json-jwt 1.11.0 → 1.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +3 -0
- data/.gitmodules +1 -1
- data/.travis.yml +4 -3
- data/VERSION +1 -1
- data/json-jwt.gemspec +1 -1
- data/lib/json/jose.rb +2 -0
- data/lib/json/jwe.rb +3 -3
- data/lib/json/jwk/jwkizable.rb +2 -0
- data/lib/json/jwk.rb +55 -27
- data/lib/json/jws.rb +17 -19
- metadata +8 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91fcaee7ac6b72ca2ac913dedf96d5720c979428de6dce8c92dfd20dc692090b
|
|
4
|
+
data.tar.gz: 874d9dc15ae88e8378329786239ff8474bb6d79ff4ca83302734eed8e920d497
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5d6bf57a02244d0661ee1a57abdbac9d549db17f25d4f65685d3055b51ad8a20c5f48fb9c50bd069d152192d8c25dd76b44cac65c72d1d66d7f6009d1399ed5d
|
|
7
|
+
data.tar.gz: db006e919ed6ee3f5fa87bce489011ec49d87e39e734fe81e1e72dbb8863ab8fe1d30892f960868f1e45176d97950abb2bc847b20b29321bab3912fa8083ca86
|
data/.github/FUNDING.yml
ADDED
data/.gitmodules
CHANGED
data/.travis.yml
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.14.0
|
data/json-jwt.gemspec
CHANGED
|
@@ -12,7 +12,7 @@ Gem::Specification.new do |gem|
|
|
|
12
12
|
end
|
|
13
13
|
gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
|
14
14
|
gem.require_paths = ['lib']
|
|
15
|
-
gem.required_ruby_version = '>= 2.
|
|
15
|
+
gem.required_ruby_version = '>= 2.4'
|
|
16
16
|
gem.add_runtime_dependency 'activesupport', '>= 4.2'
|
|
17
17
|
gem.add_runtime_dependency 'bindata'
|
|
18
18
|
gem.add_runtime_dependency 'aes_key_wrap'
|
data/lib/json/jose.rb
CHANGED
|
@@ -7,6 +7,8 @@ module JSON
|
|
|
7
7
|
included do
|
|
8
8
|
extend ClassMethods
|
|
9
9
|
register_header_keys :alg, :jku, :jwk, :x5u, :x5t, :x5c, :kid, :typ, :cty, :crit
|
|
10
|
+
|
|
11
|
+
# NOTE: not used anymore in this gem, but keeping in case developers are calling it.
|
|
10
12
|
alias_method :algorithm, :alg
|
|
11
13
|
|
|
12
14
|
attr_writer :header
|
data/lib/json/jwe.rb
CHANGED
|
@@ -107,7 +107,7 @@ module JSON
|
|
|
107
107
|
end
|
|
108
108
|
|
|
109
109
|
def dir?
|
|
110
|
-
:dir ==
|
|
110
|
+
:dir == alg&.to_sym
|
|
111
111
|
end
|
|
112
112
|
|
|
113
113
|
def cipher
|
|
@@ -159,7 +159,7 @@ module JSON
|
|
|
159
159
|
# encryption
|
|
160
160
|
|
|
161
161
|
def jwe_encrypted_key
|
|
162
|
-
@jwe_encrypted_key ||= case
|
|
162
|
+
@jwe_encrypted_key ||= case alg&.to_sym
|
|
163
163
|
when :RSA1_5
|
|
164
164
|
public_key_or_secret.public_encrypt content_encryption_key
|
|
165
165
|
when :'RSA-OAEP'
|
|
@@ -211,7 +211,7 @@ module JSON
|
|
|
211
211
|
|
|
212
212
|
def decrypt_content_encryption_key
|
|
213
213
|
fake_content_encryption_key = generate_content_encryption_key # NOTE: do this always not to make timing difference
|
|
214
|
-
case
|
|
214
|
+
case alg&.to_sym
|
|
215
215
|
when :RSA1_5
|
|
216
216
|
private_key_or_secret.private_decrypt jwe_encrypted_key
|
|
217
217
|
when :'RSA-OAEP'
|
data/lib/json/jwk/jwkizable.rb
CHANGED
data/lib/json/jwk.rb
CHANGED
|
@@ -50,8 +50,6 @@ module JSON
|
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
52
|
|
|
53
|
-
private
|
|
54
|
-
|
|
55
53
|
def rsa?
|
|
56
54
|
self[:kty]&.to_sym == :RSA
|
|
57
55
|
end
|
|
@@ -64,12 +62,6 @@ module JSON
|
|
|
64
62
|
self[:kty]&.to_sym == :oct
|
|
65
63
|
end
|
|
66
64
|
|
|
67
|
-
def calculate_default_kid
|
|
68
|
-
self[:kid] = thumbprint
|
|
69
|
-
rescue
|
|
70
|
-
# ignore
|
|
71
|
-
end
|
|
72
|
-
|
|
73
65
|
def normalize
|
|
74
66
|
case
|
|
75
67
|
when rsa?
|
|
@@ -95,28 +87,43 @@ module JSON
|
|
|
95
87
|
end
|
|
96
88
|
end
|
|
97
89
|
|
|
90
|
+
private
|
|
91
|
+
|
|
92
|
+
def calculate_default_kid
|
|
93
|
+
self[:kid] = thumbprint
|
|
94
|
+
rescue
|
|
95
|
+
# ignore
|
|
96
|
+
end
|
|
97
|
+
|
|
98
98
|
def to_rsa_key
|
|
99
99
|
e, n, d, p, q, dp, dq, qi = [:e, :n, :d, :p, :q, :dp, :dq, :qi].collect do |key|
|
|
100
100
|
if self[key]
|
|
101
101
|
OpenSSL::BN.new Base64.urlsafe_decode64(self[key]), 2
|
|
102
102
|
end
|
|
103
103
|
end
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
104
|
+
|
|
105
|
+
# Public key
|
|
106
|
+
data_sequence = OpenSSL::ASN1::Sequence([
|
|
107
|
+
OpenSSL::ASN1::Integer(n),
|
|
108
|
+
OpenSSL::ASN1::Integer(e),
|
|
109
|
+
])
|
|
110
|
+
|
|
111
|
+
if d && p && q && dp && dq && qi
|
|
112
|
+
data_sequence = OpenSSL::ASN1::Sequence([
|
|
113
|
+
OpenSSL::ASN1::Integer(0),
|
|
114
|
+
OpenSSL::ASN1::Integer(n),
|
|
115
|
+
OpenSSL::ASN1::Integer(e),
|
|
116
|
+
OpenSSL::ASN1::Integer(d),
|
|
117
|
+
OpenSSL::ASN1::Integer(p),
|
|
118
|
+
OpenSSL::ASN1::Integer(q),
|
|
119
|
+
OpenSSL::ASN1::Integer(dp),
|
|
120
|
+
OpenSSL::ASN1::Integer(dq),
|
|
121
|
+
OpenSSL::ASN1::Integer(qi),
|
|
122
|
+
])
|
|
118
123
|
end
|
|
119
|
-
|
|
124
|
+
|
|
125
|
+
asn1 = OpenSSL::ASN1::Sequence(data_sequence)
|
|
126
|
+
OpenSSL::PKey::RSA.new(asn1.to_der)
|
|
120
127
|
end
|
|
121
128
|
|
|
122
129
|
def to_ec_key
|
|
@@ -127,6 +134,8 @@ module JSON
|
|
|
127
134
|
'secp384r1'
|
|
128
135
|
when :'P-521'
|
|
129
136
|
'secp521r1'
|
|
137
|
+
when :secp256k1
|
|
138
|
+
'secp256k1'
|
|
130
139
|
else
|
|
131
140
|
raise UnknownAlgorithm.new('Unknown EC Curve')
|
|
132
141
|
end
|
|
@@ -135,13 +144,32 @@ module JSON
|
|
|
135
144
|
Base64.urlsafe_decode64(self[key])
|
|
136
145
|
end
|
|
137
146
|
end
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
key.public_key = OpenSSL::PKey::EC::Point.new(
|
|
147
|
+
|
|
148
|
+
point = OpenSSL::PKey::EC::Point.new(
|
|
141
149
|
OpenSSL::PKey::EC::Group.new(curve_name),
