json-jwt 1.10.0 → 1.13.0

data/spec/fixtures/ecdsa/512/public_key.pem

@@ -1,6 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBwwIP5rRrqucT1O8LSY6oX8MZdGDl
-jeJNvh4c3BObaQPqK6PH0z9/x38UYevQ6GmrMSfitg9hmi4axsg8SAvSr/8BQtgR
-3yX5tX8Ejbz1p7OFItnVEMXaW2AM8TL1jti2phrhwlymLLNUMyldbAGnpyODpNcg
-2ShWtVdmE3jTiKG7gjY=
------END PUBLIC KEY-----

data/spec/fixtures/rsa/private_key.pem

@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,A6B5D10FFA23D7BC66CE4FB46B754E8C
-
-gvYFJmzetWSwpf1Ut6USm4IReFLA6bpp5nVUfU2Xa9dJmrCu0cTupTkdzNmGp14/
-mzeT/a5WplK1hWV41Y7bLm57hOpaoxbEx2h3IW9cxuqgAp422AbafRu6hEvjUONO
-qUEm63I4d7/FKo0he4IVVx0UHaX5eEq8pdY1AZR9+fqlxWvjpgZlB0anT3AMpfVL
-CY4sGc/Es14M9A4zUpOkp+09PbV3WNG8A4G4IJA3wx6tYBxrd2866Te2ccP6/BL8
-HA2uoqeD+70ziybvd//CtGAD1xoTDvOCwzXXT5A4fCuec3apFp8O6WyJ63ao99R4
-E0r6AvD4iOkLMC8K2YUSc1zFLJAkhlfhBb8qFbXOwOomazWf2Z8rDtkP1VCfB9gC
-W6oYRBOyVUkbaBSBOOPBJtxjuTL/cJBvFhn6r0zdC67g0CD4cabMPd1VY92lUVbl
-JvE9CouDB5O39jwfpgfxo3kGev2UzwRze9U2uw6EdYIUB/ixyC8/5BoN8lKZXdTn
-7vQBmcBsC3boMqQiq2c/dVGW7yrt/Y4q8wq9aGFwdBAY1pYhRlOZ0MwFmlAJKOzo
-Y3i2OILtPM0sdfqIeAvrwicQULGAzLGEhecDOQ1r0GwZRy5/Sl3ILxKMW8ngdaK4
-iNDM56u6F9dwqqArrZDZgkfwnKakXU2ZbltSOWTCleCfYrc1D75Yw3FHKcWozB/l
-uyMTIqzBXzO6OiNDUv7zAE1xzVaV+VeBH/5KGx18dAuRP3TnpYltGSUVDyGk9FX7
-m7nhvkqOcFJMHOGdTjt2Ff9Ibn3rgCEFI0CjCwcJPo2ym1Zox8GfP0/nXk3p/oWV
-ebBTvS+yc9HaSm2Al77GDXEwY7NDcTef+3kEtQHpesS+xmC8mFtMEKV8vifXEhpt
-iNp6gtsfDMtFmrFXCADTaUD1WBmhJQtYUsGsoQ75c5zzUHU93BOswBe2KODCA3Ie
-X3XKvHTjGw3wjWJvLcnL3EgcHDL1x7ehIA5UgvHFixmkx5D91uIdq4YDMt6xERle
-JgeLKF9g1qCl9wmxqT4T1J9h9LGMQQEUhth0uTFr6bEpzgg6hFTrPDaI8dOMlcgu
-ctOH2wFZgRMfrykGIs53rwF4pL+8iy+pakaRRAVTaZIX2CL2dThy0283jTVu9dNn
-f/Zfu5mNlvsRcXlZMgTy0UMBpXeLMjaWyd+JeAnAeZxO3/ID/Ppg6vcc0Wn8XyB5
-YUOIQe+Rc0jJnB1zqjww2cB6H5Ke3GjktQqrulHFfEYbn7lj8WLVgDLmellFNOxX
-k9H2sta5SN/t3fN3oBO0A6JyotQOiBE54yHVpgoc+PBlcrpoOxSZx67lprD+WnlV
-Ynnf6qIrR9NxgYN00Elzj9KP9OT1ufFrMQ0BnW4EWdFLCScGLsZVlmBKPrtHwK3N
-FSy3JFMJcpymgNas5+bqIyZGqAZREHH3AWhc2TVl1Kt11g6PZWm3dSafT6SlqgyP
-Z7OcBEnWr+ZhDeJfnAXrn5siah9eXuT0KtQWlqpSn76dExlfz16Da/3xBtO4ceyz
-Lk4gzZ1QjP1ZvjarWOIEtkT7eiWaCQHYNVbvFRu5wo98o/KwO3xaPTDN9LCZKGhR
------END RSA PRIVATE KEY-----

