RubyGems - json-jwt - Versions diffs - 1.10.0 → 1.10.1 - Mend

json-jwt 1.10.0 → 1.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of json-jwt might be problematic. Click here for more details.

Files changed (29) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/json-jwt.gemspec +3 -2
data/lib/json/jose.rb +1 -1
data/lib/json/jwe.rb +7 -7
data/lib/json/jwk.rb +4 -4
data/lib/json/jws.rb +6 -6
metadata +3 -45
data/spec/fixtures/ecdsa/256/private_key.pem +0 -5
data/spec/fixtures/ecdsa/256/public_key.pem +0 -4
data/spec/fixtures/ecdsa/384/private_key.pem +0 -6
data/spec/fixtures/ecdsa/384/public_key.pem +0 -5
data/spec/fixtures/ecdsa/512/private_key.pem +0 -7
data/spec/fixtures/ecdsa/512/public_key.pem +0 -6
data/spec/fixtures/rsa/private_key.der +0 -0
data/spec/fixtures/rsa/private_key.pem +0 -30
data/spec/fixtures/rsa/public_key.pem +0 -8
data/spec/helpers/nimbus_spec_helper.rb +0 -22
data/spec/helpers/sign_key_fixture_helper.rb +0 -52
data/spec/interop/with_jsrsasign_spec.rb +0 -49
data/spec/interop/with_nimbus_jose_spec.rb +0 -99
data/spec/interop/with_rfc_example_spec.rb +0 -19
data/spec/json/jwe_spec.rb +0 -351
data/spec/json/jwk/jwkizable_spec.rb +0 -49
data/spec/json/jwk/set_spec.rb +0 -75
data/spec/json/jwk_spec.rb +0 -194
data/spec/json/jws_spec.rb +0 -440
data/spec/json/jwt_spec.rb +0 -523
data/spec/spec_helper.rb +0 -28

data/spec/json/jwk/jwkizable_spec.rb DELETED

@@ -1,49 +0,0 @@
-require 'spec_helper'
-describe JSON::JWK::JWKizable do
-  describe '#to_jwk' do
-    subject { key.to_jwk }
-    shared_examples_for :jwkizable_as_public do
-      it { should be_instance_of JSON::JWK }
-      it { should include *public_key_attributes.collect(&:to_s) }
-      it { should_not include *private_key_attributes.collect(&:to_s) }
-    end
-    shared_examples_for :jwkizable_as_private do
-      it { should be_instance_of JSON::JWK }
-      it { should include *public_key_attributes.collect(&:to_s) }
-      it { should include *private_key_attributes.collect(&:to_s) }
-    end
-    describe OpenSSL::PKey::RSA do
-      let(:public_key_attributes) { [:kty, :n, :e] }
-      let(:private_key_attributes) { [:d, :p, :q] }
-      describe :public_key do
-        let(:key) { public_key :rsa }
-        it_behaves_like :jwkizable_as_public
-      end
-      describe :private_key do
-        let(:key) { private_key :rsa }
-        it_behaves_like :jwkizable_as_private
-      end
-    end
-    describe OpenSSL::PKey::EC do
-      let(:public_key_attributes) { [:kty, :crv, :x, :y] }
-      let(:private_key_attributes) { [:d] }
-      describe :public_key do
-        let(:key) { public_key :ecdsa }
-        it_behaves_like :jwkizable_as_public
-      end
-      describe :private_key do
-        let(:key) { private_key :ecdsa }
-        it_behaves_like :jwkizable_as_private
-      end
-    end
-  end
-end

data/spec/json/jwk/set_spec.rb DELETED

@@ -1,75 +0,0 @@
-require 'spec_helper'
-describe JSON::JWK::Set do
-  let(:jwk) { public_key.to_jwk }
-  let(:set) { JSON::JWK::Set.new jwk }
-  describe '#content_type' do
-    it do
-      set.content_type.should == 'application/jwk-set+json'
-    end
-  end
-  context 'when single JWK given' do
-    subject { JSON::JWK::Set.new jwk }
-    it { should == [jwk] }
-  end
-  context 'when multiple JWKs given' do
