json-jwt 1.10.0 → 1.10.1

data/spec/json/jwk/jwkizable_spec.rb

@@ -1,49 +0,0 @@
-require 'spec_helper'
-
-describe JSON::JWK::JWKizable do
-  describe '#to_jwk' do
-    subject { key.to_jwk }
-
-    shared_examples_for :jwkizable_as_public do
-      it { should be_instance_of JSON::JWK }
-      it { should include *public_key_attributes.collect(&:to_s) }
-      it { should_not include *private_key_attributes.collect(&:to_s) }
-    end
-
-    shared_examples_for :jwkizable_as_private do
-      it { should be_instance_of JSON::JWK }
-      it { should include *public_key_attributes.collect(&:to_s) }
-      it { should include *private_key_attributes.collect(&:to_s) }
-    end
-
-    describe OpenSSL::PKey::RSA do
-      let(:public_key_attributes) { [:kty, :n, :e] }
-      let(:private_key_attributes) { [:d, :p, :q] }
-
-      describe :public_key do
-        let(:key) { public_key :rsa }
-        it_behaves_like :jwkizable_as_public
-      end
-
-      describe :private_key do
-        let(:key) { private_key :rsa }
-        it_behaves_like :jwkizable_as_private
-      end
-    end
-
-    describe OpenSSL::PKey::EC do
-      let(:public_key_attributes) { [:kty, :crv, :x, :y] }
-      let(:private_key_attributes) { [:d] }
-
-      describe :public_key do
-        let(:key) { public_key :ecdsa }
-        it_behaves_like :jwkizable_as_public
-      end
-
-      describe :private_key do
-        let(:key) { private_key :ecdsa }
-        it_behaves_like :jwkizable_as_private
-      end
-    end
-  end
-end

data/spec/json/jwk/set_spec.rb

@@ -1,75 +0,0 @@
-require 'spec_helper'
-
-describe JSON::JWK::Set do
-  let(:jwk) { public_key.to_jwk }
-  let(:set) { JSON::JWK::Set.new jwk }
-
-  describe '#content_type' do
-    it do
-      set.content_type.should == 'application/jwk-set+json'
-    end
-  end
-
-  context 'when single JWK given' do
-    subject { JSON::JWK::Set.new jwk }
-    it { should == [jwk] }
-  end
-
-  context 'when multiple JWKs given' do
-    subject { JSON::JWK::Set.new jwk, jwk }
-    it { should == [jwk, jwk] }
-  end
-
-  context 'when an Array of JWKs given' do
-    subject { JSON::JWK::Set.new [jwk, jwk] }
-    it { should == [jwk, jwk] }
-  end
-
-  context 'when JSON::JWK given' do
-    subject { JSON::JWK::Set.new jwk }
-
-    it 'should keep JSON::JWK' do
-      subject.each do |jwk|
-        jwk.should be_instance_of JSON::JWK
-      end
-    end
-  end
-
-  context 'when pure Hash given' do
-    subject { JSON::JWK::Set.new jwk.as_json }
-
-    it 'should convert into JSON::JWK' do
-      subject.each do |jwk|
-        jwk.should be_instance_of JSON::JWK
-      end
-    end
-  end
-
-  context 'when pure Hash with :keys key given' do
-    subject do
-      JSON::JWK::Set.new(
-        keys: jwk.as_json
-      )
-    end
-
-    it 'should convert into JSON::JWK' do
-      subject.each do |jwk|
-        jwk.should be_instance_of JSON::JWK
-      end
-    end
-  end
-
-  describe '#as_json' do
-    it 'should become proper JWK set format' do
-      json = set.as_json
-      json.should include :keys
-      json[:keys].should == [jwk]
-    end
-  end
-
-  describe '#to_json' do
-    it do
-      expect { set.to_json }.not_to raise_error
-    end
-  end
-end

data/spec/json/jwk_spec.rb

@@ -1,194 +0,0 @@
-require 'spec_helper'
-
-describe JSON::JWK do
-  describe '#initialize' do
-    let(:jwk) { JSON::JWK.new key }
-    subject { jwk }
-
-    shared_examples_for :jwk_with_kid do
-      it { should be_instance_of JSON::JWK }
-      describe 'kid' do
-        subject { jwk[:kid] }
-        it { should == jwk.thumbprint }
-      end
-    end