|
|
142
150
|
OpenSSL::BN.new(['04' + x.unpack('H*').first + y.unpack('H*').first].pack('H*'), 2)
|
|
143
151
|
)
|
|
144
|
-
|
|
152
|
+
|
|
153
|
+
# Public key
|
|
154
|
+
data_sequence = OpenSSL::ASN1::Sequence([
|
|
155
|
+
OpenSSL::ASN1::Sequence([
|
|
156
|
+
OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
|
|
157
|
+
OpenSSL::ASN1::ObjectId(curve_name)
|
|
158
|
+
]),
|
|
159
|
+
OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
|
|
160
|
+
])
|
|
161
|
+
|
|
162
|
+
if d
|
|
163
|
+
# Private key
|
|
164
|
+
data_sequence = OpenSSL::ASN1::Sequence([
|
|
165
|
+
OpenSSL::ASN1::Integer(1),
|
|
166
|
+
OpenSSL::ASN1::OctetString(OpenSSL::BN.new(d, 2).to_s(2)),
|
|
167
|
+
OpenSSL::ASN1::ObjectId(curve_name, 0, :EXPLICIT),
|
|
168
|
+
OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
|
|
169
|
+
])
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
OpenSSL::PKey::EC.new(data_sequence.to_der)
|
|
145
173
|
end
|
|
146
174
|
end
|
|
147
175
|
end
|
data/lib/json/jws.rb
CHANGED
|
@@ -13,7 +13,7 @@ module JSON
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def sign!(private_key_or_secret)
|
|
16
|
-
self.alg = autodetected_algorithm_from(private_key_or_secret) if
|
|
16
|
+
self.alg = autodetected_algorithm_from(private_key_or_secret) if alg == :autodetect
|
|
17
17
|
self.signature = sign signature_base_string, private_key_or_secret
|
|
18
18
|
self
|
|
19
19
|
end
|
|
@@ -43,31 +43,23 @@ module JSON
|
|
|
43
43
|
private
|
|
44
44
|
|
|
45
45
|
def digest
|
|
46
|
-
OpenSSL::Digest.new "SHA#{
|
|
46
|
+
OpenSSL::Digest.new "SHA#{alg.to_s[2, 3]}"
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def hmac?
|
|
50
|
-
[:HS256, :HS384, :HS512].include?
|
|
50
|
+
[:HS256, :HS384, :HS512].include? alg&.to_sym
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
def rsa?
|
|
54
|
-
[:RS256, :RS384, :RS512].include?
|
|
54
|
+
[:RS256, :RS384, :RS512].include? alg&.to_sym
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
def rsa_pss?
|
|
58
|
-
|
|
59
|
-
if OpenSSL::VERSION < '2.1.0'
|
|
60
|
-
raise "#{alg} isn't supported. OpenSSL gem v2.1.0+ is required to use #{alg}."
|
|
61
|
-
else
|
|
62
|
-
true
|
|
63
|
-
end
|
|
64
|
-
else
|
|
65
|
-
false
|
|
66
|
-
end
|
|
58
|
+
[:PS256, :PS384, :PS512].include? alg&.to_sym
|
|
67
59
|
end
|
|
68
60
|
|
|
69
61
|
def ecdsa?
|
|
70
|
-
[:ES256, :ES384, :ES512].include?