data/spec/fixtures/rsa/public_key.pem

@@ -1,8 +0,0 @@
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAx9vNhcvSrxjsegZAAo4OEuoZOV/oxINEeWneJYczS80/bQ1J6lSS
-J81qecxXAzCLPlvsFoP4eeUNXSt/G7hP7SAM479N+kY/MzbihJ5LRY9sRzLbQTMe
-qsmDAmmQe4y3Ke3bvd70r8VOmo5pqM3IPLGwBkTRTQmyRsDQArilg6WtxDUgy5ol
-2STHFA8E1iCReh9bck8ZaLxzVhYRXZ0nuOKWGRMppocPlp55HVohOItUZh7uSCch
-LcVAZuhTTNaDLtLIJ6G0yNJvfEieJUhA8wGBoPhD3LMQwQMxTMerpjZhP/qjm6Gg
-eWpKf+iVil86/PSy/z0Vw06/rD0sfXPtlQIDAQAB
------END RSA PUBLIC KEY-----

data/spec/helpers/nimbus_spec_helper.rb

@@ -1,22 +0,0 @@
-module NimbusSpecHelper
-  module_function
-
-  def setup
-    nimbus_path = File.expand_path(
-      File.join(
-        File.dirname(__FILE__),
-        'json-jwt-nimbus',
-        'nimbus_jwe.rb'
-      )
-    )
-    if File.exist? nimbus_path
-      require nimbus_path
-    end
-  end
-
-  def nimbus_available?
-    defined? NimbusJWE
-  end
-end
-
-NimbusSpecHelper.setup

data/spec/helpers/sign_key_fixture_helper.rb

@@ -1,52 +0,0 @@
-module SignKeyFixtureHelper
-  def shared_secret
-    'shared-secret'
-  end
-
-  def pem_file(file_name)
-    File.new pem_file_path(file_name)
-  end
-
-  def pem_file_path(file_name)
-    File.join(
-      File.dirname(__FILE__),
-      "../fixtures/#{file_name}.pem"
-    )
-  end
-
-  def der_file_path(file_name)
-    File.join(
-      File.dirname(__FILE__),
-      "../fixtures/#{file_name}.der"
-    )
-  end
-
-  def private_key(algorithm = :rsa, options = {})
-    case algorithm
-    when :rsa
-      OpenSSL::PKey::RSA.new(
-        pem_file("#{algorithm}/private_key"),
-        'pass-phrase'
-      )
-    when :ecdsa
-      OpenSSL::PKey::EC.new(
-        pem_file("#{algorithm}/#{options[:digest_length] || 256}/private_key")
-      )
-    end
-  end
-
-  def public_key(algorithm = :rsa, options = {})
-    case algorithm
-    when :rsa
-      OpenSSL::PKey::RSA.new(
-        pem_file("#{algorithm}/public_key")
-      )
-    when :ecdsa
-      OpenSSL::PKey::EC.new(
-        pem_file("#{algorithm}/#{options[:digest_length] || 256}/public_key")
-      )
-    end
-  end
-end
-
-include SignKeyFixtureHelper

