json-jwt 1.15.3 → 1.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.github/workflows/{test_ruby.yml → spec.yml} +6 -4
- data/CHANGELOG.md +11 -0
- data/README.md +0 -2
- data/VERSION +1 -1
- data/json-jwt.gemspec +2 -1
- data/lib/json/jwe.rb +14 -4
- data/lib/json/jwk/set/fetcher.rb +8 -12
- data/lib/json/jwt.rb +3 -3
- metadata +20 -7
- data/.travis.yml +0 -12
- data/lib/json/jwk/set/fetcher/debugger/request_filter.rb +0 -34
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0593ae4268dde10889b1e4272e01d7c95f2fdb2c69b365b81b67837b66d30531'
|
|
4
|
+
data.tar.gz: 27badbcb85bf47a663eed76b859cf0c7d502a0bb683a8f10ce9d8e3539a9149c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa6a607b44857bddb3f1f489c60cea213eaef6c4ab3481ffb3b665b21c4088bc7e12724bda2ca6c66d55cc2032cc392f85d08cabc6e774f5e8cb13bd62ec695d
|
|
7
|
+
data.tar.gz: c75bd449bb1e6d746e456ea2c58582cfff85a4d285f30d53e4b724f7904d13f626f84899034dffccdf4e9c41db0721b1573d968c45d2c123b1fb1e42e1379f8b
|
|
@@ -1,14 +1,16 @@
|
|
|
1
|
-
name:
|
|
1
|
+
name: Spec
|
|
2
2
|
|
|
3
3
|
on:
|
|
4
4
|
push:
|
|
5
|
+
branches:
|
|
6
|
+
- master
|
|
5
7
|
pull_request:
|
|
6
8
|
|
|
7
9
|
permissions:
|
|
8
10
|
contents: read
|
|
9
11
|
|
|
10
12
|
jobs:
|
|
11
|
-
|
|
13
|
+
spec:
|
|
12
14
|
strategy:
|
|
13
15
|
matrix:
|
|
14
16
|
os: ['ubuntu-20.04']
|
|
@@ -26,5 +28,5 @@ jobs:
|
|
|
26
28
|
with:
|
|
27
29
|
ruby-version: ${{ matrix.ruby-version }}
|
|
28
30
|
bundler-cache: true
|
|
29
|
-
- name: Run
|
|
30
|
-
run: bundle exec rake
|
|
31
|
+
- name: Run Specs
|
|
32
|
+
run: bundle exec rake spec
|
data/CHANGELOG.md
ADDED
data/README.md
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.16.1
|
data/json-jwt.gemspec
CHANGED
|
@@ -16,7 +16,8 @@ Gem::Specification.new do |gem|
|
|
|
16
16
|
gem.add_runtime_dependency 'activesupport', '>= 4.2'
|
|
17
17
|
gem.add_runtime_dependency 'bindata'
|
|
18
18
|
gem.add_runtime_dependency 'aes_key_wrap'
|
|
19
|
-
gem.add_runtime_dependency '
|
|
19
|
+
gem.add_runtime_dependency 'faraday', '~> 2.0'
|
|
20
|
+
gem.add_runtime_dependency 'faraday-follow_redirects'
|
|
20
21
|
gem.add_development_dependency 'rake'
|
|
21
22
|
gem.add_development_dependency 'simplecov'
|
|
22
23
|
gem.add_development_dependency 'webmock'
|
data/lib/json/jwe.rb
CHANGED
|
@@ -43,9 +43,12 @@ module JSON
|
|
|
43
43
|
raise UnexpectedAlgorithm.new('Unexpected alg header') unless algorithms.blank? || Array(algorithms).include?(alg)
|
|
44
44
|
raise UnexpectedAlgorithm.new('Unexpected enc header') unless encryption_methods.blank? || Array(encryption_methods).include?(enc)
|
|
45
45
|
self.private_key_or_secret = with_jwk_support private_key_or_secret
|
|
46
|
-
cipher.decrypt
|
|
47
46
|
self.content_encryption_key = decrypt_content_encryption_key
|
|
48
47
|
self.mac_key, self.encryption_key = derive_encryption_and_mac_keys
|
|
48
|
+
|
|
49
|
+
verify_cbc_authentication_tag! if cbc?
|
|
50
|
+
|
|
51
|
+
cipher.decrypt
|
|
49
52
|
cipher.key = encryption_key
|
|
50
53
|
cipher.iv = iv # NOTE: 'iv' has to be set after 'key' for GCM
|
|
51
54
|
if gcm?
|
|
@@ -54,8 +57,15 @@ module JSON
|
|
|
54
57
|
cipher.auth_tag = authentication_tag
|
|
55
58
|
cipher.auth_data = auth_data
|
|
56
59
|
end
|
|
57
|
-
|
|
58
|
-
|
|
60
|
+
|
|
61
|
+
begin
|
|
62
|
+
self.plain_text = cipher.update(cipher_text) + cipher.final
|
|
63
|
+
rescue OpenSSL::OpenSSLError
|
|
64
|
+
# Ensure that the same error is raised for invalid PKCS7 padding
|
|
65
|
+
# as for invalid signatures. This prevents padding-oracle attacks.
|
|
66
|
+
raise DecryptionFailed
|
|
67
|
+
end
|
|
68
|
+
|
|
59
69
|
self
|
|
60
70
|
end
|
|
61
71
|
|
|
@@ -244,7 +254,7 @@ module JSON
|
|
|
244
254
|
sha_digest, mac_key, secured_input
|
|
245
255
|
)[0, sha_size / 2 / 8]
|
|
246
256
|
unless secure_compare(authentication_tag, expected_authentication_tag)
|
|
247
|
-
raise DecryptionFailed
|
|
257
|
+
raise DecryptionFailed
|
|
248
258
|
end
|
|
249
259
|
end
|
|
250
260
|
|
data/lib/json/jwk/set/fetcher.rb
CHANGED
|
@@ -36,17 +36,13 @@ module JSON
|
|
|
36
36
|
self.debugging = false
|
|
37
37
|
|
|
38
38
|
def self.http_client
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
_http_client_.request_filter << Debugger::RequestFilter.new if debugging?