-
-    shared_examples_for :jwk_without_kid do
-      it { should be_instance_of JSON::JWK }
-      describe 'kid' do
-        subject { jwk[:kid] }
-        it { should be_blank }
-      end
-    end
-
-    context 'when no imput' do
-      it do
-        JSON::JWK.new.should be_blank
-      end
-    end
-
-    context 'with OpenSSL::PKey::RSA' do
-      let(:key) { public_key }
-      it_behaves_like :jwk_with_kid
-    end
-
-    context 'with OpenSSL::PKey::EC' do
-      let(:key) { public_key :ecdsa }
-      it_behaves_like :jwk_with_kid
-    end
-
-    context 'with String' do
-      let(:key) { 'secret' }
-      it_behaves_like :jwk_with_kid
-    end
-
-    context 'with JSON::JWK' do
-      let(:key) do
-        JSON::JWK.new(
-          k: 'secret',
-          kty: :oct
-        )
-      end
-      it_behaves_like :jwk_with_kid
-    end
-
-    context 'with Hash' do
-      let(:key) do
-        {
-          k: 'secret',
-          kty: :oct
-        }
-      end
-      it_behaves_like :jwk_with_kid
-    end
-
-    context 'with nothing' do
-      let(:jwk) { JSON::JWK.new }
-      it_behaves_like :jwk_without_kid
-    end
-  end
-
-  describe '#content_type' do
-    let(:jwk) { JSON::JWK.new public_key }
-    it do
-      jwk.content_type.should == 'application/jwk+json'
-    end
-  end
-
-  context 'when RSA public key given' do
-    let(:jwk) { JSON::JWK.new public_key }
-    it { jwk.keys.collect(&:to_sym).should include :kty, :e, :n }
-    its(:kty) { jwk[:kty].should == :RSA }
-    its(:e) { jwk[:e].should == Base64.urlsafe_encode64(public_key.e.to_s(2), padding: false) }
-    its(:n) { jwk[:n].should == Base64.urlsafe_encode64(public_key.n.to_s(2), padding: false) }
-
-    context 'when kid/use options given' do
-      let(:jwk) { JSON::JWK.new public_key, kid: '12345', use: :sig }
-      it { jwk.keys.collect(&:to_sym).should include :kid, :use }
-      its(:kid) { jwk[:kid].should == '12345' }
-      its(:use) { jwk[:use].should == :sig }
-    end
-
-    describe '#thumbprint' do
-      context 'using default hash function' do
-        subject { jwk.thumbprint }
-        it { should == 'nuBTimkcSt_AuEsD8Yv3l8CoGV31bu_3gsRDGN1iVKA' }
-      end
-
-      context 'using SHA512 hash function' do
-        subject { jwk.thumbprint :SHA512 }
-        it { should == '6v7pXTnQLMiQgvJlPJUdhAUSuGLzgF8C1r3ABAMFet6bc53ea-Pq4ZGbGu3RoAFsNRT1-RhTzDqtqXuLU6NOtw' }
-      end
-    end
-
-    describe '#to_key' do
-      it { jwk.to_key.should be_instance_of OpenSSL::PKey::RSA }
-    end
-  end
-
-  context 'when EC public key given' do
-    let(:jwk) { JSON::JWK.new public_key(:ecdsa) }
-    let(:expected_coordinates) do
-      {
-        256 => {
-          x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
-          y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
-        },
-        384 => {
-          x: 'plzApyFnK7qzhg5XnIZbFj2hZoH2Vdl4-RFm7DnsNMG9tyqrpfq2RyjfKABbcFRt',
-          y: 'ixBzffhk3fcbmeipGLkvQBNCzeNm6QL3hOUTH6IFBzOL0Y7HsGTopNTTspLjlivb'
-        },
-        512 => {
-          x: 'AcMCD-a0a6rnE9TvC0mOqF_DGXRg5Y3iTb4eHNwTm2kD6iujx9M_f8d_FGHr0OhpqzEn4rYPYZouGsbIPEgL0q__',
-          y: 'AULYEd8l-bV_BI289aezhSLZ1RDF2ltgDPEy9Y7YtqYa4cJcpiyzVDMpXWwBp6cjg6TXINkoVrVXZhN404ihu4I2'
-        }
-      }
-    end
-
-    [256, 384, 512].each do |digest_length|
-      describe "EC#{digest_length}" do
-        let(:jwk) { JSON::JWK.new public_key(:ecdsa, digest_length: digest_length) }
-        it { jwk.keys.collect(&:to_sym).should include :kty, :crv, :x, :y }
-        its(:kty) { jwk[:kty].should == :EC }