data/spec/interop/with_jsrsasign_spec.rb

@@ -1,49 +0,0 @@
-require 'spec_helper'
-
-describe 'interop' do
-  describe 'with jsrsasign' do
-    context 'JWS' do
-      let(:public_key) do
-        pem = <<-PEM.strip_heredoc
-          -----BEGIN PUBLIC KEY-----
-          MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoBUyo8CQAFPeYPvv78ylh5MwFZjT
-          CLQeb042TjiMJxG+9DLFmRSMlBQ9T/RsLLc+PmpB1+7yPAR+oR5gZn3kJQ==
-          -----END PUBLIC KEY-----
-        PEM
-        OpenSSL::PKey::EC.new pem
-      end
-      let(:private_key) do
-        pem = <<-PEM.strip_heredoc
-          -----BEGIN PRIVATE KEY-----
-          MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEbVzfPnZPxfAyxqE
-          ZV05laAoJAl+/6Xt2O4mOB611sOhRANCAASgFTKjwJAAU95g++/vzKWHkzAVmNMI
-          tB5vTjZOOIwnEb70MsWZFIyUFD1P9Gwstz4+akHX7vI8BH6hHmBmfeQl
-          -----END PRIVATE KEY-----
-        PEM
-        OpenSSL::PKey::EC.new pem
-      end
-      let(:jws_string) do
-        'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2p3dC1pZHAuZXhhbXBsZS5jb20iLCJzdWIiOiJtYWlsdG86bWlrZUBleGFtcGxlLmNvbSIsIm5iZiI6MTQzNTA2MjUyMywiZXhwIjoxNDM1MDY2MTIzLCJpYXQiOjE0MzUwNjI1MjMsImp0aSI6ImlkMTIzNDU2IiwidHlwIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9yZWdpc3RlciJ9.HFmKrExGIFm5SwzTq_ayG80ELUIKnrR9psedV_6ZsuHl5ZLZ-1nV35o0yjKkN7qPQipQMK90xMvDYpi7e2XU9Q'
-      end
-      let(:payload) do
-        {
-          iss: 'https://jwt-idp.example.com',
-          sub: 'mailto:mike@example.com',
-          nbf: 1435062523,
-          exp: 1435066123,
-          iat: 1435062523,
-          jti: 'id123456',
-          typ: 'https://example.com/register'
-        }
-      end
-
-      describe 'verify' do
-        it 'should succeed' do
-          expect do
-            JSON::JWT.decode(jws_string, public_key, :ES256)
-          end.not_to raise_error
-        end
-      end
-    end
-  end
-end

data/spec/interop/with_nimbus_jose_spec.rb

@@ -1,99 +0,0 @@
-require 'spec_helper'
-
-describe 'interop' do
-  describe 'with Nimbus JOSE' do
-    if NimbusSpecHelper.nimbus_available?
-      context 'JWE' do
-        let(:shared_key) { SecureRandom.hex 16 } # default shared key is too short
-        let(:private_key_path) { der_file_path 'rsa/private_key' }
-
-        describe 'encrypt!' do
-          shared_examples_for :gcm_encryption do
-            context 'when enc=A128GCM' do
-              before { jwe.enc = :A128GCM }
-
-              it 'should decryptable by Nimbus JOSE JWT' do
-                jwe.encrypt! key
-                NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
-              end
-            end
-
-            context 'when enc=A256GCM' do
-              before { jwe.enc = :A256GCM }
-
-              it 'should decryptable by Nimbus JOSE JWT' do
-                jwe.encrypt! key
-                NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
-              end
-            end
-          end
-
-          shared_examples_for :cbc_encryption do
-            context 'when enc=A128CBC-HS256' do
-              before { jwe.enc = :'A128CBC-HS256' }
-
-              it 'should decryptable by Nimbus JOSE JWT' do
-                jwe.encrypt! key
-                NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
-              end
-            end
-
-            context 'when enc=A256CBC-HS512' do
-              before { jwe.enc = :'A256CBC-HS512' }
-
-              it 'should decryptable by Nimbus JOSE JWT' do
-                jwe.encrypt! key
-                NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
-              end
-            end
-          end
-
-          context 'when plaintext given' do
-            let(:plain_text) { 'Hello World' }
-            let(:jwe) { JSON::JWE.new plain_text }
-
-            context 'when alg=RSA1_5' do
-              let(:key) { public_key }
-              before { jwe.alg = :'RSA1_5' }
-
-              it_behaves_like :gcm_encryption if gcm_supported?
-              it_behaves_like :cbc_encryption
-            end
-
-            context 'when alg=RSA-OAEP' do
-              let(:key) { public_key }
-              before { jwe.alg = :'RSA-OAEP' }
-
-              it_behaves_like :gcm_encryption if gcm_supported?
-              it_behaves_like :cbc_encryption
-            end
-          end
-
-          context 'when jwt given' do
-            let(:plain_text) { jwt.to_s }
-            let(:jwt) { JSON::JWT.new(foo: :bar) }
-            let(:jwe) { JSON::JWE.new jwt }
-
-            context 'when alg=RSA-OAEP' do
-              let(:key) { public_key }
-              before { jwe.alg = :'RSA1_5' }
-
-              it_behaves_like :gcm_encryption if gcm_supported?
-              it_behaves_like :cbc_encryption
-            end
-
-            context 'when alg=RSA-OAEP' do
-              let(:key) { public_key }
-              before { jwe.alg = :'RSA-OAEP' }
-
-              it_behaves_like :gcm_encryption if gcm_supported?
-              it_behaves_like :cbc_encryption
-            end
-          end
-        end
-      end
-    else
-      skip 'Nimbus JOSE unavailable'
-    end
-  end
-end

