json-jwt 1.10.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of json-jwt might be problematic. Click here for more details.

@@ -1,6 +0,0 @@
1
- -----BEGIN PUBLIC KEY-----
2
- MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBwwIP5rRrqucT1O8LSY6oX8MZdGDl
3
- jeJNvh4c3BObaQPqK6PH0z9/x38UYevQ6GmrMSfitg9hmi4axsg8SAvSr/8BQtgR
4
- 3yX5tX8Ejbz1p7OFItnVEMXaW2AM8TL1jti2phrhwlymLLNUMyldbAGnpyODpNcg
5
- 2ShWtVdmE3jTiKG7gjY=
6
- -----END PUBLIC KEY-----
@@ -1,30 +0,0 @@
1
- -----BEGIN RSA PRIVATE KEY-----
2
- Proc-Type: 4,ENCRYPTED
3
- DEK-Info: AES-256-CBC,A6B5D10FFA23D7BC66CE4FB46B754E8C
4
-
5
- gvYFJmzetWSwpf1Ut6USm4IReFLA6bpp5nVUfU2Xa9dJmrCu0cTupTkdzNmGp14/
6
- mzeT/a5WplK1hWV41Y7bLm57hOpaoxbEx2h3IW9cxuqgAp422AbafRu6hEvjUONO
7
- qUEm63I4d7/FKo0he4IVVx0UHaX5eEq8pdY1AZR9+fqlxWvjpgZlB0anT3AMpfVL
8
- CY4sGc/Es14M9A4zUpOkp+09PbV3WNG8A4G4IJA3wx6tYBxrd2866Te2ccP6/BL8
9
- HA2uoqeD+70ziybvd//CtGAD1xoTDvOCwzXXT5A4fCuec3apFp8O6WyJ63ao99R4
10
- E0r6AvD4iOkLMC8K2YUSc1zFLJAkhlfhBb8qFbXOwOomazWf2Z8rDtkP1VCfB9gC
11
- W6oYRBOyVUkbaBSBOOPBJtxjuTL/cJBvFhn6r0zdC67g0CD4cabMPd1VY92lUVbl
12
- JvE9CouDB5O39jwfpgfxo3kGev2UzwRze9U2uw6EdYIUB/ixyC8/5BoN8lKZXdTn
13
- 7vQBmcBsC3boMqQiq2c/dVGW7yrt/Y4q8wq9aGFwdBAY1pYhRlOZ0MwFmlAJKOzo
14
- Y3i2OILtPM0sdfqIeAvrwicQULGAzLGEhecDOQ1r0GwZRy5/Sl3ILxKMW8ngdaK4
15
- iNDM56u6F9dwqqArrZDZgkfwnKakXU2ZbltSOWTCleCfYrc1D75Yw3FHKcWozB/l
16
- uyMTIqzBXzO6OiNDUv7zAE1xzVaV+VeBH/5KGx18dAuRP3TnpYltGSUVDyGk9FX7
17
- m7nhvkqOcFJMHOGdTjt2Ff9Ibn3rgCEFI0CjCwcJPo2ym1Zox8GfP0/nXk3p/oWV
18
- ebBTvS+yc9HaSm2Al77GDXEwY7NDcTef+3kEtQHpesS+xmC8mFtMEKV8vifXEhpt
19
- iNp6gtsfDMtFmrFXCADTaUD1WBmhJQtYUsGsoQ75c5zzUHU93BOswBe2KODCA3Ie
20
- X3XKvHTjGw3wjWJvLcnL3EgcHDL1x7ehIA5UgvHFixmkx5D91uIdq4YDMt6xERle
21
- JgeLKF9g1qCl9wmxqT4T1J9h9LGMQQEUhth0uTFr6bEpzgg6hFTrPDaI8dOMlcgu
22
- ctOH2wFZgRMfrykGIs53rwF4pL+8iy+pakaRRAVTaZIX2CL2dThy0283jTVu9dNn
23
- f/Zfu5mNlvsRcXlZMgTy0UMBpXeLMjaWyd+JeAnAeZxO3/ID/Ppg6vcc0Wn8XyB5
24
- YUOIQe+Rc0jJnB1zqjww2cB6H5Ke3GjktQqrulHFfEYbn7lj8WLVgDLmellFNOxX
25
- k9H2sta5SN/t3fN3oBO0A6JyotQOiBE54yHVpgoc+PBlcrpoOxSZx67lprD+WnlV
26
- Ynnf6qIrR9NxgYN00Elzj9KP9OT1ufFrMQ0BnW4EWdFLCScGLsZVlmBKPrtHwK3N
27
- FSy3JFMJcpymgNas5+bqIyZGqAZREHH3AWhc2TVl1Kt11g6PZWm3dSafT6SlqgyP
28
- Z7OcBEnWr+ZhDeJfnAXrn5siah9eXuT0KtQWlqpSn76dExlfz16Da/3xBtO4ceyz
29
- Lk4gzZ1QjP1ZvjarWOIEtkT7eiWaCQHYNVbvFRu5wo98o/KwO3xaPTDN9LCZKGhR
30
- -----END RSA PRIVATE KEY-----
@@ -1,8 +0,0 @@
1
- -----BEGIN RSA PUBLIC KEY-----
2
- MIIBCgKCAQEAx9vNhcvSrxjsegZAAo4OEuoZOV/oxINEeWneJYczS80/bQ1J6lSS
3
- J81qecxXAzCLPlvsFoP4eeUNXSt/G7hP7SAM479N+kY/MzbihJ5LRY9sRzLbQTMe
4
- qsmDAmmQe4y3Ke3bvd70r8VOmo5pqM3IPLGwBkTRTQmyRsDQArilg6WtxDUgy5ol
5