-        its(:x) { jwk[:x].should == expected_coordinates[digest_length][:x] }
-        its(:y) { jwk[:y].should == expected_coordinates[digest_length][:y] }
-      end
-    end
-
-    describe 'unknown curve' do
-      it do
-        key = OpenSSL::PKey::EC.new('secp112r2').generate_key
-        expect do
-          JSON::JWK.new key
-        end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown EC Curve'
-      end
-    end
-
-    describe '#thumbprint' do
-      context 'using default hash function' do
-        subject { jwk.thumbprint }
-        it { should == '-egRpLjyZCqxBh4OOfd8JSvXwayHmNFAUNkbi8exfhc' }
-      end
-
-      context 'using SHA512 hash function' do
-        subject { jwk.thumbprint :SHA512 }
-        it { should == 'B_yXDZJ9doudaVCj5q5vqxshvVtW2IFnz_ypvRt5O60gemkDAhO78L6YMyTWH0ZRm15cO2_laTSaNO9yZQFsvQ' }
-      end
-    end
-
-    describe '#to_key' do
-      it { jwk.to_key.should be_instance_of OpenSSL::PKey::EC }
-    end
-  end
-
-  context 'when shared secret given' do
-    let(:jwk) { JSON::JWK.new 'secret' }
-    its(:kty) { jwk[:kty].should == :oct }
-    its(:x) { jwk[:k].should == 'secret' }
-
-    describe '#thumbprint' do
-      context 'using default hash function' do
-        subject { jwk.thumbprint }
-        it { should == 'XZPWsTEZFIerowAF9GHzBtq5CkAOcVvIBnkMu0IIQH0' }
-      end
-
-      context 'using SHA512 hash function' do
-        subject { jwk.thumbprint :SHA512 }
-        it { should == 'rK7EtcEe9Xr0kryR9lNnyOTRe7Vb_BglbTBtbcVG2LzvL26_PFaMCwOtiUiXWfCK-wV8vcxjmvbcvV4ZxDE0FQ' }
-      end
-    end
-
-    describe '#to_key' do
-      it { jwk.to_key.should be_instance_of String }
-    end
-  end
-
-  describe 'unknown key type' do
-    it do
-      key = OpenSSL::PKey::DSA.generate 256
-      expect do
-        JSON::JWK.new key
-      end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Key Type'
-    end
-  end
-end

data/spec/json/jws_spec.rb

@@ -1,440 +0,0 @@
-require 'spec_helper'
-
-describe JSON::JWS do
-  let(:alg) { :none }
-  let(:jwt) do
-    _jwt_ = JSON::JWT.new claims
-    _jwt_.alg = alg
-    _jwt_
-  end
-  let(:jwt_blank) do
-    _jwt_ = JSON::JWT.new nil
-    _jwt_.alg = alg
-    _jwt_
-  end
-  let(:jws) { JSON::JWS.new jwt }
-  let(:jws_blank) { JSON::JWS.new jwt_blank }
-  let(:signed) { jws.sign! private_key_or_secret }
-  let(:signed_blank) { jws_blank.sign! private_key_or_secret }
-  let(:decoded) { JSON::JWT.decode signed.to_s, public_key_or_secret }
-  let(:decoded_blank) { JSON::JWT.decode signed_blank.to_s, public_key_or_secret, nil, nil, true }
-  let(:claims) do
-    {
-      iss: 'joe',
-      exp: 1300819380,
-      :'http://example.com/is_root' => true
-    }
-  end
-  let(:expected_signature) do
-    {
-      :HS256 => 'DyuTgO2Ggb5nrhkkhI-RjVYIBe3o8oL4ijkAn94YPxQ',
-      :HS384 => 'a5-7rr61TG8Snv9xxJ7l064ky-SCq1Mswe9t8HEorvoc_nnfIeUy9WQCLMIli34R',
-      :HS512 => 'ce-GlHDaNwaHfmAFRGp3QPPKvrpruTug2hC1bf6yNlbuvkMwJw2jFZgq_4wmIPetRdiBy7XFq7rrtmw1Im7tmQ',
-      :RS256 => 'E5VELqAdla2Bx1axc9KFxO0EiCr0Mw6HPYX070qGQ8zA_XmyxGPUZLyyWU_6Cn399W-oYBWO2ynLlr8pqqjP3jXevyCeYeGRVN0HzLYiBebEugNnc3hevr7WV2UzfksWRA-Ux2bDv2sz9p_LGbL33wWNxGDvIlpDyZUul_a48nCipS0riBjkTLTSE8dfBxQTXEF5GEUUu99ot6aBLzUhc25nHXSXogXF6MHK-hAcE7f4v-vJ0lbPbHLVGUopIoxoqe4XjoBpzE5UvhrVl5LYbdjbyJhu5ZIA8GLsgwtUFh3dfdIechORoR3k5NSFSv8157bAEa8t4iwgWD2MSNSQnw',
-      :RS384 => 'lT5JbytGKgG9QrwkJuxgw7UjmN9tjkEQW9pVGR2XnKEdC0_wLNIzAmT-jTwyMDGBLUkWO7opDOP6Xy6_DOTg58k9PwVkyQzrLnmxJMEng2Q-aMqcitRSIvUk3DPy8kemp8yUPls9NzWmByM2GoUVHbDsR0r-tZN-g_9QYev32mvMhjMr30JI5S2xiRjc9m2GAaXMOQmNTovJgV4bgCp4UjruCrA0BD1JJwDqKYoR_YYr_ALcVjD_LUgy80udJvbi8MAYJVUf0QYtQDrX2wnT_-eiiWjD5XafLuXEQVDRh-v2MKAwdvtXMq5cZ08Zjl2SyHxJ3OqhEeWPvYGltxZh_A',