data/spec/interop/with_rfc_example_spec.rb

@@ -1,19 +0,0 @@
-require 'spec_helper'
-
-describe 'interop' do
-  describe 'with RFC Example' do
-    describe 'JWK Thubmprint' do
-      subject do
-        JSON::JWK.new(
-          kty: :RSA,
-          n: '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw',
-          e: 'AQAB',
-          alg: :RSA256,
-          kid: '2011-04-29'
-        )
-      end
-
-      its(:thumbprint) { should == 'NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs' }
-    end
-  end
-end

data/spec/json/jwe_spec.rb

@@ -1,351 +0,0 @@
-require 'spec_helper'
-
-describe JSON::JWE do
-  let(:private_key_path) { der_file_path 'rsa/private_key' }
-
-  describe '#content_type' do
-    let(:jwe) { JSON::JWE.new 'hello' }
-    it do
-      jwe.content_type.should == 'application/jose'
-    end
-  end
-
-  describe 'encrypt!' do
-    shared_examples_for :gcm_encryption_unsupported do
-      if gcm_supported?
-        skip 'GSM supported'
-      else
-        context 'when enc=A128GCM' do
-          before { jwe.enc = :A128GCM }
-
-          it do
-            expect do
-              jwe.encrypt! key
-            end.to raise_error JSON::JWE::UnexpectedAlgorithm
-          end
-        end
-
-        context 'when enc=A256GCM' do
-          before { jwe.enc = :A256GCM }
-
-          it do
-            expect do
-              jwe.encrypt! key
-            end.to raise_error JSON::JWE::UnexpectedAlgorithm
-          end
-        end
-      end
-    end
-
-    shared_examples_for :unexpected_algorithm_for_encryption do
-      it do
-        expect do
-          jwe.encrypt!(key).to_s # NOTE: encrypt! won't raise, but to_s does. might need to fix.
-        end.to raise_error JSON::JWE::UnexpectedAlgorithm
-      end
-    end
-
-    shared_examples_for :unsupported_algorithm_for_encryption do
-      it do
-        expect do
-          jwe.encrypt!(key).to_s # NOTE: encrypt! won't raise, but to_s does. might need to fix.
-        end.to raise_error NotImplementedError
-      end
-    end
-
-    context 'when plaintext given' do
-      let(:plain_text) { 'Hello World' }
-      let(:jwe) { JSON::JWE.new plain_text }
-
-      context 'when alg=RSA1_5' do
-        let(:key) { public_key }
-        before { jwe.alg = :'RSA1_5' }
-        it_behaves_like :gcm_encryption_unsupported
-      end
-
-      context 'when alg=RSA-OAEP' do
-        let(:key) { public_key }
-        before { jwe.alg = :'RSA-OAEP' }
-        it_behaves_like :gcm_encryption_unsupported
-      end
-
-      context 'when alg=dir' do
-        it :TODO
-      end
-
-      context 'when alg=A128KW' do
-        it :TODO
-      end
-
-      context 'when alg=A256KW' do
-        it :TODO
-      end
-
-      context 'when unknonw/unsupported algorithm given' do
-        let(:key) { public_key }
-        let(:alg) { :RSA1_5 }
-        let(:enc) { :'A128CBC-HS256' }
-        before { jwe.alg, jwe.enc = alg, enc }
-
-        context 'when alg=unknown' do
-          let(:alg) { :unknown }
-          it_behaves_like :unexpected_algorithm_for_encryption
-        end
-
-        context 'when enc=unknown' do
-          let(:enc) { :unknown }
-          it_behaves_like :unexpected_algorithm_for_encryption
-        end
-
-        [:'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg|
-          context "when alg=#{alg}" do
-            let(:alg) { alg }
-            it_behaves_like :unsupported_algorithm_for_encryption