-    subject { JSON::JWK::Set.new jwk, jwk }
-    it { should == [jwk, jwk] }
-  end
-  context 'when an Array of JWKs given' do
-    subject { JSON::JWK::Set.new [jwk, jwk] }
-    it { should == [jwk, jwk] }
-  end
-  context 'when JSON::JWK given' do
-    subject { JSON::JWK::Set.new jwk }
-    it 'should keep JSON::JWK' do
-      subject.each do |jwk|
-        jwk.should be_instance_of JSON::JWK
-      end
-    end
-  end
-  context 'when pure Hash given' do
-    subject { JSON::JWK::Set.new jwk.as_json }
-    it 'should convert into JSON::JWK' do
-      subject.each do |jwk|
-        jwk.should be_instance_of JSON::JWK
-      end
-    end
-  end
-  context 'when pure Hash with :keys key given' do
-    subject do
-      JSON::JWK::Set.new(
-        keys: jwk.as_json
-      )
-    end
-    it 'should convert into JSON::JWK' do
-      subject.each do |jwk|
-        jwk.should be_instance_of JSON::JWK
-      end
-    end
-  end
-  describe '#as_json' do
-    it 'should become proper JWK set format' do
-      json = set.as_json
-      json.should include :keys
-      json[:keys].should == [jwk]
-    end
-  end
-  describe '#to_json' do
-    it do
-      expect { set.to_json }.not_to raise_error
-    end
-  end
-end

data/spec/json/jwk_spec.rb DELETED

@@ -1,194 +0,0 @@
-require 'spec_helper'
-describe JSON::JWK do
-  describe '#initialize' do
-    let(:jwk) { JSON::JWK.new key }
-    subject { jwk }
-    shared_examples_for :jwk_with_kid do
-      it { should be_instance_of JSON::JWK }
-      describe 'kid' do
-        subject { jwk[:kid] }
-        it { should == jwk.thumbprint }
-      end
-    end
-    shared_examples_for :jwk_without_kid do
-      it { should be_instance_of JSON::JWK }
-      describe 'kid' do
-        subject { jwk[:kid] }
-        it { should be_blank }
-      end
-    end
-    context 'when no imput' do
-      it do
-        JSON::JWK.new.should be_blank
-      end
-    end
-    context 'with OpenSSL::PKey::RSA' do
-      let(:key) { public_key }
-      it_behaves_like :jwk_with_kid
-    end
-    context 'with OpenSSL::PKey::EC' do
-      let(:key) { public_key :ecdsa }
-      it_behaves_like :jwk_with_kid
-    end
-    context 'with String' do
-      let(:key) { 'secret' }
-      it_behaves_like :jwk_with_kid
-    end
-    context 'with JSON::JWK' do
-      let(:key) do
-        JSON::JWK.new(
-          k: 'secret',
-          kty: :oct
-        )
-      end
-      it_behaves_like :jwk_with_kid
-    end
-    context 'with Hash' do
-      let(:key) do
-        {
-          k: 'secret',
-          kty: :oct
-        }
-      end
-      it_behaves_like :jwk_with_kid
-    end
-    context 'with nothing' do
-      let(:jwk) { JSON::JWK.new }
-      it_behaves_like :jwk_without_kid
-    end
-  end
-  describe '#content_type' do
-    let(:jwk) { JSON::JWK.new public_key }
-    it do
-      jwk.content_type.should == 'application/jwk+json'
-    end
-  end
-  context 'when RSA public key given' do
-    let(:jwk) { JSON::JWK.new public_key }
-    it { jwk.keys.collect(&:to_sym).should include :kty, :e, :n }
-    its(:kty) { jwk[:kty].should == :RSA }
-    its(:e) { jwk[:e].should == Base64.urlsafe_encode64(public_key.e.to_s(2), padding: false) }
-    its(:n) { jwk[:n].should == Base64.urlsafe_encode64(public_key.n.to_s(2), padding: false) }