-      :RS512 => 'EHeGM2Mo3ghhUfSB99AlREehrbC6OPE-nYL_rwf88ysTnJ8L1QQ0UuCrXq4SpRutGLK_bYTK3ZALvFRPoOgK_g0QWmqv6qjQRU_QTxoq8y8APP-IgKKDuIiGH6daBV2rAPLDReqYNKsKjmTvZJo2c0a0e_WZkkj_ZwpgjTG3v0gW9lbDAzLJDz18eqtR4ZO7JTu_fyNrUrNk-w2_wpxSsn9sygIMp0lKE0_pt0b01fz3gjTDjlltU0cKSalUp4geaBDH7QRcexrolIctdQFbNKTXQxoigxD3NLNkKGH7f6A8KZdcOm8AnEjullcZs8_OWGnW43p1qrxoBRSivb9pqQ'
-    }
-  end
-  let(:expected_signature_blank_payload) do
-    {
-      :HS256 => 'iRFMM3GknVfzRTxlVQT87jfIw32Ik3lUYNGePPk5wnM',
-      :HS384 => 'rxyzr3I2RWRBgQaewQt3yjdp3BqkrFh-iHcet318OYHWhXvyzAE0npf0l0xi5DOV',
-      :HS512 => 'VDHOrPYrwycjaKbwccObXi6dmw4fVFqiFsNFQjqYHQAkxJGxqhfVLc1_WfKMa6C7vGSGroabaVdK7nn08XPdSQ',
-      :RS256 => 'WthQjouPVbErM7McwSY4slJjHaWqmFg1qKdmTDvttkiyAEcTjVViJkNHH9Mp573h13cXtLob1xh3UJYh5_-hSA4Y24zdyck3jp3fsOusflp1cMmhWXZ2nETKeWCEJDKRAnWynHqkwes7tgWmS0gVeuljeNkuovJlHmNRcoMR9Z3ZuiHfc2WFh-iFbM5Zne1y-_SSgAZwOD20P0Ysn28DtJTlXcm74ENqhLEJnvHS-872d6surb23kHMns43GtT5bm-aJoMLct0nO1GBapQAiKUknTsw24IfOkX4vJNQzIWVSzx3zOxXjcVHlH92af6NknIlPCfRparLC9YEK2NkJYg',
-      :RS384 => 'Jy6XNLNAyujRHYoCOtFqu7z0imHZMiwkwBr73ok_DDSDxQSA9ryt_q_tX0u8knpAIRcTJuNA0-s5DkGbpIj9coKgZ5JBvE_n9ijvNubImf8_vCDDitJemzUtnJypb9GbP4A3nWDAZC0KONVqlxpy92-9xrG5sFEzaYCFYZYnXv8kmmQEIVI1GXw4_Fx8HxRu5cae9WWTgaKQOFG54S303C0H966C1o6d9o3HQH7x8GEl632qBw4LzONWr_QpCN-UFgmJHO7yBwaP-RWnLDW3hYlb4IybRIvMQQicjkjNaNwLTmwo31orVxO53GcSjyhU2y_R843nQcNjTT_lD1QRvg',
-      :RS512 => 'ws2HZ6wvh8GMrFKiIHXDogyx8HFpa4wvrLxfZaMfCoMPf0SZ4V3tiEZRWfrxyvwpsdBj2Mgm5lt3IYAHhlI2hqWvuikDq6tuViloaAIm2xwTU060bF0GL1tQJ-h20wUukJ6fsWet8M9DNg7hcElYQMawHhk4L91YUtY2hKT_uWgPih_pn0Hq5Ve0at4CwAyXXTwCYSEH23PMsUdDfE5tfCyvL2bNQ71Ld_MvQS1NLS7hydzEtfxLK-UkDQVclFmEM3JXrPG7YSRodtKlwJ-ESDx6CaJXXDAgitSF32dslcIkmOXRJqjNmF15i_aVg0ExiU92WTpCrdwzWTt4Aphqlw',
-    }
-  end
-
-  shared_examples_for :jwt_with_alg do
-    it { should == jwt }
-    its(:header) { should == jwt.header }
-  end
-
-  context 'before sign' do
-    subject { jws }
-    it_behaves_like :jwt_with_alg
-    its(:signature) { should be_nil }
-  end
-
-  describe '#content_type' do
-    it do
-      jws.content_type.should == 'application/jose'
-    end
-  end
-
-  describe 'decode' do
-    let(:alg) { :RS256 }
-    let(:private_key_or_secret) { private_key }
-    let(:public_key_or_secret) { public_key }
-
-    describe 'blank payload not allowed' do
-      it 'should raise format error' do
-        expect do
-          JSON::JWT.decode signed_blank.to_s, public_key_or_secret
-        end.to raise_error JSON::JWT::InvalidFormat
-      end
-    end
-    describe 'blank payload allowed' do
-      it 'should not raise an error' do
-        expect do
-          JSON::JWT.decode signed_blank.to_s, public_key_or_secret, nil, nil, true
-        end.to_not raise_error
-      end
-    end
-  end
-
-  describe '#sign!' do
-    shared_examples_for :generate_expected_signature do
-      it do
-        Base64.urlsafe_encode64(signed.signature, padding: false).should == expected_signature[alg]
-      end
-      context 'with blank payload' do
-        it do
-          Base64.urlsafe_encode64(signed_blank.signature, padding: false).should == expected_signature_blank_payload[alg]
-        end
-      end
-    end
-    subject { signed }
-
-    [:HS256, :HS384, :HS512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-
-        context 'when String key given' do
-          let(:private_key_or_secret) { shared_secret }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :generate_expected_signature
-        end
-
-        context 'when JSON::JWK key given' do
