_binary
+      if jws.nil?
+        jwk = JOSE::JWK.from(jwk)
+        jws = jwk.kty.signer(jwk.fields, plain_text)
+      end
+      if jws.is_a?(Hash)
+        jws = JOSE::Map.new(jws)
+      end
+      if jws.is_a?(JOSE::Map) and not jws.has_key?('typ')
+        jws = jws.put('typ', 'JWT')
+      end
+      return JOSE::JWK.sign(jwk, plain_text, jws, header)
+    end
+
+    def self.verify(jwk, signed)
+      verified, payload, jws = JOSE::JWK.verify(signed, jwk)
+      jwt = from_binary(payload)
+      return verified, jwt, jws
+    end
+
+    def self.verify_strict(jwk, allow, signed)
+      verified, payload, jws = JOSE::JWK.verify(signed, allow, jwk)
+      jwt = payload
+      if verified
+        jwt = from_binary(payload)
+      end
+      return verified, jwt, jws
+    end
+
+  private
+
+    def self.from_fields(jwt, modules)
+      return jwt
+    end
+
+  end
+end
+
+require 'jose/jws/alg'

data/lib/jose/version.rb

@@ -0,0 +1,3 @@
+module JOSE
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,162 @@
+--- !ruby/object:Gem::Specification
+name: jose
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Andrew Bennett
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-11-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: hamster
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: JSON Object Signing and Encryption
+email:
+- andrew@pixid.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".editorconfig"
+- ".gitignore"
+- ".ruby-gemset"
+- ".ruby-version"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- jose.gemspec
+- lib/jose.rb
+- lib/jose/jwa.rb
+- lib/jose/jwa/aes_kw.rb
+- lib/jose/jwa/concat_kdf.rb
+- lib/jose/jwa/pkcs1.rb
+- lib/jose/jwa/pkcs7.rb
+- lib/jose/jwe.rb
+- lib/jose/jwe/alg.rb
+- lib/jose/jwe/alg_aes_gcm_kw.rb
+- lib/jose/jwe/alg_aes_kw.rb
+- lib/jose/jwe/alg_dir.rb
+- lib/jose/jwe/alg_ecdh_es.rb
+- lib/jose/jwe/alg_pbes2.rb
+- lib/jose/jwe/alg_rsa.rb
+- lib/jose/jwe/enc.rb
+- lib/jose/jwe/enc_aes_cbc_hmac.rb
+- lib/jose/jwe/enc_aes_gcm.rb
+- lib/jose/jwe/zip.rb
+- lib/jose/jwe/zip_def.rb
+- lib/jose/jwk.rb
+- lib/jose/jwk/kty.rb
+- lib/jose/jwk/kty_ec.rb
+- lib/jose/jwk/kty_oct.rb
+- lib/jose/jwk/kty_rsa.rb
+- lib/jose/jwk/pem.rb
+- lib/jose/jwk/set.rb
+- lib/jose/jws.rb
+- lib/jose/jws/alg.rb
+- lib/jose/jws/alg_ecdsa.rb
+- lib/jose/jws/alg_hmac.rb
+- lib/jose/jws/alg_rsa_pkcs1_v1_5.rb
+- lib/jose/jws/alg_rsa_pss.rb
+- lib/jose/jwt.rb
+- lib/jose/version.rb
+homepage: https://github.com/potatosalad/ruby-jose
+licenses:
+- MPL-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: JSON Object Signing and Encryption
+test_files: []
+has_rdoc: