RubyGems - json-jwt - Versions diffs - 1.2.1 → 1.2.2 - Mend

json-jwt 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of json-jwt might be problematic. Click here for more details.

Files changed (7) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c3ab6ed0771c53b02dec00aeaeba90587345d6b6
-  data.tar.gz: 487f5389dd2e3591344735f5a2d51ba73b4dcea8
+  metadata.gz: 4956348cf3828c6139ccc4d07759b219e57bb251
+  data.tar.gz: 68f781f2de2c2503eda3abf3418f8f80f908d5dc
 SHA512:
-  metadata.gz: e8dcc581bc77d01c02f44f5f22e5620f41c4d06028e934dddee955b6fe3d8c29795238be515c96a06d9a32779cae3926f85274199ed5db104c30df3f95ad3beb
-  data.tar.gz: 0f2a3b0c5352c016514600668100ddf6bc86dc521848fe6d2ccf689f99cb13fcee9498e578f3fe882bd7de6549164887a5094358e3246945f1e81cbf8d9b89c3
+  metadata.gz: c3f0df77b65f72a920743330dd3fbc9338c73e6df493746abafdf4ca2b370090892eb6b6b7c636b4db569af03a6e0e288425ea0d0df56fee28b6ae7dbee90cf3
+  data.tar.gz: 66b3c28180bd8573f1813e1db5922de6b7253ac4965cf30c9b307ffb6820520b4e76fdd1ba9d0d467bee2533a8eb6ba7a5b510d2e5ca480b5ab9e0d31abd966d

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 1.2.1
1	+ 1.2.2

data/lib/json/jwk.rb CHANGED

@@ -32,29 +32,17 @@ module JSON
     end
     def to_key
-      case self[:kty].try(:to_sym)
-      when :RSA
-        e, n, d = [:e, :n, :d].collect do |key|
-          if self[key]
-            OpenSSL::BN.new UrlSafeBase64.decode64(self[key]), 2
-          end
-        end
-        key = OpenSSL::PKey::RSA.new
-        key.e = e
-        key.n = n
-        key.d = d if d
-        key
-      when :EC
+      case
+      when rsa?
+        to_rsa_key
+      when ec?
         if RUBY_VERSION >= '2.0.0'
-          key = OpenSSL::PKey::EC.new full_curve_name
-          x, y = [self[:x], self[:y]].collect do |decoded|
-            OpenSSL::BN.new UrlSafeBase64.decode64(decoded), 2
-          end
-          key.public_key = OpenSSL::PKey::EC::Point.new(key.group).mul(x, y)
-          key
+          to_ec_key
         else
           raise UnknownAlgorithm.new('This feature requires Ruby 2.0+')
         end
+      when oct?
+        self[:k]
       else
         raise UnknownAlgorithm.new('Unknown Key Type')
       end
@@ -62,28 +50,58 @@ module JSON
     private
+    def rsa?
+      self[:kty].try(:to_sym) == :RSA
+    end
+    def ec?
+      self[:kty].try(:to_sym) == :EC
+    end
+    def oct?
+      self[:kty].try(:to_sym) == :oct
+    end
     def normalize
-      case self[:kty].try(:to_sym)
-      when :RSA
+      case
+      when rsa?
         {
-          e: self[:e],
+          e:   self[:e],
           kty: self[:kty],
-          n: self[:n]
+          n:   self[:n]
         }
-      when :EC
+      when ec?
         {
           crv: self[:crv],
           kty: self[:kty],
-          x: self[:x],
-          y: self[:y]
+          x:   self[:x],
+          y:   self[:y]
+        }
+      when oct?
+        {
+          k:   self[:k],
+          kty: self[:kty]
         }
       else
         raise UnknownAlgorithm.new('Unknown Key Type')
       end
     end
-    def full_curve_name
-      case self[:crv].try(:to_sym)
+    def to_rsa_key
+      e, n, d = [:e, :n, :d].collect do |key|
+        if self[key]
+          OpenSSL::BN.new UrlSafeBase64.decode64(self[key]), 2
+        end
+      end
+      key = OpenSSL::PKey::RSA.new
+      key.e = e
+      key.n = n
+      key.d = d if d
+      key
+    end
+    def to_ec_key
+      curve_name = case self[:crv].try(:to_sym)
       when :'P-256'
         'prime256v1'
       when :'P-384'
@@ -91,8 +109,20 @@ module JSON
       when :'P-521'
         'secp521r1'
       else
-        raise UnknownAlgorithm.new('Unknown ECDSA Curve')
+        raise UnknownAlgorithm.new('Unknown EC Curve')
+      end
+      x, y, d = [:x, :y, :d].collect do |key|
+        if self[key]
+          OpenSSL::BN.new UrlSafeBase64.decode64(self[key]), 2
+        end
       end
+      key = OpenSSL::PKey::EC.new curve_name
+      key.private_key = d if d
+      key.public_key = OpenSSL::PKey::EC::Point.new(
+        OpenSSL::PKey::EC::Group.new(curve_name),
+        OpenSSL::BN.new(['04' + x.to_s(16) + y.to_s(16)].pack('H*'), 2)
+      )
+      key
     end
     class << self

data/lib/json/jwk/jwkizable.rb CHANGED

@@ -8,11 +8,7 @@ module JSON
             e: UrlSafeBase64.encode64(e.to_s(2)),
             n: UrlSafeBase64.encode64(n.to_s(2))
           }.merge ex_params
-          if private?
-            params.merge!(
-              d: UrlSafeBase64.encode64(d.to_s(2))
-            )
-          end
+          params[:d] = UrlSafeBase64.encode64(d.to_s(2)) if private?
           JWK.new params
         end
       end
@@ -29,9 +25,10 @@ module JSON
           params = {
             kty: :EC,
             crv: curve_name,
-            x: UrlSafeBase64.encode64(coodinates[:x].to_s),
-            y: UrlSafeBase64.encode64(coodinates[:y].to_s)
+            x: UrlSafeBase64.encode64(coordinates[:x].to_s(2)),
+            y: UrlSafeBase64.encode64(coordinates[:y].to_s(2))
           }.merge ex_params
+          params[:d] = UrlSafeBase64.encode64(coordinates[:d].to_s(2)) if private_key?
           JWK.new params
         end
@@ -50,19 +47,19 @@ module JSON
           end
         end
-        def coodinates
-          unless @coodinates
+        def coordinates
+          unless @coordinates
             hex = public_key.to_bn.to_s(16)
             data_len = hex.length - 2
-            type = hex[0, 2]
             hex_x = hex[2, data_len / 2]
             hex_y = hex[2 + data_len / 2, data_len / 2]
-            @coodinates = {
-              x: [hex_x].pack("H*"),
-              y: [hex_y].pack("H*")
+            @coordinates = {
+              x: OpenSSL::BN.new([hex_x].pack('H*'), 2),
+              y: OpenSSL::BN.new([hex_y].pack('H*'), 2)
             }
+            @coordinates[:d] = private_key if private_key?
           end
-          @coodinates
+          @coordinates
         end
       end
     end

data/lib/json/jws.rb CHANGED

@@ -80,6 +80,7 @@ module JSON
     end
     def sign(signature_base_string, private_key_or_secret)
+      private_key_or_secret = with_jwk_support private_key_or_secret
       case
       when hmac?
         secret = private_key_or_secret
@@ -100,16 +101,7 @@ module JSON
     end
     def valid?(signature_base_string, public_key_or_secret)
-      public_key_or_secret = case public_key_or_secret
-      when JSON::JWK
-        public_key_or_secret.to_key
-      when JSON::JWK::Set
-        public_key_or_secret.detect do |jwk|
-          jwk[:kid] && jwk[:kid] == header[:kid]
-        end.try(:to_key)
-      else
-        public_key_or_secret
-      end
+      public_key_or_secret = with_jwk_support public_key_or_secret
       case
       when hmac?
         secure_compare sign(signature_base_string, public_key_or_secret), signature
@@ -130,6 +122,19 @@ module JSON
       raise UnexpectedAlgorithm.new(e.message)
     end
+    def with_jwk_support(key)
+      case key
+      when JSON::JWK
+        key.to_key
+      when JSON::JWK::Set
+        key.detect do |jwk|
+          jwk[:kid] && jwk[:kid] == header[:kid]
+        end.try(:to_key)
+      else
+        key
+      end
+    end
     def verify_ecdsa_group!(key)
       group_name = case digest.digest_length * 8
       when 256