-          let(:private_key_or_secret) { JSON::JWK.new shared_secret }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :generate_expected_signature
-        end
-      end
-    end
-
-    [:RS256, :RS384, :RS512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-
-        context 'when OpenSSL::PKey::RSA key given' do
-          let(:private_key_or_secret) { private_key }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :generate_expected_signature
-        end
-
-        context 'when JSON::JWK key given' do
-          let(:private_key_or_secret) { JSON::JWK.new private_key }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :generate_expected_signature
-        end
-      end
-    end
-
-    [:ES256, :ES384, :ES512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-
-        shared_examples_for :self_verifiable do
-          it 'should be self-verifiable' do
-            expect do
-              JSON::JWT.decode(
-                JSON::JWT.new(claims).sign(
-                  private_key_or_secret, algorithm
-                ).to_s, public_key_or_secret
-              )
-            end.not_to raise_error
-          end
-        end
-
-        context 'when OpenSSL::PKey::EC key given' do
-          let(:private_key_or_secret) { private_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
-          let(:public_key_or_secret)  { public_key  :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :self_verifiable
-        end
-
-        context 'when JSON::JWK key given' do
-          let(:private_key_or_secret) { JSON::JWK.new(private_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i) }
-          let(:public_key_or_secret)  { JSON::JWK.new(public_key  :ecdsa, digest_length: algorithm.to_s[2,3].to_i) }
-          it_behaves_like :jwt_with_alg
-          it_behaves_like :self_verifiable
-        end
-      end
-    end
-
-    context 'when JSON::JWK::Set key given' do
-      let(:alg) { :HS256 }
-      let(:kid) { 'kid' }
-      let(:jwks) do
-        jwk = JSON::JWK.new shared_secret, kid: kid
-        JSON::JWK::Set.new jwk, JSON::JWK.new('another')
-      end
-      let(:signed) { jws.sign!(jwks) }
-
-      context 'when jwk is found by given kid' do
-        before { jws.kid = kid }
-        it { should == jws.sign!('secret') }
-      end
-
-      context 'otherwise' do
-        it do
-          expect do
-            subject
-          end.to raise_error JSON::JWK::Set::KidNotFound
-        end
-      end
-    end
-
-    describe 'unknown algorithm' do
-      let(:alg) { :unknown }
-      it do
-        expect do
-          jws.sign! 'key'
-        end.to raise_error JSON::JWS::UnexpectedAlgorithm
-      end
-    end
-  end
-
-  describe '#verify!' do
-    shared_examples_for :success_signature_verification do
-      it do
-        expect { decoded }.not_to raise_error
-        decoded.should be_a JSON::JWT
-      end
-
-      describe 'header' do
-        let(:header) { decoded.header }
-        it 'should be parsed successfully' do
-          header[:typ].should == 'JWT'
-          header[:alg].should == alg.to_s
-        end
-      end
-
-      describe 'claims' do
-        it 'should be parsed successfully' do
-          decoded[:iss].should == 'joe'
-          decoded[:exp].should == 1300819380
-          decoded[:'http://example.com/is_root'] == true
-        end
-      end
-
-      context 'with blank payload' do
-        it do
-          expect { decoded_blank }.not_to raise_error
-          decoded_blank.should be_a JSON::JWT
-        end
-
-        describe 'header' do
-          let(:header) { decoded_blank.header }
