json-jwt 1.12.0 → 1.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/json-jwt.gemspec +1 -1
- data/lib/json/jose.rb +2 -0
- data/lib/json/jwe.rb +3 -3
- data/lib/json/jwk.rb +4 -2
- data/lib/json/jwk/jwkizable.rb +2 -0
- data/lib/json/jws.rb +15 -17
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e18796342211bf21448b9bb5b43749894717bc0a270ae7e1679efbbaa387fc4b
|
|
4
|
+
data.tar.gz: 19b56b26f69a78d2b3ac842865571b973426006b371674ebb6f19cfaf9156385
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 90e611ff8e6f87f4b4008c15839008b0eaea3abf498e1d40dcfb875c99c7212d558d38ea5e93f74e3dcbfb4c0f05d29d712b8e64152179ccd02602b6ec79c8ca
|
|
7
|
+
data.tar.gz: 82eb46ca549465d81027f9953f2cde953a582a7912e534a828b1114c78e1f469c9e03c9ebfb6b6609bddf11e1686defe10134fe287ed2b5768e05b8a3b53babf
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.13.0
|
data/json-jwt.gemspec
CHANGED
|
@@ -12,7 +12,7 @@ Gem::Specification.new do |gem|
|
|
|
12
12
|
end
|
|
13
13
|
gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
|
14
14
|
gem.require_paths = ['lib']
|
|
15
|
-
gem.required_ruby_version = '>= 2.
|
|
15
|
+
gem.required_ruby_version = '>= 2.4'
|
|
16
16
|
gem.add_runtime_dependency 'activesupport', '>= 4.2'
|
|
17
17
|
gem.add_runtime_dependency 'bindata'
|
|
18
18
|
gem.add_runtime_dependency 'aes_key_wrap'
|
data/lib/json/jose.rb
CHANGED
|
@@ -7,6 +7,8 @@ module JSON
|
|
|
7
7
|
included do
|
|
8
8
|
extend ClassMethods
|
|
9
9
|
register_header_keys :alg, :jku, :jwk, :x5u, :x5t, :x5c, :kid, :typ, :cty, :crit
|
|
10
|
+
|
|
11
|
+
# NOTE: not used anymore in this gem, but keeping in case developers are calling it.
|
|
10
12
|
alias_method :algorithm, :alg
|
|
11
13
|
|
|
12
14
|
attr_writer :header
|
data/lib/json/jwe.rb
CHANGED
|
@@ -107,7 +107,7 @@ module JSON
|
|
|
107
107
|
end
|
|
108
108
|
|
|
109
109
|
def dir?
|
|
110
|
-
:dir ==
|
|
110
|
+
:dir == alg&.to_sym
|
|
111
111
|
end
|
|
112
112
|
|
|
113
113
|
def cipher
|
|
@@ -159,7 +159,7 @@ module JSON
|
|
|
159
159
|
# encryption
|
|
160
160
|
|
|
161
161
|
def jwe_encrypted_key
|
|
162
|
-
@jwe_encrypted_key ||= case
|
|
162
|
+
@jwe_encrypted_key ||= case alg&.to_sym
|
|
163
163
|
when :RSA1_5
|
|
164
164
|
public_key_or_secret.public_encrypt content_encryption_key
|
|
165
165
|
when :'RSA-OAEP'
|
|
@@ -211,7 +211,7 @@ module JSON
|
|
|
211
211
|
|
|
212
212
|
def decrypt_content_encryption_key
|
|
213
213
|
fake_content_encryption_key = generate_content_encryption_key # NOTE: do this always not to make timing difference
|
|
214
|
-
case
|
|
214
|
+
case alg&.to_sym
|
|
215
215
|
when :RSA1_5
|
|
216
216
|
private_key_or_secret.private_decrypt jwe_encrypted_key
|
|
217
217
|
when :'RSA-OAEP'
|
data/lib/json/jwk.rb
CHANGED
|
@@ -88,13 +88,13 @@ module JSON
|
|
|
88
88
|
end
|
|
89
89
|
|
|
90
90
|
private
|
|
91
|
-
|
|
91
|
+
|
|
92
92
|
def calculate_default_kid
|
|
93
93
|
self[:kid] = thumbprint
|
|
94
94
|
rescue
|
|
95
95
|
# ignore
|
|
96
96
|
end
|
|
97
|
-
|
|
97
|
+
|
|
98
98
|
def to_rsa_key
|
|
99
99
|
e, n, d, p, q, dp, dq, qi = [:e, :n, :d, :p, :q, :dp, :dq, :qi].collect do |key|
|
|
100
100
|
if self[key]
|
|
@@ -127,6 +127,8 @@ module JSON
|
|
|
127
127
|
'secp384r1'
|
|
128
128
|
when :'P-521'
|
|
129
129
|
'secp521r1'
|
|
130
|
+
when :secp256k1
|
|
131
|
+
'secp256k1'
|
|
130
132
|
else
|
|
131
133
|
raise UnknownAlgorithm.new('Unknown EC Curve')
|
|
132
134
|
end
|
data/lib/json/jwk/jwkizable.rb
CHANGED
data/lib/json/jws.rb
CHANGED
|
@@ -13,7 +13,7 @@ module JSON
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def sign!(private_key_or_secret)
|
|
16
|
-
self.alg = autodetected_algorithm_from(private_key_or_secret) if
|
|
16
|
+
self.alg = autodetected_algorithm_from(private_key_or_secret) if alg == :autodetect
|
|
17
17
|
self.signature = sign signature_base_string, private_key_or_secret
|
|
18
18
|
self
|
|
19
19
|
end
|
|
@@ -43,31 +43,23 @@ module JSON
|
|
|
43
43
|
private
|
|
44
44
|
|
|
45
45
|
def digest
|
|
46
|
-
OpenSSL::Digest.new "SHA#{
|
|
46
|
+
OpenSSL::Digest.new "SHA#{alg.to_s[2, 3]}"
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def hmac?