- 2STHFA8E1iCReh9bck8ZaLxzVhYRXZ0nuOKWGRMppocPlp55HVohOItUZh7uSCch
6
- LcVAZuhTTNaDLtLIJ6G0yNJvfEieJUhA8wGBoPhD3LMQwQMxTMerpjZhP/qjm6Gg
7
- eWpKf+iVil86/PSy/z0Vw06/rD0sfXPtlQIDAQAB
8
- -----END RSA PUBLIC KEY-----
@@ -1,22 +0,0 @@
1
- module NimbusSpecHelper
2
- module_function
3
-
4
- def setup
5
- nimbus_path = File.expand_path(
6
- File.join(
7
- File.dirname(__FILE__),
8
- 'json-jwt-nimbus',
9
- 'nimbus_jwe.rb'
10
- )
11
- )
12
- if File.exist? nimbus_path
13
- require nimbus_path
14
- end
15
- end
16
-
17
- def nimbus_available?
18
- defined? NimbusJWE
19
- end
20
- end
21
-
22
- NimbusSpecHelper.setup
@@ -1,52 +0,0 @@
1
- module SignKeyFixtureHelper
2
- def shared_secret
3
- 'shared-secret'
4
- end
5
-
6
- def pem_file(file_name)
7
- File.new pem_file_path(file_name)
8
- end
9
-
10
- def pem_file_path(file_name)
11
- File.join(
12
- File.dirname(__FILE__),
13
- "../fixtures/#{file_name}.pem"
14
- )
15
- end
16
-
17
- def der_file_path(file_name)
18
- File.join(
19
- File.dirname(__FILE__),
20
- "../fixtures/#{file_name}.der"
21
- )
22
- end
23
-
24
- def private_key(algorithm = :rsa, options = {})
25
- case algorithm
26
- when :rsa
27
- OpenSSL::PKey::RSA.new(
28
- pem_file("#{algorithm}/private_key"),
29
- 'pass-phrase'
30
- )
31
- when :ecdsa
32
- OpenSSL::PKey::EC.new(
33
- pem_file("#{algorithm}/#{options[:digest_length] || 256}/private_key")
34
- )
35
- end
36
- end
37
-
38
- def public_key(algorithm = :rsa, options = {})
39
- case algorithm
40
- when :rsa
41
- OpenSSL::PKey::RSA.new(
42
- pem_file("#{algorithm}/public_key")
43
- )
44
- when :ecdsa
45
- OpenSSL::PKey::EC.new(
46
- pem_file("#{algorithm}/#{options[:digest_length] || 256}/public_key")
47
- )
48
- end
49
- end
50
- end
51
-
52
- include SignKeyFixtureHelper
@@ -1,49 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe 'interop' do
4
- describe 'with jsrsasign' do
5
- context 'JWS' do
6
- let(:public_key) do
7
- pem = <<-PEM.strip_heredoc
8
- -----BEGIN PUBLIC KEY-----
9
- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoBUyo8CQAFPeYPvv78ylh5MwFZjT
10
- CLQeb042TjiMJxG+9DLFmRSMlBQ9T/RsLLc+PmpB1+7yPAR+oR5gZn3kJQ==
11
- -----END PUBLIC KEY-----
12
- PEM
13
- OpenSSL::PKey::EC.new pem
14
- end
15
- let(:private_key) do
16
- pem = <<-PEM.strip_heredoc
17
- -----BEGIN PRIVATE KEY-----
18
- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEbVzfPnZPxfAyxqE
19
- ZV05laAoJAl+/6Xt2O4mOB611sOhRANCAASgFTKjwJAAU95g++/vzKWHkzAVmNMI
20
- tB5vTjZOOIwnEb70MsWZFIyUFD1P9Gwstz4+akHX7vI8BH6hHmBmfeQl
21
- -----END PRIVATE KEY-----
22
- PEM
23
- OpenSSL::PKey::EC.new pem
24
- end
25
- let(:jws_string) do
26
- 'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2p3dC1pZHAuZXhhbXBsZS5jb20iLCJzdWIiOiJtYWlsdG86bWlrZUBleGFtcGxlLmNvbSIsIm5iZiI6MTQzNTA2MjUyMywiZXhwIjoxNDM1MDY2MTIzLCJpYXQiOjE0MzUwNjI1MjMsImp0aSI6ImlkMTIzNDU2IiwidHlwIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9yZWdpc3RlciJ9.HFmKrExGIFm5SwzTq_ayG80ELUIKnrR9psedV_6ZsuHl5ZLZ-1nV35o0yjKkN7qPQipQMK90xMvDYpi7e2XU9Q'
27
- end
28
- let(:payload) do
29
- {
30
- iss: 'https://jwt-idp.example.com',
31
- sub: 'mailto:mike@example.com',
32
- nbf: 1435062523,
33
- exp: 1435066123,
34
- iat: 1435062523,
35
- jti: 'id123456',
36
- typ: 'https://example.com/register'
37
- }
38
- end
39
-
40
- describe 'verify' do
41
- it 'should succeed' do
42
- expect do
43
- JSON::JWT.decode(jws_string, public_key, :ES256)
44
- end.not_to raise_error
45
- end
46
- end
47
- end
48
- end
49
- end
@@ -1,99 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe 'interop' do
4
- describe 'with Nimbus JOSE' do
5
- if NimbusSpecHelper.nimbus_available?
6
- context 'JWE' do
7
- let(:shared_key) { SecureRandom.hex 16 } # default shared key is too short
8
- let(:private_key_path) { der_file_path 'rsa/private_key' }
9
-
10
- describe 'encrypt!' do
11
- shared_examples_for :gcm_encryption do
12
- context 'when enc=A128GCM' do
13
- before { jwe.enc = :A128GCM }
14
-
15
- it 'should decryptable by Nimbus JOSE JWT' do
16
- jwe.encrypt! key
17
- NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
18
- end
19
- end
20
-
21
- context 'when enc=A256GCM' do
22
- before { jwe.enc = :A256GCM }
23
-
24
- it 'should decryptable by Nimbus JOSE JWT' do
25
- jwe.encrypt! key
26
- NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
27
- end
28
- end
29
- end
30
-
31
- shared_examples_for :cbc_encryption do
32
- context 'when enc=A128CBC-HS256' do
33
- before { jwe.enc = :'A128CBC-HS256' }
34
-
35
- it 'should decryptable by Nimbus JOSE JWT' do
36
- jwe.encrypt! key
37
- NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
38
- end
39
- end
40
-
41
- context 'when enc=A256CBC-HS512' do
42
- before { jwe.enc = :'A256CBC-HS512' }
43
-
44
- it 'should decryptable by Nimbus JOSE JWT' do
45
- jwe.encrypt! key
46
- NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
47
- end
48
- end
49
- end
50
-
51
- context 'when plaintext given' do
52
- let(:plain_text) { 'Hello World' }
53
- let(:jwe) { JSON::JWE.new plain_text }
54
-
55
- context 'when alg=RSA1_5' do
56
- let(:key) { public_key }
57
- before { jwe.alg = :'RSA1_5' }
58
-
59
- it_behaves_like :gcm_encryption if gcm_supported?
60
- it_behaves_like :cbc_encryption
61
- end
62
-
63
- context 'when alg=RSA-OAEP' do
64
- let(:key) { public_key }
65
- before { jwe.alg = :'RSA-OAEP' }
66
-
67
- it_behaves_like :gcm_encryption if gcm_supported?