data/spec/json/jwk_spec.rb CHANGED

@@ -40,7 +40,7 @@ describe JSON::JWK do
   end
   context 'when ECDSA public key given' do
-    let(:expected_coodinates) do
+    let(:expected_coordinates) do
       {
         256 => {
           x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
@@ -61,8 +61,8 @@ describe JSON::JWK do
         let(:jwk) { JSON::JWK.new public_key(:ecdsa, digest_length: digest_length) }
         it { jwk.keys.collect(&:to_sym).should include :kty, :crv, :x, :y }
         its(:kty) { jwk[:kty].should == :EC }
-        its(:x) { jwk[:x].should == expected_coodinates[digest_length][:x] }
-        its(:y) { jwk[:y].should == expected_coodinates[digest_length][:y] }
+        its(:x) { jwk[:x].should == expected_coordinates[digest_length][:x] }
+        its(:y) { jwk[:y].should == expected_coordinates[digest_length][:y] }
       end
     end
@@ -141,20 +141,20 @@ describe JSON::JWK do
           alg: 'EC',
           crv: 'P-256',
           kty: 'EC',
-          x: 'eZXWiRe0I3TvHPXiGnvO944gjF1o4UmitH2CVwYIrPg',
-          y: 'AKFNss7S35tOsp5iY7-YuLGs2cLrTKFk80JvgVzMPHQ3'
+          x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
+          y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
         }, {
           alg: 'EC',
           crv: 'P-384',
           kty: 'EC',
-          x: 'XGp9ovRmtaBjlZKGI1XDBUB6F3d4Xov4JFKUCaeVjMD0_GAp20IB_wZz6howe3yi',
-          y: 'Vhy6zh3KOkDqSA5WP6BtDyS9CZR7RoCCWfwymBB3HIBIR_yl32hnSYXtlwEr2EoK'
+          x: 'plzApyFnK7qzhg5XnIZbFj2hZoH2Vdl4-RFm7DnsNMG9tyqrpfq2RyjfKABbcFRt',
+          y: 'ixBzffhk3fcbmeipGLkvQBNCzeNm6QL3hOUTH6IFBzOL0Y7HsGTopNTTspLjlivb'
         }, {
           alg: 'EC',
           crv: 'P-521',
           kty: 'EC',
-          x: 'KrVaPTvvYmUUSf_1UpwJt_Lg9UT-8OHD_AUd-d7-Q8Rfs4t-lTJ5KEyjbfMzTHsvNulWftuaMH6Ap3l5vbDb2nQ',
-          y: 'AIxSEGvlKlWZiN_Rc3VjBs5oVB5l-JfCZHm2LyZpOxAzWrpjHlK121H2ZngM8Ra8ggKa64hEMDE1fMV__C_EZv9m'
+          x: 'AcMCD-a0a6rnE9TvC0mOqF_DGXRg5Y3iTb4eHNwTm2kD6iujx9M_f8d_FGHr0OhpqzEn4rYPYZouGsbIPEgL0q__',
+          y: 'AULYEd8l-bV_BI289aezhSLZ1RDF2ltgDPEy9Y7YtqYa4cJcpiyzVDMpXWwBp6cjg6TXINkoVrVXZhN404ihu4I2'
         }].each do |jwk|
           describe jwk['crv'] do
             it do

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.2.2
 platform: ruby
 authors:
 - nov matake
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-08-12 00:00:00.000000000 Z
+date: 2015-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json