-          end
-        end
-      end
-    end
-
-    context 'when jwt given' do
-      let(:plain_text) { jwt.to_s }
-      let(:jwt) { JSON::JWT.new(foo: :bar) }
-      let(:jwe) { JSON::JWE.new jwt }
-
-      context 'when alg=RSA-OAEP' do
-        let(:key) { public_key }
-        before { jwe.alg = :'RSA1_5' }
-        it_behaves_like :gcm_encryption_unsupported
-      end
-
-      context 'when alg=RSA-OAEP' do
-        let(:key) { public_key }
-        before { jwe.alg = :'RSA-OAEP' }
-        it_behaves_like :gcm_encryption_unsupported
-      end
-    end
-  end
-
-  describe 'decrypt!' do
-    let(:plain_text) { 'Hello World' }
-    let(:jwe_string) do
-      _jwe_ = JSON::JWE.new plain_text
-      _jwe_.alg, _jwe_.enc = alg, enc
-      _jwe_.encrypt! key
-      _jwe_.to_s
-    end
-    let(:jwe) do
-      _jwe_ = JSON::JWE.decode jwe_string, :skip_decryption
-      _jwe_.alg, _jwe_.enc = alg, enc
-      _jwe_
-    end
-
-    shared_examples_for :decryptable do
-      it do
-        jwe.decrypt! key
-        jwe.plain_text.should == plain_text
-      end
-    end
-
-    shared_examples_for :gcm_decryption_unsupported do
-      it do
-        expect do
-          jwe.decrypt! key
-        end.to raise_error JSON::JWE::UnexpectedAlgorithm
-      end
-    end
-
-    shared_examples_for :verify_cbc_authentication_tag do
-      let(:jwe_string) do
-        _jwe_ = JSON::JWE.new plain_text
-        _jwe_.alg, _jwe_.enc = alg, enc
-        _jwe_.encrypt! key
-        _jwe_.to_s + 'tampered'
-      end
-
-      it do
-        expect do
-          jwe.decrypt! key
-        end.to raise_error JSON::JWE::DecryptionFailed
-      end
-    end
-
-    shared_examples_for :verify_gcm_authentication_tag do
-      let(:jwe_string) do
-        _jwe_ = JSON::JWE.new plain_text
-        _jwe_.alg, _jwe_.enc = alg, enc
-        _jwe_.encrypt! key
-        header, key, iv, cipher_text, auth_tag = _jwe_.to_s.split('.')
-        truncated_auth_tag = Base64.urlsafe_decode64(auth_tag).slice(0..-2)
-        truncated_auth_tag = Base64.urlsafe_encode64(truncated_auth_tag, padding: false)
-        [header, key, iv, cipher_text, truncated_auth_tag].join('.')
-      end
-
-      it do
-        expect do
-          jwe.decrypt! key
-        end.to raise_error JSON::JWE::DecryptionFailed
-      end
-    end
-
-    shared_examples_for :unexpected_algorithm_for_decryption do
-      it do
-        expect do
-          jwe.decrypt! key
-        end.to raise_error JSON::JWE::UnexpectedAlgorithm
-      end
-    end
-
-    shared_examples_for :unsupported_algorithm_for_decryption do
-      it do
-        expect do
-          jwe.decrypt! key
-        end.to raise_error NotImplementedError
-      end
-    end
-
-    context 'when alg=RSA1_5' do
-      let(:alg) { :RSA1_5 }
-      let(:key) { private_key }
-
-      context 'when enc=A128GCM' do
-        let(:enc) { :A128GCM }
-        if gcm_supported?
-          it_behaves_like :decryptable
-          it_behaves_like :verify_gcm_authentication_tag
-        else
-          it_behaves_like :gcm_decryption_unsupported
-        end
-      end
-
-      context 'when enc=A256GCM' do
-        let(:enc) { :A256GCM }
-        if gcm_supported?
-          it_behaves_like :decryptable
-          it_behaves_like :verify_gcm_authentication_tag
-        else
-          it_behaves_like :gcm_decryption_unsupported
-        end
-      end