68
- it_behaves_like :cbc_encryption
69
- end
70
- end
71
-
72
- context 'when jwt given' do
73
- let(:plain_text) { jwt.to_s }
74
- let(:jwt) { JSON::JWT.new(foo: :bar) }
75
- let(:jwe) { JSON::JWE.new jwt }
76
-
77
- context 'when alg=RSA-OAEP' do
78
- let(:key) { public_key }
79
- before { jwe.alg = :'RSA1_5' }
80
-
81
- it_behaves_like :gcm_encryption if gcm_supported?
82
- it_behaves_like :cbc_encryption
83
- end
84
-
85
- context 'when alg=RSA-OAEP' do
86
- let(:key) { public_key }
87
- before { jwe.alg = :'RSA-OAEP' }
88
-
89
- it_behaves_like :gcm_encryption if gcm_supported?
90
- it_behaves_like :cbc_encryption
91
- end
92
- end
93
- end
94
- end
95
- else
96
- skip 'Nimbus JOSE unavailable'
97
- end
98
- end
99
- end
@@ -1,19 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe 'interop' do
4
- describe 'with RFC Example' do
5
- describe 'JWK Thubmprint' do
6
- subject do
7
- JSON::JWK.new(
8
- kty: :RSA,
9
- n: '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw',
10
- e: 'AQAB',
11
- alg: :RSA256,
12
- kid: '2011-04-29'
13
- )
14
- end
15
-
16
- its(:thumbprint) { should == 'NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs' }
17
- end
18
- end
19
- end
@@ -1,351 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe JSON::JWE do
4
- let(:private_key_path) { der_file_path 'rsa/private_key' }
5
-
6
- describe '#content_type' do
7
- let(:jwe) { JSON::JWE.new 'hello' }
8
- it do
9
- jwe.content_type.should == 'application/jose'
10
- end
11
- end
12
-
13
- describe 'encrypt!' do
14
- shared_examples_for :gcm_encryption_unsupported do
15
- if gcm_supported?
16
- skip 'GSM supported'
17
- else
18
- context 'when enc=A128GCM' do
19
- before { jwe.enc = :A128GCM }
20
-
21
- it do
22
- expect do
23
- jwe.encrypt! key
24
- end.to raise_error JSON::JWE::UnexpectedAlgorithm
25
- end
26
- end
27
-
28
- context 'when enc=A256GCM' do
29
- before { jwe.enc = :A256GCM }
30
-
31
- it do
32
- expect do
33
- jwe.encrypt! key
34
- end.to raise_error JSON::JWE::UnexpectedAlgorithm
35
- end
36
- end
37
- end
38
- end
39
-
40
- shared_examples_for :unexpected_algorithm_for_encryption do
41
- it do
42
- expect do
43
- jwe.encrypt!(key).to_s # NOTE: encrypt! won't raise, but to_s does. might need to fix.
44
- end.to raise_error JSON::JWE::UnexpectedAlgorithm
45
- end
46
- end
47
-
48
- shared_examples_for :unsupported_algorithm_for_encryption do
49
- it do
50
- expect do
51
- jwe.encrypt!(key).to_s # NOTE: encrypt! won't raise, but to_s does. might need to fix.
52
- end.to raise_error NotImplementedError
53
- end
54
- end
55
-
56
- context 'when plaintext given' do
57
- let(:plain_text) { 'Hello World' }
58
- let(:jwe) { JSON::JWE.new plain_text }
59
-
60
- context 'when alg=RSA1_5' do
61
- let(:key) { public_key }
62
- before { jwe.alg = :'RSA1_5' }
63
- it_behaves_like :gcm_encryption_unsupported
64
- end
65
-
66
- context 'when alg=RSA-OAEP' do
67
- let(:key) { public_key }
68
- before { jwe.alg = :'RSA-OAEP' }
69
- it_behaves_like :gcm_encryption_unsupported
70
- end
71
-
72
- context 'when alg=dir' do
73
- it :TODO
74
- end
75
-
76
- context 'when alg=A128KW' do
77
- it :TODO
78
- end
79
-
80
- context 'when alg=A256KW' do
81
- it :TODO
82
- end
83
-
84
- context 'when unknonw/unsupported algorithm given' do
85
- let(:key) { public_key }
86
- let(:alg) { :RSA1_5 }
87
- let(:enc) { :'A128CBC-HS256' }
88
- before { jwe.alg, jwe.enc = alg, enc }
89
-
90
- context 'when alg=unknown' do
91
- let(:alg) { :unknown }
92
