jose 0.2.0 → 0.3.0

data/lib/jose/jwk/kty_rsa.rb

@@ -67,11 +67,18 @@ class JOSE::JWK::KTY_RSA < Struct.new(:key)
 
   # JOSE::JWK::KTY callbacks
 
-  def block_encryptor(fields, plain_text)
-    return JOSE::Map[
-      'alg' => 'RSA-OAEP',
-      'enc' => 'A128GCM'
-    ]
+  def block_encryptor(fields = nil)
+    if fields and fields['use'] == 'enc' and not fields['alg'].nil? and not fields['enc'].nil?
+      return JOSE::Map[
+        'alg' => fields['alg'],
+        'enc' => fields['enc']
+      ]
+    else
+      return JOSE::Map[
+        'alg' => 'RSA-OAEP',
+        'enc' => 'A128GCM'
+      ]
+    end
   end
 
   def decrypt_private(cipher_text, rsa_padding: :rsa_pkcs1_padding, rsa_oaep_md: nil)
@@ -146,8 +153,10 @@ class JOSE::JWK::KTY_RSA < Struct.new(:key)
     end
   end
 
-  def signer(fields = nil, plain_text = nil)
-    if key.private?
+  def signer(fields = nil)
+    if key.private? and fields and fields['use'] == 'sig' and not fields['alg'].nil?
+      return JOSE::Map['alg' => fields['alg']]
+    elsif key.private?
       return JOSE::Map['alg' => 'RS256']
     else
       raise ArgumentError, "signing not supported for public keys"

data/lib/jose/jws.rb

@@ -95,8 +95,7 @@ module JOSE
 
     def self.expand(binary)
       if binary.is_a?(String)
-        parts = binary.split('.')
-        if parts.length == 3
+        if binary.count('.') == 2 and (parts = binary.split('.', 3)).length == 3
           protected_binary, payload, signature = parts
           return JOSE::SignedMap[
             'payload'   => payload,
@@ -111,6 +110,32 @@ module JOSE
       end
     end
 
+    def self.generate_key(object, modules = {})
+      return from(object, modules).generate_key
+    end
+
+    def generate_key
+      return alg.generate_key(fields)
+    end
+
+    def self.merge(left, right)
+      return from(left).merge(right)
+    end
+
+    def merge(object)
+      object = case object
+      when JOSE::Map, Hash
+        object
+      when String
+        JOSE.decode(object)
+      when JOSE::JWS
+        object.to_map
+      else
+        raise ArgumentError, "'object' must be a Hash, String, or JOSE::JWS"
+      end
+      return JOSE::JWS.from_map(self.to_map.merge(object))
+    end
+
     def self.peek_payload(signed)
       if signed.is_a?(String)
         signed = expand(signed)
@@ -163,7 +188,6 @@ module JOSE
     end
 
     def verify(key, plain_text, signature, protected_binary = JOSE.urlsafe_encode64(to_binary))
-      payload = JOSE.urlsafe_encode64(plain_text)
       signing_input = signing_input(plain_text, protected_binary)
       return alg.verify(key, signing_input, signature), plain_text, self
     end

data/lib/jose/jws/alg.rb

@@ -2,10 +2,18 @@ module JOSE::JWS::ALG
 
   extend self
 
+  def generate_key(parameters, algorithm)
+    return JOSE::JWK.generate_key(parameters).merge({
+      'alg' => algorithm,
+      'use' => 'sig'
+    })
+  end
+
 end
 
 require 'jose/jws/alg_ecdsa'
 require 'jose/jws/alg_eddsa'
 require 'jose/jws/alg_hmac'
+require 'jose/jws/alg_none'
 require 'jose/jws/alg_rsa_pkcs1_v1_5'
 require 'jose/jws/alg_rsa_pss'

data/lib/jose/jws/alg_ecdsa.rb

@@ -30,6 +30,19 @@ class JOSE::JWS::ALG_ECDSA < Struct.new(:digest)
 
   # JOSE::JWS::ALG callbacks
 
+  def generate_key(fields)
+    crv, alg = if digest == OpenSSL::Digest::SHA256
+      ['P-256', 'ES256']
+    elsif digest == OpenSSL::Digest::SHA384
+      ['P-384', 'ES384']
+    elsif digest == OpenSSL::Digest::SHA512
+      ['P-521', 'ES512']
+    else
+      raise ArgumentError, "unhandled ECDSA digest type: #{digest.inspect}"
+    end
+    return JOSE::JWS::ALG.generate_key([:ec, crv], alg)
+  end
+
   def sign(jwk, message)
     return jwk.kty.sign(message, digest)
   end

data/lib/jose/jws/alg_eddsa.rb

@@ -24,6 +24,10 @@ class JOSE::JWS::ALG_EDDSA < Struct.new(:sign_type)
 
   # JOSE::JWS::ALG callbacks
 
+  def generate_key(fields)
+    return JOSE::JWS::ALG.generate_key([:okp, sign_type], sign_type.to_s)
+  end
+
   def sign(jwk, message)
     return jwk.kty.sign(message, sign_type)
   end

data/lib/jose/jws/alg_hmac.rb

@@ -30,6 +30,19 @@ class JOSE::JWS::ALG_HMAC < Struct.new(:hmac)
 