-          it 'should be parsed successfully' do
-            header[:typ].should == 'JWT'
-            header[:alg].should == alg.to_s
-          end
-        end
-
-        describe 'claims' do
-          it 'should be parsed successfully' do
-            p decoded_blank.blank_payload
-            decoded_blank.blank_payload.should == true
-            decoded_blank[:iss].should == nil
-            decoded_blank[:exp].should == nil
-            decoded[:'http://example.com/is_root'] == nil
-          end
-        end
-      end
-
-    end
-    subject { decoded }
-
-    [:HS256, :HS384, :HS512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-        let(:private_key_or_secret) { shared_secret }
-
-        context 'when String key given' do
-          let(:public_key_or_secret) { shared_secret }
-          it_behaves_like :success_signature_verification
-        end
-
-        context 'when JSON::JWK key given' do
-          let(:public_key_or_secret) { JSON::JWK.new shared_secret }
-          it_behaves_like :success_signature_verification
-        end
-      end
-    end
-
-    [:RS256, :RS384, :RS512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-        let(:private_key_or_secret) { private_key }
-
-        context 'when OpenSSL::PKey::RSA key given' do
-          let(:public_key_or_secret) { public_key }
-          it_behaves_like :success_signature_verification
-        end
-
-        context 'when JSON::JWK key given' do
-          let(:public_key_or_secret) { JSON::JWK.new public_key }
-          it_behaves_like :success_signature_verification
-        end
-      end
-    end
-
-    [:ES256, :ES384, :ES512].each do |algorithm|
-      describe algorithm do
-        let(:alg) { algorithm }
-        let(:private_key_or_secret) { private_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
-
-        context 'when OpenSSL::PKey::EC key given' do
-          let(:public_key_or_secret) { public_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
-          it_behaves_like :success_signature_verification
-        end
-
-        context 'when JSON::JWK key given' do
-          let(:public_key_or_secret) { JSON::JWK.new public_key(:ecdsa, digest_length: algorithm.to_s[2,3].to_i) }
-          it_behaves_like :success_signature_verification
-        end
-      end
-    end
-
-    context 'when JSON::JWK::Set key given' do
-      subject { JSON::JWT.decode signed.to_s, jwks }
-
-      let(:alg) { :HS256 }
-      let(:kid) { 'kid' }
-      let(:jwks) do
-        jwk = JSON::JWK.new shared_secret, kid: kid
-        JSON::JWK::Set.new jwk, JSON::JWK.new('another')
-      end
-      let(:signed) { jws.sign!(jwks) }
-
-      context 'when jwk is found by given kid' do
-        before { jws.kid = kid }
-        it { should == signed }
-      end
-
-      context 'otherwise' do
-        it do
-          expect do
-            subject
-          end.to raise_error JSON::JWK::Set::KidNotFound
-        end
-      end
-    end
-
-    describe 'unknown algorithm' do
-      let(:alg) { :unknown }
-      it do
-        expect do
-          jws.verify! 'key'
-        end.to raise_error JSON::JWS::UnexpectedAlgorithm
-      end
-    end
-  end
-
-  describe '#to_json' do
-    let(:alg) { :RS256 }
-    let(:private_key_or_secret) { private_key }
-
-    context 'as default' do
-      it 'should JSONize payload' do
-        jws.to_json.should == claims.to_json
-      end
-    end
-    context 'with blank payload' do
-      it 'should JSONize payload' do
-        puts ("jws_blank: #{jws_blank.to_json.inspect}")
-        jws_blank.to_json.should == ''
-      end
-    end
-