- it_behaves_like :unexpected_algorithm_for_encryption
93
- end
94
-
95
- context 'when enc=unknown' do
96
- let(:enc) { :unknown }
97
- it_behaves_like :unexpected_algorithm_for_encryption
98
- end
99
-
100
- [:'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg|
101
- context "when alg=#{alg}" do
102
- let(:alg) { alg }
103
- it_behaves_like :unsupported_algorithm_for_encryption
104
- end
105
- end
106
- end
107
- end
108
-
109
- context 'when jwt given' do
110
- let(:plain_text) { jwt.to_s }
111
- let(:jwt) { JSON::JWT.new(foo: :bar) }
112
- let(:jwe) { JSON::JWE.new jwt }
113
-
114
- context 'when alg=RSA-OAEP' do
115
- let(:key) { public_key }
116
- before { jwe.alg = :'RSA1_5' }
117
- it_behaves_like :gcm_encryption_unsupported
118
- end
119
-
120
- context 'when alg=RSA-OAEP' do
121
- let(:key) { public_key }
122
- before { jwe.alg = :'RSA-OAEP' }
123
- it_behaves_like :gcm_encryption_unsupported
124
- end
125
- end
126
- end
127
-
128
- describe 'decrypt!' do
129
- let(:plain_text) { 'Hello World' }
130
- let(:jwe_string) do
131
- _jwe_ = JSON::JWE.new plain_text
132
- _jwe_.alg, _jwe_.enc = alg, enc
133
- _jwe_.encrypt! key
134
- _jwe_.to_s
135
- end
136
- let(:jwe) do
137
- _jwe_ = JSON::JWE.decode jwe_string, :skip_decryption
138
- _jwe_.alg, _jwe_.enc = alg, enc
139
- _jwe_
140
- end
141
-
142
- shared_examples_for :decryptable do
143
- it do
144
- jwe.decrypt! key
145
- jwe.plain_text.should == plain_text
146
- end
147
- end
148
-
149
- shared_examples_for :gcm_decryption_unsupported do
150
- it do
151
- expect do
152
- jwe.decrypt! key
153
- end.to raise_error JSON::JWE::UnexpectedAlgorithm
154
- end
155
- end
156
-
157
- shared_examples_for :verify_cbc_authentication_tag do
158
- let(:jwe_string) do
159
- _jwe_ = JSON::JWE.new plain_text
160
- _jwe_.alg, _jwe_.enc = alg, enc
161
- _jwe_.encrypt! key
162
- _jwe_.to_s + 'tampered'
163
- end
164
-
165
- it do
166
- expect do
167
- jwe.decrypt! key
168
- end.to raise_error JSON::JWE::DecryptionFailed
169
- end
170
- end
171
-
172
- shared_examples_for :verify_gcm_authentication_tag do
173
- let(:jwe_string) do
174
- _jwe_ = JSON::JWE.new plain_text
175
- _jwe_.alg, _jwe_.enc = alg, enc
176
- _jwe_.encrypt! key
177
- header, key, iv, cipher_text, auth_tag = _jwe_.to_s.split('.')
178
- truncated_auth_tag = Base64.urlsafe_decode64(auth_tag).slice(0..-2)
179
- truncated_auth_tag = Base64.urlsafe_encode64(truncated_auth_tag, padding: false)
180
- [header, key, iv, cipher_text, truncated_auth_tag].join('.')
181
- end
182
-
183
- it do
184
- expect do
185
- jwe.decrypt! key
186
- end.to raise_error JSON::JWE::DecryptionFailed
187
- end
188
- end
189
-
190
- shared_examples_for :unexpected_algorithm_for_decryption do
191
- it do
192
- expect do
193
- jwe.decrypt! key
194
- end.to raise_error JSON::JWE::UnexpectedAlgorithm
195
- end
196
- end
197
-
198
- shared_examples_for :unsupported_algorithm_for_decryption do
199
- it do
200
- expect do
201
- jwe.decrypt! key
202
- end.to raise_error NotImplementedError
203
- end
204
- end
205
-
206
- context 'when alg=RSA1_5' do
207
- let(:alg) { :RSA1_5 }
208
- let(:key) { private_key }
209
-
210
- context 'when enc=A128GCM' do
211
- let(:enc) { :A128GCM }
212
- if gcm_supported?
213
- it_behaves_like :decryptable
214
- it_behaves_like :verify_gcm_authentication_tag
215
- else
216
- it_behaves_like :gcm_decryption_unsupported
217
- end
218
- end
219
-
220
- context 'when enc=A256GCM' do
221
- let(:enc) { :A256GCM }
222
- if gcm_supported?