   # JOSE::JWS::ALG callbacks
 
+  def generate_key(fields)
+    bytesize, alg = if hmac == OpenSSL::Digest::SHA256
+      [32, 'HS256']
+    elsif hmac == OpenSSL::Digest::SHA384
+      [48, 'HS384']
+    elsif hmac == OpenSSL::Digest::SHA512
+      [64, 'HS512']
+    else
+      raise ArgumentError, "unhandled HMAC digest type: #{hmac.inspect}"
+    end
+    return JOSE::JWS::ALG.generate_key([:oct, bytesize], alg)
+  end
+
   def sign(jwk, message)
     return jwk.kty.sign(message, hmac)
   end

data/lib/jose/jws/alg_none.rb

@@ -0,0 +1,44 @@
+class JOSE::JWS::ALG_none < Struct.new(:none)
+
+  # JOSE::JWS callbacks
+
+  def self.from_map(fields)
+    case fields['alg']
+    when 'none'
+      return new(true), fields.delete('alg')
+    else
+      raise ArgumentError, "invalid 'alg' for JWS: #{fields['alg'].inspect}"
+    end
+  end
+
+  def to_map(fields)
+    return fields.put('alg', 'none')
+  end
+
+  # JOSE::JWS::ALG callbacks
+
+  def generate_key(fields)
+    raise NotImplementedError
+  end
+
+  def sign(jwk, message)
+    if JOSE.__unsecured_signing__
+      return ''
+    else
+      raise NotImplementedError
+    end
+  end
+
+  def verify(jwk, message, signature)
+    if JOSE.__unsecured_signing__
+      if signature == ''
+        return true
+      else
+        return false
+      end
+    else
+      raise NotImplementedError
+    end
+  end
+
+end

data/lib/jose/jws/alg_rsa_pkcs1_v1_5.rb

@@ -30,6 +30,19 @@ class JOSE::JWS::ALG_RSA_PKCS1_V1_5 < Struct.new(:digest)
 
   # JOSE::JWS::ALG callbacks
 
+  def generate_key(fields)
+    bitsize, alg = if digest == OpenSSL::Digest::SHA256
+      [2048, 'RS256']
+    elsif digest == OpenSSL::Digest::SHA384
+      [3072, 'RS384']
+    elsif digest == OpenSSL::Digest::SHA512
+      [4096, 'RS512']
+    else
+      raise ArgumentError, "unhandled RSA_PKCS1_v1_5 digest type: #{digest.inspect}"
+    end
+    return JOSE::JWS::ALG.generate_key([:rsa, bitsize], alg)
+  end
+
   def sign(jwk, message)
     return jwk.kty.sign(message, digest, padding: :rsa_pkcs1_padding)
   end

data/lib/jose/jws/alg_rsa_pss.rb

@@ -30,6 +30,19 @@ class JOSE::JWS::ALG_RSA_PSS < Struct.new(:digest)
 
   # JOSE::JWS::ALG callbacks
 
+  def generate_key(fields)
+    bitsize, alg = if digest == OpenSSL::Digest::SHA256
+      [2048, 'PS256']
+    elsif digest == OpenSSL::Digest::SHA384
+      [3072, 'PS384']
+    elsif digest == OpenSSL::Digest::SHA512
+      [4096, 'PS512']
+    else
+      raise ArgumentError, "unhandled RSA_PSS digest type: #{digest.inspect}"
+    end
+    return JOSE::JWS::ALG.generate_key([:rsa, bitsize], alg)
+  end
+
   def sign(jwk, message)
     return jwk.kty.sign(message, digest, padding: :rsa_pkcs1_pss_padding)
   end

data/lib/jose/jwt.rb

@@ -80,7 +80,7 @@ module JOSE
       plain_text = to_binary
       if jwe.nil?
         jwk = JOSE::JWK.from(jwk)
-        jwe = jwk.kty.block_encryptor(jwk.fields, plain_text)
+        jwe = jwk.block_encryptor
       end
       if jwe.is_a?(Hash)
         jwe = JOSE::Map.new(jwe)
@@ -91,6 +91,24 @@ module JOSE
       return JOSE::JWK.block_encrypt(jwk, plain_text, jwe)
     end
 
+    def self.merge(left, right)
+      return from(left).merge(right)
+    end
+
+    def merge(object)
+      object = case object
+      when JOSE::Map, Hash
+        object
+      when String
+        JOSE.decode(object)
+      when JOSE::JWT
+        object.to_map
+      else
+        raise ArgumentError, "'object' must be a Hash, String, or JOSE::JWT"
+      end
+      return JOSE::JWT.from_map(self.to_map.merge(object))
+    end
+
     def self.peek_payload(signed)
       return JOSE::Map.new(JOSE.decode(JOSE::JWS.peek_payload(signed)))
     end
@@ -107,7 +125,7 @@ module JOSE
       plain_text = to_binary
       if jws.nil?
         jwk = JOSE::JWK.from(jwk)
-        jws = jwk.kty.signer(jwk.fields, plain_text)
+        jws = jwk.signer
       end
       if jws.is_a?(Hash)
         jws = JOSE::Map.new(jws)

data/lib/jose/version.rb

@@ -1,3 +1,3 @@
 module JOSE
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jose
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Andrew Bennett
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-02-25 00:00:00.000000000 Z
+date: 2016-05-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hamster
@@ -30,28 +30,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.12'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.5'
+        version: '11.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.5'
+        version: '11.1'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -168,6 +168,7 @@ files:
 - lib/jose/jws/alg_ecdsa.rb
 - lib/jose/jws/alg_eddsa.rb
 - lib/jose/jws/alg_hmac.rb
+- lib/jose/jws/alg_none.rb
 - lib/jose/jws/alg_rsa_pkcs1_v1_5.rb
 - lib/jose/jws/alg_rsa_pss.rb
 - lib/jose/jwt.rb