-    context 'when kid/use options given' do
-      let(:jwk) { JSON::JWK.new public_key, kid: '12345', use: :sig }
-      it { jwk.keys.collect(&:to_sym).should include :kid, :use }
-      its(:kid) { jwk[:kid].should == '12345' }
-      its(:use) { jwk[:use].should == :sig }
-    end
-    describe '#thumbprint' do
-      context 'using default hash function' do
-        subject { jwk.thumbprint }
-        it { should == 'nuBTimkcSt_AuEsD8Yv3l8CoGV31bu_3gsRDGN1iVKA' }
-      end
-      context 'using SHA512 hash function' do
-        subject { jwk.thumbprint :SHA512 }
-        it { should == '6v7pXTnQLMiQgvJlPJUdhAUSuGLzgF8C1r3ABAMFet6bc53ea-Pq4ZGbGu3RoAFsNRT1-RhTzDqtqXuLU6NOtw' }
-      end
-    end
-    describe '#to_key' do
-      it { jwk.to_key.should be_instance_of OpenSSL::PKey::RSA }
-    end
-  end
-  context 'when EC public key given' do
-    let(:jwk) { JSON::JWK.new public_key(:ecdsa) }
-    let(:expected_coordinates) do
-      {
-        256 => {
-          x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
-          y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
-        },
-        384 => {
-          x: 'plzApyFnK7qzhg5XnIZbFj2hZoH2Vdl4-RFm7DnsNMG9tyqrpfq2RyjfKABbcFRt',
-          y: 'ixBzffhk3fcbmeipGLkvQBNCzeNm6QL3hOUTH6IFBzOL0Y7HsGTopNTTspLjlivb'
-        },
-        512 => {
-          x: 'AcMCD-a0a6rnE9TvC0mOqF_DGXRg5Y3iTb4eHNwTm2kD6iujx9M_f8d_FGHr0OhpqzEn4rYPYZouGsbIPEgL0q__',
-          y: 'AULYEd8l-bV_BI289aezhSLZ1RDF2ltgDPEy9Y7YtqYa4cJcpiyzVDMpXWwBp6cjg6TXINkoVrVXZhN404ihu4I2'
-        }
-      }
-    end
-    [256, 384, 512].each do |digest_length|
-      describe "EC#{digest_length}" do
-        let(:jwk) { JSON::JWK.new public_key(:ecdsa, digest_length: digest_length) }
-        it { jwk.keys.collect(&:to_sym).should include :kty, :crv, :x, :y }
-        its(:kty) { jwk[:kty].should == :EC }
-        its(:x) { jwk[:x].should == expected_coordinates[digest_length][:x] }
-        its(:y) { jwk[:y].should == expected_coordinates[digest_length][:y] }
-      end
-    end
-    describe 'unknown curve' do
-      it do
-        key = OpenSSL::PKey::EC.new('secp112r2').generate_key
-        expect do
-          JSON::JWK.new key
-        end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown EC Curve'
-      end
-    end
-    describe '#thumbprint' do
-      context 'using default hash function' do
-        subject { jwk.thumbprint }
-        it { should == '-egRpLjyZCqxBh4OOfd8JSvXwayHmNFAUNkbi8exfhc' }
-      end
-      context 'using SHA512 hash function' do
-        subject { jwk.thumbprint :SHA512 }
-        it { should == 'B_yXDZJ9doudaVCj5q5vqxshvVtW2IFnz_ypvRt5O60gemkDAhO78L6YMyTWH0ZRm15cO2_laTSaNO9yZQFsvQ' }
-      end
-    end
-    describe '#to_key' do
-      it { jwk.to_key.should be_instance_of OpenSSL::PKey::EC }
-    end
-  end
-  context 'when shared secret given' do
-    let(:jwk) { JSON::JWK.new 'secret' }
-    its(:kty) { jwk[:kty].should == :oct }
-    its(:x) { jwk[:k].should == 'secret' }
-    describe '#thumbprint' do
-      context 'using default hash function' do
-        subject { jwk.thumbprint }
-        it { should == 'XZPWsTEZFIerowAF9GHzBtq5CkAOcVvIBnkMu0IIQH0' }
-      end
-      context 'using SHA512 hash function' do
-        subject { jwk.thumbprint :SHA512 }
-        it { should == 'rK7EtcEe9Xr0kryR9lNnyOTRe7Vb_BglbTBtbcVG2LzvL26_PFaMCwOtiUiXWfCK-wV8vcxjmvbcvV4ZxDE0FQ' }
-      end
-    end
-    describe '#to_key' do
-      it { jwk.to_key.should be_instance_of String }
-    end
-  end
-  describe 'unknown key type' do
-    it do
-      key = OpenSSL::PKey::DSA.generate 256
-      expect do
-        JSON::JWK.new key
-      end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Key Type'
-    end
-  end
-end

data/spec/json/jws_spec.rb DELETED

@@ -1,440 +0,0 @@
-require 'spec_helper'
-describe JSON::JWS do
-  let(:alg) { :none }
-  let(:jwt) do
-    _jwt_ = JSON::JWT.new claims
-    _jwt_.alg = alg
-    _jwt_
-  end
-  let(:jwt_blank) do
-    _jwt_ = JSON::JWT.new nil
-    _jwt_.alg = alg
-    _jwt_
-  end
-  let(:jws) { JSON::JWS.new jwt }
-  let(:jws_blank) { JSON::JWS.new jwt_blank }
-  let(:signed) { jws.sign! private_key_or_secret }
-  let(:signed_blank) { jws_blank.sign! private_key_or_secret }
-  let(:decoded) { JSON::JWT.decode signed.to_s, public_key_or_secret }
-  let(:decoded_blank) { JSON::JWT.decode signed_blank.to_s, public_key_or_secret, nil, nil, true }
-  let(:claims) do
-    {
-      iss: 'joe',
-      exp: 1300819380,
-      :'http://example.com/is_root' => true
-    }
-  end
-  let(:expected_signature) do
-    {
-      :HS256 => 'DyuTgO2Ggb5nrhkkhI-RjVYIBe3o8oL4ijkAn94YPxQ',
-      :HS384 => 'a5-7rr61TG8Snv9xxJ7l064ky-SCq1Mswe9t8HEorvoc_nnfIeUy9WQCLMIli34R',
-      :HS512 => 'ce-GlHDaNwaHfmAFRGp3QPPKvrpruTug2hC1bf6yNlbuvkMwJw2jFZgq_4wmIPetRdiBy7XFq7rrtmw1Im7tmQ',
-      :RS256 => 'E5VELqAdla2Bx1axc9KFxO0EiCr0Mw6HPYX070qGQ8zA_XmyxGPUZLyyWU_6Cn399W-oYBWO2ynLlr8pqqjP3jXevyCeYeGRVN0HzLYiBebEugNnc3hevr7WV2UzfksWRA-Ux2bDv2sz9p_LGbL33wWNxGDvIlpDyZUul_a48nCipS0riBjkTLTSE8dfBxQTXEF5GEUUu99ot6aBLzUhc25nHXSXogXF6MHK-hAcE7f4v-vJ0lbPbHLVGUopIoxoqe4XjoBpzE5UvhrVl5LYbdjbyJhu5ZIA8GLsgwtUFh3dfdIechORoR3k5NSFSv8157bAEa8t4iwgWD2MSNSQnw',
-      :RS384 => 'lT5JbytGKgG9QrwkJuxgw7UjmN9tjkEQW9pVGR2XnKEdC0_wLNIzAmT-jTwyMDGBLUkWO7opDOP6Xy6_DOTg58k9PwVkyQzrLnmxJMEng2Q-aMqcitRSIvUk3DPy8kemp8yUPls9NzWmByM2GoUVHbDsR0r-tZN-g_9QYev32mvMhjMr30JI5S2xiRjc9m2GAaXMOQmNTovJgV4bgCp4UjruCrA0BD1JJwDqKYoR_YYr_ALcVjD_LUgy80udJvbi8MAYJVUf0QYtQDrX2wnT_-eiiWjD5XafLuXEQVDRh-v2MKAwdvtXMq5cZ08Zjl2SyHxJ3OqhEeWPvYGltxZh_A',
-      :RS512 => 'EHeGM2Mo3ghhUfSB99AlREehrbC6OPE-nYL_rwf88ysTnJ8L1QQ0UuCrXq4SpRutGLK_bYTK3ZALvFRPoOgK_g0QWmqv6qjQRU_QTxoq8y8APP-IgKKDuIiGH6daBV2rAPLDReqYNKsKjmTvZJo2c0a0e_WZkkj_ZwpgjTG3v0gW9lbDAzLJDz18eqtR4ZO7JTu_fyNrUrNk-w2_wpxSsn9sygIMp0lKE0_pt0b01fz3gjTDjlltU0cKSalUp4geaBDH7QRcexrolIctdQFbNKTXQxoigxD3NLNkKGH7f6A8KZdcOm8AnEjullcZs8_OWGnW43p1qrxoBRSivb9pqQ'
-    }
-  end
-  let(:expected_signature_blank_payload) do
-    {
-      :HS256 => 'iRFMM3GknVfzRTxlVQT87jfIw32Ik3lUYNGePPk5wnM',
-      :HS384 => 'rxyzr3I2RWRBgQaewQt3yjdp3BqkrFh-iHcet318OYHWhXvyzAE0npf0l0xi5DOV',
-      :HS512 => 'VDHOrPYrwycjaKbwccObXi6dmw4fVFqiFsNFQjqYHQAkxJGxqhfVLc1_WfKMa6C7vGSGroabaVdK7nn08XPdSQ',
-      :RS256 => 'WthQjouPVbErM7McwSY4slJjHaWqmFg1qKdmTDvttkiyAEcTjVViJkNHH9Mp573h13cXtLob1xh3UJYh5_-hSA4Y24zdyck3jp3fsOusflp1cMmhWXZ2nETKeWCEJDKRAnWynHqkwes7tgWmS0gVeuljeNkuovJlHmNRcoMR9Z3ZuiHfc2WFh-iFbM5Zne1y-_SSgAZwOD20P0Ysn28DtJTlXcm74ENqhLEJnvHS-872d6surb23kHMns43GtT5bm-aJoMLct0nO1GBapQAiKUknTsw24IfOkX4vJNQzIWVSzx3zOxXjcVHlH92af6NknIlPCfRparLC9YEK2NkJYg',
-      :RS384 => 'Jy6XNLNAyujRHYoCOtFqu7z0imHZMiwkwBr73ok_DDSDxQSA9ryt_q_tX0u8knpAIRcTJuNA0-s5DkGbpIj9coKgZ5JBvE_n9ijvNubImf8_vCDDitJemzUtnJypb9GbP4A3nWDAZC0KONVqlxpy92-9xrG5sFEzaYCFYZYnXv8kmmQEIVI1GXw4_Fx8HxRu5cae9WWTgaKQOFG54S303C0H966C1o6d9o3HQH7x8GEl632qBw4LzONWr_QpCN-UFgmJHO7yBwaP-RWnLDW3hYlb4IybRIvMQQicjkjNaNwLTmwo31orVxO53GcSjyhU2y_R843nQcNjTT_lD1QRvg',
-      :RS512 => 'ws2HZ6wvh8GMrFKiIHXDogyx8HFpa4wvrLxfZaMfCoMPf0SZ4V3tiEZRWfrxyvwpsdBj2Mgm5lt3IYAHhlI2hqWvuikDq6tuViloaAIm2xwTU060bF0GL1tQJ-h20wUukJ6fsWet8M9DNg7hcElYQMawHhk4L91YUtY2hKT_uWgPih_pn0Hq5Ve0at4CwAyXXTwCYSEH23PMsUdDfE5tfCyvL2bNQ71Ld_MvQS1NLS7hydzEtfxLK-UkDQVclFmEM3JXrPG7YSRodtKlwJ-ESDx6CaJXXDAgitSF32dslcIkmOXRJqjNmF15i_aVg0ExiU92WTpCrdwzWTt4Aphqlw',
-    }
-  end
-  shared_examples_for :jwt_with_alg do
-    it { should == jwt }
-    its(:header) { should == jwt.header }
-  end
-  context 'before sign' do
-    subject { jws }
-    it_behaves_like :jwt_with_alg
-    its(:signature) { should be_nil }
-  end
-  describe '#content_type' do
-    it do
-      jws.content_type.should == 'application/jose'
-    end
-  end
-  describe 'decode' do
-    let(:alg) { :RS256 }
-    let(:private_key_or_secret) { private_key }
-    let(:public_key_or_secret) { public_key }
-    describe 'blank payload not allowed' do
-      it 'should raise format error' do
-        expect do
-          JSON::JWT.decode signed_blank.to_s, public_key_or_secret
-        end.to raise_error JSON::JWT::InvalidFormat
-      end
-    end
-    describe 'blank payload allowed' do
-      it 'should not raise an error' do
-        expect do
-          JSON::JWT.decode signed_blank.to_s, public_key_or_secret, nil, nil, true
-        end.to_not raise_error
-      end
-    end
-  end
-  describe '#sign!' do
-    shared_examples_for :generate_expected_signature do
-      it do
-        Base64.urlsafe_encode64(signed.signature, padding: false).should == expected_signature[alg]
-      end
-      context 'with blank payload' do
-        it do
-          Base64.urlsafe_encode64(signed_blank.signature, padding: false).should == expected_signature_blank_payload[alg]
-        end
-      end
-    end
-    subject { signed }
-    [:HS256, :HS384, :HS512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-        context 'when String key given' do
-          let(:private_key_or_secret) { shared_secret }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :generate_expected_signature
-        end
-        context 'when JSON::JWK key given' do
-          let(:private_key_or_secret) { JSON::JWK.new shared_secret }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :generate_expected_signature
-        end
-      end
-    end
-    [:RS256, :RS384, :RS512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-        context 'when OpenSSL::PKey::RSA key given' do
-          let(:private_key_or_secret) { private_key }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :generate_expected_signature
-        end
-        context 'when JSON::JWK key given' do
-          let(:private_key_or_secret) { JSON::JWK.new private_key }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :generate_expected_signature
-        end
-      end
-    end
-    [:ES256, :ES384, :ES512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-        shared_examples_for :self_verifiable do
-          it 'should be self-verifiable' do
-            expect do
-              JSON::JWT.decode(
-                JSON::JWT.new(claims).sign(
-                  private_key_or_secret, algorithm
-                ).to_s, public_key_or_secret
-              )
-            end.not_to raise_error
-          end
-        end
-        context 'when OpenSSL::PKey::EC key given' do
-          let(:private_key_or_secret) { private_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
-          let(:public_key_or_secret)  { public_key  :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :self_verifiable
-        end
-        context 'when JSON::JWK key given' do
-          let(:private_key_or_secret) { JSON::JWK.new(private_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i) }
-          let(:public_key_or_secret)  { JSON::JWK.new(public_key  :ecdsa, digest_length: algorithm.to_s[2,3].to_i) }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :self_verifiable
-        end
-      end
-    end
-    context 'when JSON::JWK::Set key given' do
-      let(:alg) { :HS256 }
-      let(:kid) { 'kid' }
-      let(:jwks) do
-        jwk = JSON::JWK.new shared_secret, kid: kid
-        JSON::JWK::Set.new jwk, JSON::JWK.new('another')
-      end
-      let(:signed) { jws.sign!(jwks) }
-      context 'when jwk is found by given kid' do
-        before { jws.kid = kid }
-        it { should == jws.sign!('secret') }
-      end
-      context 'otherwise' do
-        it do
-          expect do
-            subject
-          end.to raise_error JSON::JWK::Set::KidNotFound
-        end
-      end
-    end
-    describe 'unknown algorithm' do
-      let(:alg) { :unknown }
-      it do
-        expect do
-          jws.sign! 'key'
-        end.to raise_error JSON::JWS::UnexpectedAlgorithm
-      end
-    end
-  end
-  describe '#verify!' do
-    shared_examples_for :success_signature_verification do
-      it do
-        expect { decoded }.not_to raise_error
-        decoded.should be_a JSON::JWT
-      end
-      describe 'header' do
-        let(:header) { decoded.header }
-        it 'should be parsed successfully' do
-          header[:typ].should == 'JWT'
-          header[:alg].should == alg.to_s
-        end
-      end
-      describe 'claims' do
-        it 'should be parsed successfully' do
-          decoded[:iss].should == 'joe'
-          decoded[:exp].should == 1300819380
-          decoded[:'http://example.com/is_root'] == true
-        end
-      end
-      context 'with blank payload' do
-        it do
-          expect { decoded_blank }.not_to raise_error
-          decoded_blank.should be_a JSON::JWT
-        end
-        describe 'header' do
-          let(:header) { decoded_blank.header }
-          it 'should be parsed successfully' do
-            header[:typ].should == 'JWT'
-            header[:alg].should == alg.to_s
-          end
-        end
-        describe 'claims' do
-          it 'should be parsed successfully' do
-            p decoded_blank.blank_payload
-            decoded_blank.blank_payload.should == true
-            decoded_blank[:iss].should == nil
-            decoded_blank[:exp].should == nil
-            decoded[:'http://example.com/is_root'] == nil
-          end
-        end
-      end
-    end
-    subject { decoded }