223
- it_behaves_like :decryptable
224
- it_behaves_like :verify_gcm_authentication_tag
225
- else
226
- it_behaves_like :gcm_decryption_unsupported
227
- end
228
- end
229
-
230
- context 'when enc=A128CBC-HS256' do
231
- let(:enc) { :'A128CBC-HS256' }
232
- it_behaves_like :decryptable
233
- end
234
-
235
- context 'when enc=A256CBC-HS512' do
236
- let(:enc) { :'A256CBC-HS512' }
237
- it_behaves_like :decryptable
238
- end
239
- end
240
-
241
- context 'when alg=RSA-OAEP' do
242
- let(:alg) { :'RSA-OAEP' }
243
- let(:key) { private_key }
244
-
245
- context 'when enc=A128GCM' do
246
- let(:enc) { :A128GCM }
247
- if gcm_supported?
248
- it_behaves_like :decryptable
249
- it_behaves_like :verify_gcm_authentication_tag
250
- else
251
- it_behaves_like :gcm_decryption_unsupported
252
- end
253
- end
254
-
255
- context 'when enc=A256GCM' do
256
- let(:enc) { :A256GCM }
257
- if gcm_supported?
258
- it_behaves_like :decryptable
259
- it_behaves_like :verify_gcm_authentication_tag
260
- else
261
- it_behaves_like :gcm_decryption_unsupported
262
- end
263
- end
264
-
265
- context 'when enc=A128CBC-HS256' do
266
- let(:enc) { :'A128CBC-HS256' }
267
- it_behaves_like :decryptable
268
- it_behaves_like :verify_cbc_authentication_tag
269
- end
270
-
271
- context 'when enc=A256CBC-HS512' do
272
- let(:enc) { :'A256CBC-HS512' }
273
- it_behaves_like :decryptable
274
- it_behaves_like :verify_cbc_authentication_tag
275
- end
276
- end
277
-
278
- context 'when alg=dir' do
279
- let(:alg) { :dir }
280
- let(:key) { SecureRandom.random_bytes key_size }
281
-
282
- context 'when enc=A128GCM' do
283
- let(:enc) { :A128GCM }
284
- let(:key_size) { 16 }
285
- if gcm_supported?
286
- it_behaves_like :decryptable
287
- it_behaves_like :verify_gcm_authentication_tag
288
- else
289
- it_behaves_like :gcm_decryption_unsupported
290
- end
291
- end
292
-
293
- context 'when enc=A256GCM' do
294
- let(:enc) { :A256GCM }
295
- let(:key_size) { 32 }
296
- if gcm_supported?
297
- it_behaves_like :decryptable
298
- it_behaves_like :verify_gcm_authentication_tag
299
- else
300
- it_behaves_like :gcm_decryption_unsupported
301
- end
302
- end
303
-
304
- context 'when enc=A128CBC-HS256' do
305
- let(:enc) { :'A128CBC-HS256' }
306
- let(:key_size) { 32 }
307
- it_behaves_like :decryptable
308
- it_behaves_like :verify_cbc_authentication_tag
309
- end
310
-
311
- context 'when enc=A256CBC-HS512' do
312
- let(:enc) { :'A256CBC-HS512' }
313
- let(:key_size) { 64 }
314
- it_behaves_like :decryptable
315
- it_behaves_like :verify_cbc_authentication_tag
316
- end
317
- end
318
-
319
- context 'when alg=A128KW' do
320
- it :TODO
321
- end
322
-
323
- context 'when alg=A256KW' do
324
- it :TODO
325
- end
326
-
327
- context 'when unknonw/unsupported algorithm given' do
328
- let(:input) { 'header.key.iv.cipher_text.auth_tag' }
329
- let(:key) { public_key }
330
- let(:alg) { :RSA1_5 }
331
- let(:enc) { :'A128CBC-HS256' }
332
-
333
- context 'when alg=unknown' do
334
- let(:alg) { :unknown }
335
- it_behaves_like :unexpected_algorithm_for_decryption
336
- end
337
-
338
- context 'when enc=unknown' do
339
- let(:enc) { :unknown }
340
- it_behaves_like :unexpected_algorithm_for_decryption
341
- end
342
-
343
- [:'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg|
344
- context "when alg=#{alg}" do
345
- let(:alg) { alg }
346
- it_behaves_like :unsupported_algorithm_for_decryption
347
- end
348
- end
349
- end
350
- end
351
- end