-    context 'when syntax option given' do
-      context 'when general' do
-        it 'should return General JWS JSON Serialization' do
-          signed.to_json(syntax: :general).should == {
-            payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
-            signatures: [{
-              protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false),
-              signature: Base64.urlsafe_encode64(signed.signature, padding: false)
-            }]
-          }.to_json
-        end
-        context 'with blank payload' do
-          it 'should return General JWS JSON Serialization' do
-            signed_blank.to_json(syntax: :general).should == {
-              payload: '',
-              signatures: [{
-                protected: Base64.urlsafe_encode64(signed_blank.header.to_json, padding: false),
-                signature: Base64.urlsafe_encode64(signed_blank.signature, padding: false)
-              }]
-            }.to_json
-          end
-        end
-
-        context 'when not signed yet' do
-          it 'should not fail' do
-            jws.to_json(syntax: :general).should == {
-              payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
-              signatures: [{
-                protected: Base64.urlsafe_encode64(jws.header.to_json, padding: false),
-                signature: Base64.urlsafe_encode64('', padding: false)
-              }]
-            }.to_json
-          end
-          context 'with blank payload' do
-            it 'should not fail' do
-              jws_blank.to_json(syntax: :general).should == {
-                payload: '',
-                signatures: [{
-                  protected: Base64.urlsafe_encode64(jws_blank.header.to_json, padding: false),
-                  signature: Base64.urlsafe_encode64('', padding: false)
-                }]
-              }.to_json
-            end
-          end
-        end
-      end
-
-      context 'when flattened' do
-        it 'should return Flattened JWS JSON Serialization' do
-          signed.to_json(syntax: :flattened).should == {
-            protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false),
-            payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
-            signature: Base64.urlsafe_encode64(signed.signature, padding: false)
-          }.to_json
-        end
-        context 'with blank payload' do
-          it 'should return Flattened JWS JSON Serialization' do
-            signed_blank.to_json(syntax: :flattened).should == {
-              protected: Base64.urlsafe_encode64(signed_blank.header.to_json, padding: false),
-              payload: '',
-              signature: Base64.urlsafe_encode64(signed_blank.signature, padding: false)
-            }.to_json
-          end
-        end
-
-        context 'when not signed yet' do
-          it 'should not fail' do
-            jws.to_json(syntax: :flattened).should == {
-              protected: Base64.urlsafe_encode64(jws.header.to_json, padding: false),
-              payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
-              signature: Base64.urlsafe_encode64('', padding: false)
-            }.to_json
-          end
-          context 'with blank payload' do
-            it 'should not fail' do
-              jws_blank.to_json(syntax: :flattened).should == {
-                protected: Base64.urlsafe_encode64(jws_blank.header.to_json, padding: false),
-                payload: '',
-                signature: Base64.urlsafe_encode64('', padding: false)
-              }.to_json
-            end
-          end
-        end
-      end
-    end
-  end
-end