-    [:HS256, :HS384, :HS512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-        let(:private_key_or_secret) { shared_secret }
-        context 'when String key given' do
-          let(:public_key_or_secret) { shared_secret }
-          it_behaves_like :success_signature_verification
-        end
-        context 'when JSON::JWK key given' do
-          let(:public_key_or_secret) { JSON::JWK.new shared_secret }
-          it_behaves_like :success_signature_verification
-        end
-      end
-    end
-    [:RS256, :RS384, :RS512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-        let(:private_key_or_secret) { private_key }
-        context 'when OpenSSL::PKey::RSA key given' do
-          let(:public_key_or_secret) { public_key }
-          it_behaves_like :success_signature_verification
-        end
-        context 'when JSON::JWK key given' do
-          let(:public_key_or_secret) { JSON::JWK.new public_key }
-          it_behaves_like :success_signature_verification
-        end
-      end
-    end
-    [:ES256, :ES384, :ES512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-        let(:private_key_or_secret) { private_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
-        context 'when OpenSSL::PKey::EC key given' do
-          let(:public_key_or_secret) { public_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
-          it_behaves_like :success_signature_verification
-        end
-        context 'when JSON::JWK key given' do
-          let(:public_key_or_secret) { JSON::JWK.new public_key(:ecdsa, digest_length: algorithm.to_s[2,3].to_i) }
-          it_behaves_like :success_signature_verification
-        end
-      end
-    end
-    context 'when JSON::JWK::Set key given' do
-      subject { JSON::JWT.decode signed.to_s, jwks }
-      let(:alg) { :HS256 }
-      let(:kid) { 'kid' }
-      let(:jwks) do
-        jwk = JSON::JWK.new shared_secret, kid: kid
-        JSON::JWK::Set.new jwk, JSON::JWK.new('another')
-      end
-      let(:signed) { jws.sign!(jwks) }
-      context 'when jwk is found by given kid' do
-        before { jws.kid = kid }
-        it { should == signed }
-      end
-      context 'otherwise' do
-        it do
-          expect do
-            subject
-          end.to raise_error JSON::JWK::Set::KidNotFound
-        end
-      end
-    end
-    describe 'unknown algorithm' do
-      let(:alg) { :unknown }
-      it do
-        expect do
-          jws.verify! 'key'
-        end.to raise_error JSON::JWS::UnexpectedAlgorithm
-      end
-    end
-  end
-  describe '#to_json' do
-    let(:alg) { :RS256 }
-    let(:private_key_or_secret) { private_key }
-    context 'as default' do
-      it 'should JSONize payload' do
-        jws.to_json.should == claims.to_json
-      end
-    end
-    context 'with blank payload' do
-      it 'should JSONize payload' do
-        puts ("jws_blank: #{jws_blank.to_json.inspect}")
-        jws_blank.to_json.should == ''
-      end
-    end
-    context 'when syntax option given' do
-      context 'when general' do
-        it 'should return General JWS JSON Serialization' do
-          signed.to_json(syntax: :general).should == {
-            payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
-            signatures: [{