-
-      context 'when enc=A128CBC-HS256' do
-        let(:enc) { :'A128CBC-HS256' }
-        it_behaves_like :decryptable
-      end
-
-      context 'when enc=A256CBC-HS512' do
-        let(:enc) { :'A256CBC-HS512' }
-        it_behaves_like :decryptable
-      end
-    end
-
-    context 'when alg=RSA-OAEP' do
-      let(:alg) { :'RSA-OAEP' }
-      let(:key) { private_key }
-
-      context 'when enc=A128GCM' do
-        let(:enc) { :A128GCM }
-        if gcm_supported?
-          it_behaves_like :decryptable
-          it_behaves_like :verify_gcm_authentication_tag
-        else
-          it_behaves_like :gcm_decryption_unsupported
-        end
-      end
-
-      context 'when enc=A256GCM' do
-        let(:enc) { :A256GCM }
-        if gcm_supported?
-          it_behaves_like :decryptable
-          it_behaves_like :verify_gcm_authentication_tag
-        else
-          it_behaves_like :gcm_decryption_unsupported
-        end
-      end
-
-      context 'when enc=A128CBC-HS256' do
-        let(:enc) { :'A128CBC-HS256' }
-        it_behaves_like :decryptable
-        it_behaves_like :verify_cbc_authentication_tag
-      end
-
-      context 'when enc=A256CBC-HS512' do
-        let(:enc) { :'A256CBC-HS512' }
-        it_behaves_like :decryptable
-        it_behaves_like :verify_cbc_authentication_tag
-      end
-    end
-
-    context 'when alg=dir' do
-      let(:alg) { :dir }
-      let(:key) { SecureRandom.random_bytes key_size }
-
-      context 'when enc=A128GCM' do
-        let(:enc) { :A128GCM }
-        let(:key_size) { 16 }
-        if gcm_supported?
-          it_behaves_like :decryptable
-          it_behaves_like :verify_gcm_authentication_tag
-        else
-          it_behaves_like :gcm_decryption_unsupported
-        end
-      end
-
-      context 'when enc=A256GCM' do
-        let(:enc) { :A256GCM }
-        let(:key_size) { 32 }
-        if gcm_supported?
-          it_behaves_like :decryptable
-          it_behaves_like :verify_gcm_authentication_tag
-        else
-          it_behaves_like :gcm_decryption_unsupported
-        end
-      end
-
-      context 'when enc=A128CBC-HS256' do
-        let(:enc) { :'A128CBC-HS256' }
-        let(:key_size) { 32 }
-        it_behaves_like :decryptable
-        it_behaves_like :verify_cbc_authentication_tag
-      end
-
-      context 'when enc=A256CBC-HS512' do
-        let(:enc) { :'A256CBC-HS512' }
-        let(:key_size) { 64 }
-        it_behaves_like :decryptable
-        it_behaves_like :verify_cbc_authentication_tag
-      end
-    end
-
-    context 'when alg=A128KW' do
-      it :TODO
-    end
-
-    context 'when alg=A256KW' do
-      it :TODO
-    end
-
-    context 'when unknonw/unsupported algorithm given' do
-      let(:input) { 'header.key.iv.cipher_text.auth_tag' }
-      let(:key) { public_key }
-      let(:alg) { :RSA1_5 }
-      let(:enc) { :'A128CBC-HS256' }
-
-      context 'when alg=unknown' do
-        let(:alg) { :unknown }
-        it_behaves_like :unexpected_algorithm_for_decryption
-      end
-
-      context 'when enc=unknown' do
-        let(:enc) { :unknown }
-        it_behaves_like :unexpected_algorithm_for_decryption
-      end
-
-      [:'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg|
-        context "when alg=#{alg}" do
-          let(:alg) { alg }
-          it_behaves_like :unsupported_algorithm_for_decryption
-        end
-      end
-    end
-  end
-end