|
|
62
|
+
[:ES256, :ES384, :ES512, :ES256K].include? alg&.to_sym
|
|
71
63
|
end
|
|
72
64
|
|
|
73
65
|
def autodetected_algorithm_from(private_key_or_secret)
|
|
@@ -85,6 +77,8 @@ module JSON
|
|
|
85
77
|
:ES384
|
|
86
78
|
when 'secp521r1'
|
|
87
79
|
:ES512
|
|
80
|
+
when 'secp256k1'
|
|
81
|
+
:ES256K
|
|
88
82
|
else
|
|
89
83
|
raise UnknownAlgorithm.new('Unknown EC Curve')
|
|
90
84
|
end
|
|
@@ -118,8 +112,7 @@ module JSON
|
|
|
118
112
|
private_key = private_key_or_secret
|
|
119
113
|
verify_ecdsa_group! private_key
|
|
120
114
|
asn1_to_raw(
|
|
121
|
-
private_key.
|
|
122
|
-
# private_key.sign(digest, signature_base_string), # NOTE: this causes `undefined method `private?'` error in ruby 2.3
|
|
115
|
+
private_key.sign(digest, signature_base_string),
|
|
123
116
|
private_key
|
|
124
117
|
)
|
|
125
118
|
else
|
|
@@ -152,14 +145,19 @@ module JSON
|
|
|
152
145
|
def verify_ecdsa_group!(key)
|
|
153
146
|
group_name = case digest.digest_length * 8
|
|
154
147
|
when 256
|
|
155
|
-
|
|
148
|
+
case key.group.curve_name
|
|
149
|
+
when 'secp256k1'
|
|
150
|
+
:secp256k1
|
|
151
|
+
else
|
|
152
|
+
:prime256v1
|
|
153
|
+
end
|
|
156
154
|
when 384
|
|
157
155
|
:secp384r1
|
|
158
156
|
when 512
|
|
159
157
|
:secp521r1
|
|
160
158
|
end
|
|
161
|
-
|
|
162
|
-
|
|
159
|
+
newkey = OpenSSL::PKey::EC.generate(group_name.to_s)
|
|
160
|
+
newkey.check_key
|
|
163
161
|
end
|
|
164
162
|
|
|
165
163
|
def raw_to_asn1(signature, public_key)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.14.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-07-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -116,6 +116,7 @@ executables: []
|
|
|
116
116
|
extensions: []
|
|
117
117
|
extra_rdoc_files: []
|
|
118
118
|
files:
|
|
119
|
+
- ".github/FUNDING.yml"
|
|
119
120
|
- ".gitignore"
|
|
120
121
|
- ".gitmodules"
|
|
121
122
|
- ".rspec"
|
|
@@ -137,7 +138,7 @@ homepage: https://github.com/nov/json-jwt
|
|
|
137
138
|
licenses:
|
|
138
139
|
- MIT
|
|
139
140
|
metadata: {}
|
|
140
|
-
post_install_message:
|
|
141
|
+
post_install_message:
|
|
141
142
|
rdoc_options: []
|
|
142
143
|
require_paths:
|
|
143
144
|
- lib
|
|
@@ -145,15 +146,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
145
146
|
requirements:
|
|
146
147
|
- - ">="
|
|
147
148
|
- !ruby/object:Gem::Version
|
|
148
|
-
version: '2.
|
|
149
|
+
version: '2.4'
|
|
149
150
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
150
151
|
requirements:
|
|
151
152
|
- - ">="
|
|
152
153
|
- !ruby/object:Gem::Version
|
|
153
154
|
version: '0'
|
|
154
155
|
requirements: []
|
|
155
|
-
rubygems_version: 3.
|
|
156
|
-
signing_key:
|
|
156
|
+
rubygems_version: 3.1.6
|
|
157
|
+
signing_key:
|
|
157
158
|
specification_version: 4
|
|
158
159
|
summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
|
|
159
160
|
JSON Web Key) in Ruby
|