-              protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false),
-              signature: Base64.urlsafe_encode64(signed.signature, padding: false)
-            }]
-          }.to_json
-        end
-        context 'with blank payload' do
-          it 'should return General JWS JSON Serialization' do
-            signed_blank.to_json(syntax: :general).should == {
-              payload: '',
-              signatures: [{
-                protected: Base64.urlsafe_encode64(signed_blank.header.to_json, padding: false),
-                signature: Base64.urlsafe_encode64(signed_blank.signature, padding: false)
-              }]
-            }.to_json
-          end
-        end
-        context 'when not signed yet' do
-          it 'should not fail' do
-            jws.to_json(syntax: :general).should == {
-              payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
-              signatures: [{
-                protected: Base64.urlsafe_encode64(jws.header.to_json, padding: false),
-                signature: Base64.urlsafe_encode64('', padding: false)
-              }]
-            }.to_json
-          end
-          context 'with blank payload' do
-            it 'should not fail' do
-              jws_blank.to_json(syntax: :general).should == {
-                payload: '',
-                signatures: [{
-                  protected: Base64.urlsafe_encode64(jws_blank.header.to_json, padding: false),
-                  signature: Base64.urlsafe_encode64('', padding: false)
-                }]
-              }.to_json
-            end
-          end
-        end
-      end
-      context 'when flattened' do
-        it 'should return Flattened JWS JSON Serialization' do
-          signed.to_json(syntax: :flattened).should == {
-            protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false),
-            payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
-            signature: Base64.urlsafe_encode64(signed.signature, padding: false)
-          }.to_json
-        end
-        context 'with blank payload' do
-          it 'should return Flattened JWS JSON Serialization' do
-            signed_blank.to_json(syntax: :flattened).should == {
-              protected: Base64.urlsafe_encode64(signed_blank.header.to_json, padding: false),
-              payload: '',
-              signature: Base64.urlsafe_encode64(signed_blank.signature, padding: false)
-            }.to_json
-          end
-        end
-        context 'when not signed yet' do
-          it 'should not fail' do
-            jws.to_json(syntax: :flattened).should == {
-              protected: Base64.urlsafe_encode64(jws.header.to_json, padding: false),
-              payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
-              signature: Base64.urlsafe_encode64('', padding: false)
-            }.to_json
-          end
-          context 'with blank payload' do
-            it 'should not fail' do
-              jws_blank.to_json(syntax: :flattened).should == {
-                protected: Base64.urlsafe_encode64(jws_blank.header.to_json, padding: false),
-                payload: '',
-                signature: Base64.urlsafe_encode64('', padding: false)
-              }.to_json
-            end
-          end
-        end
-      end
-    end
-  end
-end