|
|
48
|
-
http_config.try(:call, _http_client_)
|
|
49
|
-
_http_client_
|
|
39
|
+
Faraday.new(headers: {user_agent: "JSON::JWK::Set::Fetcher #{VERSION}"}) do |faraday|
|
|
40
|
+
faraday.response :raise_error
|
|
41
|
+
faraday.response :follow_redirects
|
|
42
|
+
faraday.response :logger, JSON::JWK::Set::Fetcher.logger if debugging?
|
|
43
|
+
faraday.adapter Faraday.default_adapter
|
|
44
|
+
http_config.try(:call, faraday)
|
|
45
|
+
end
|
|
50
46
|
end
|
|
51
47
|
def self.http_config(&block)
|
|
52
48
|
@@http_config ||= block
|
|
@@ -70,7 +66,7 @@ module JSON
|
|
|
70
66
|
jwks = Set.new(
|
|
71
67
|
JSON.parse(
|
|
72
68
|
cache.fetch(cache_key, options) do
|
|
73
|
-
http_client.
|
|
69
|
+
http_client.get(jwks_uri).body
|
|
74
70
|
end
|
|
75
71
|
)
|
|
76
72
|
)
|
data/lib/json/jwt.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'openssl'
|
|
2
2
|
require 'base64'
|
|
3
|
-
require '
|
|
3
|
+
require 'faraday'
|
|
4
|
+
require 'faraday/follow_redirects'
|
|
4
5
|
require 'active_support'
|
|
5
6
|
require 'active_support/core_ext'
|
|
6
7
|
require 'json/jose'
|
|
@@ -137,5 +138,4 @@ require 'json/jwe'
|
|
|
137
138
|
require 'json/jwk'
|
|
138
139
|
require 'json/jwk/jwkizable'
|
|
139
140
|
require 'json/jwk/set'
|
|
140
|
-
require 'json/jwk/set/fetcher'
|
|
141
|
-
require 'json/jwk/set/fetcher/debugger/request_filter'
|
|
141
|
+
require 'json/jwk/set/fetcher'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.16.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -53,7 +53,21 @@ dependencies:
|
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
56
|
+
name: faraday
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '2.0'
|
|
62
|
+
type: :runtime
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '2.0'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: faraday-follow_redirects
|
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
|
58
72
|
requirements:
|
|
59
73
|
- - ">="
|
|
@@ -145,11 +159,11 @@ extensions: []
|
|
|
145
159
|
extra_rdoc_files: []
|
|
146
160
|
files:
|
|
147
161
|
- ".github/FUNDING.yml"
|
|
148
|
-
- ".github/workflows/
|
|
162
|
+
- ".github/workflows/spec.yml"
|
|
149
163
|
- ".gitignore"
|
|
150
164
|
- ".gitmodules"
|
|
151
165
|
- ".rspec"
|
|
152
|
-
-
|
|
166
|
+
- CHANGELOG.md
|
|
153
167
|
- Gemfile
|
|
154
168
|
- LICENSE
|
|
155
169
|
- README.md
|
|
@@ -162,7 +176,6 @@ files:
|
|
|
162
176
|
- lib/json/jwk/jwkizable.rb
|
|
163
177
|
- lib/json/jwk/set.rb
|
|
164
178
|
- lib/json/jwk/set/fetcher.rb
|
|
165
|
-
- lib/json/jwk/set/fetcher/debugger/request_filter.rb
|
|
166
179
|
- lib/json/jws.rb
|
|
167
180
|
- lib/json/jwt.rb
|
|
168
181
|
homepage: https://github.com/nov/json-jwt
|
|
@@ -184,7 +197,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
184
197
|
- !ruby/object:Gem::Version
|
|
185
198
|
version: '0'
|
|
186
199
|
requirements: []
|
|
187
|
-
rubygems_version: 3.
|
|
200
|
+
rubygems_version: 3.3.7
|
|
188
201
|
signing_key:
|
|
189
202
|
specification_version: 4
|
|
190
203
|
summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
|
data/.travis.yml
DELETED
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
module JSON
|
|
2
|
-
class JWK
|
|
3
|
-
class Set
|
|
4
|
-
module Fetcher
|
|
5
|
-
module Debugger
|
|
6
|
-
class RequestFilter
|
|
7
|
-
# Callback called in HTTPClient (before sending a request)
|
|
8
|
-
# request:: HTTP::Message
|
|
9
|
-
def filter_request(request)
|
|
10
|
-
started = "======= [JSON::JWK::Set::Fetcher] HTTP REQUEST STARTED ======="
|
|
11
|
-
log started, request.dump
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
# Callback called in HTTPClient (after received a response)
|
|
15
|
-
# request:: HTTP::Message
|
|
16
|
-
# response:: HTTP::Message
|
|
17
|
-
def filter_response(request, response)
|
|
18
|
-
finished = "======= [JSON::JWK::Set::Fetcher] HTTP REQUEST FINISHED ======="
|
|
19
|
-
log '-' * 50, response.dump, finished
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
private
|
|
23
|
-
|
|
24
|
-
def log(*outputs)
|
|
25
|
-
outputs.each do |output|
|
|
26
|
-
JSON::JWK::Set::Fetcher.logger.info output
|
|
27
|
-
end
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
end
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|