|
|
50
|
-
[:HS256, :HS384, :HS512].include?
|
|
50
|
+
[:HS256, :HS384, :HS512].include? alg&.to_sym
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
def rsa?
|
|
54
|
-
[:RS256, :RS384, :RS512].include?
|
|
54
|
+
[:RS256, :RS384, :RS512].include? alg&.to_sym
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
def rsa_pss?
|
|
58
|
-
|
|
59
|
-
if OpenSSL::VERSION < '2.1.0'
|
|
60
|
-
raise "#{alg} isn't supported. OpenSSL gem v2.1.0+ is required to use #{alg}."
|
|
61
|
-
else
|
|
62
|
-
true
|
|
63
|
-
end
|
|
64
|
-
else
|
|
65
|
-
false
|
|
66
|
-
end
|
|
58
|
+
[:PS256, :PS384, :PS512].include? alg&.to_sym
|
|
67
59
|
end
|
|
68
60
|
|
|
69
61
|
def ecdsa?
|
|
70
|
-
[:ES256, :ES384, :ES512].include?
|
|
62
|
+
[:ES256, :ES384, :ES512, :ES256K].include? alg&.to_sym
|
|
71
63
|
end
|
|
72
64
|
|
|
73
65
|
def autodetected_algorithm_from(private_key_or_secret)
|
|
@@ -85,6 +77,8 @@ module JSON
|
|
|
85
77
|
:ES384
|
|
86
78
|
when 'secp521r1'
|
|
87
79
|
:ES512
|
|
80
|
+
when 'secp256k1'
|
|
81
|
+
:ES256K
|
|
88
82
|
else
|
|
89
83
|
raise UnknownAlgorithm.new('Unknown EC Curve')
|
|
90
84
|
end
|
|
@@ -118,8 +112,7 @@ module JSON
|
|
|
118
112
|
private_key = private_key_or_secret
|
|
119
113
|
verify_ecdsa_group! private_key
|
|
120
114
|
asn1_to_raw(
|
|
121
|
-
private_key.
|
|
122
|
-
# private_key.sign(digest, signature_base_string), # NOTE: this causes `undefined method `private?'` error in ruby 2.3
|
|
115
|
+
private_key.sign(digest, signature_base_string),
|
|
123
116
|
private_key
|
|
124
117
|
)
|
|
125
118
|
else
|
|
@@ -152,7 +145,12 @@ module JSON
|
|
|
152
145
|
def verify_ecdsa_group!(key)
|
|
153
146
|
group_name = case digest.digest_length * 8
|
|
154
147
|
when 256
|
|
155
|
-
|
|
148
|
+
case key.group.curve_name
|
|
149
|
+
when 'secp256k1'
|
|
150
|
+
:secp256k1
|
|
151
|
+
else
|
|
152
|
+
:prime256v1
|
|
153
|
+
end
|
|
156
154
|
when 384
|
|
157
155
|
:secp384r1
|
|
158
156
|
when 512
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.13.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05-
|
|
11
|
+
date: 2020-05-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -145,7 +145,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
145
145
|
requirements:
|
|
146
146
|
- - ">="
|
|
147
147
|
- !ruby/object:Gem::Version
|
|
148
|
-
version: '2.
|
|
148
|
+
version: '2.4'
|
|
149
149
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
150
150
|
requirements:
|
|
151
151
|
- - ">="
|