json-jwt 1.2.3 → 1.2.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of json-jwt might be problematic. Click here for more details.

Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +81 -13
  3. data/VERSION +1 -1
  4. data/lib/json/jwk.rb +2 -5
  5. data/lib/json/jwk/jwkizable.rb +0 -7
  6. data/lib/json/jwk/set.rb +2 -0
  7. data/lib/json/jws.rb +1 -1
  8. data/spec/json/jwk/jwkizable_spec.rb +35 -33
  9. data/spec/json/jwk_spec.rb +77 -94
  10. data/spec/json/jws_spec.rb +45 -1
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1815ea41a4fd9ae6a1d6232259a7956ba070b713
4
- data.tar.gz: 2efa46ef39b82e61e5d58817cd804eb3dd50d053
3
+ metadata.gz: 277237d4a352434fcec5c0ba7b57c9b1a8d11995
4
+ data.tar.gz: efabaf69fe883f6fdfb74a57bab183476a52c7c3
5
5
  SHA512:
6
- metadata.gz: a3ecc9a34475f36916f12242f2293db9d9c5a0382619bf250ef1b5aa5650ae0030cfbcc533a56ebbd63a2f43e065f27322c4dc747fee850310f6d8ecab30ce93
7
- data.tar.gz: e4c2d71d75053fc1357e1d0e88b9f88e048587d11189dfdb934e24f3a74b33f7e9dec885aeb1874ffff16609e4bcae15b893efd68d5e5cf6490a90771a4dd3e3
6
+ metadata.gz: 28b18f91c670f47765b070ce57c0bed07d98f5120c4046e4e4dd4439412e287ce4282a0f2909612bb3a1942260d13bb0c9b36648c9913772c584f5b5b221d1b8
7
+ data.tar.gz: 636e0f99153f0eef1f477dc4bee7ffb7a75a6fa22e1104b83778c8a88bb19ae5a392e7d93a1c6da69573aa6c72fe2febbf18141efa88dc1d544eca41295a68de
data/README.md CHANGED
@@ -81,42 +81,110 @@ jwt_string = "jwt_header.jwt_claims.jwt_signature"
81
81
  JSON::JWT.decode(jwt_string, key)
82
82
  ```
83
83
 
84
+ Supported `key` are
85
+ * `String`
86
+ * `OpenSSL::PKey::RSA`
87
+ * `OpenSSL::PKey::EC`
88
+ * `JSON::JWK`
89
+ * `JSON::JWK::Set` # NOTE: proper `JSON::JWK` in the set will be selected by `kid` in the header.
90
+ * `:skip_verification` # NOTE: skip signature verification
91
+
84
92
  ### JWK
85
93
 
94
+ `JSON::JWK.new` accepts these instances as key inputs
95
+ * `String` # NOTE: for shared key (kty=oct)
96
+ * `OpenSSL::PKey::RSA`
97
+ * `OpenSSL::PKey::EC`
98
+ * `JSON::JWK`
99
+ * `Hash`
100
+
101
+ This gem also defines
102
+ * `OpenSSL::PKey::RSA#to_jwk`
103
+ * `OpenSSL::PKey::EC#to_jwk`
104
+
86
105
  #### RSA
87
106
 
88
107
  ```ruby
89
108
  k = OpenSSL::PKey::RSA.new(2048)
90
- p k.to_jwk
91
- # => JSON::JWK
109
+
110
+ k.to_jwk # NOTE: same with `JSON::JWK.new(k)`
111
+ # => JSON::JWK (private key)
112
+
113
+ k.public_key.to_jwk
114
+ # => JSON::JWK (public key)
115
+ ```
116
+
117
+ ```ruby
118
+ jwk = JSON::JWK.new(
119
+ kty: "RSA",
120
+ e: "AQAB",
121
+ n: "0OIOijENzP0AXnxP-X8Dnazt3m4NTamfNsSCkH4xzgZAJj2Eur9-zmq9IukwN37lIrm3oAE6lL4ytNkv-DQpAivKLE8bh4c9qlB9o32VWyg-mg-2af-JlfGXYoaCW2GDMOV6EKqHBxE0x1EI0tG4gcNwO6A_kYtK6_ACgTQudWz_gnPrL-QCunjIMbbrK9JqgMZhgMARMQpB-j8oet2FFsEcquR5MWtBeAn7qC1AD2ya0EmzplZJP6oCka_VVuxAnyWfRGA0bzCBRIVbcGUXVNIXpRtA_4960e7AlGfMSA-ofN-vo7v0CMkA8BwpZHai9CAJ-cTCX1AVbov83LVIWw",
122
+ d: "BZCgNopMBdQPuHSzZMA_hmnfBHgGHrWQKlNd7x-NkCGWf-5PpPIJHNK3K0DvKetVi3FLNRYTS3ctvqeyoXgyR36HKlsJLrkpqWnvjvV_jygpUs1sXLKUJcyD7foLawfUCO90KxF_-24367967rLrqXldehkw2F3Ppy2Dw5FyU2qBqcpLeruBt6-UdMmBufzNQLisPJ67vhCTVrTNaHDDeCK2gHI3gqsnnbzOMS45VknmFOgKUp1C8GZu5BsT-AdDApEtY-DRZqnr6BxZv4-hG5OdEUA4_LCaI6JwlaAzv0Z74jpBZDC73cXWKJPgVuhARZcll5cexB2_EpgZDB6akQ",
123
+ p: "6GFVNgaXcW39NG-sRqKPzFtz1usfAkdCydPmfZirfHRhSh3OojX3Glbe7BI_SRSOLc2d2xw2_ZwKRlruY44aGEf4s5gD_nKgq2QS-1cA5uNAU91wRtY2rdoAuCnk2BX3WTZPnzyxkokFY0S0R_9IpJhRz72ggxYyhx0ymRUBIWc",
124
+ q: "5h1QX2JWLbcIT_cfrkmMoES1z06Fu88MLORYppiRDqkXl3CJFxKFtKJtDPLTf0MeTFexh81V52Ztsd8UttPInyDl9l5T0AOy8NmqHKqjI1063uy4bnHWetN7ovHftc_TOlnldAoQh9bmhZAhEyGlwa5Kros2YD2amIgDhcOmRO0"
125
+ )
126
+ jwk.to_key
127
+ # => OpenSSL::PKey::RSA (private key)
92
128
 
93
129
  jwk = JSON::JWK.new(
94
130
  kty: "RSA",
95
131
  e: "AQAB",
96
- n: "utwietJHu65N7kIa52bMkKgbS1CGmhKNDx3gTBEvQmQhg1BbKHfdmqapMt699T-aloeslYxeO9ItOhprnE0vG-pbDUE7Jg51gtK6kjpLFZOLNpRHJnRikyF6dav1IdJa4fSpOiEJiHk_DuFnAMI04_1H_NISn1TzEBflbyb6BSyIPkfO9433zR2-clvHdIXppq-N272vHA64Xp5hslzY91QodXo5--9iIblPVxzd9aH-aBMSkRbmlIKuz14tWhR-6RLNsWtqxWfKvgeoBLh5e9E5MrlNuRnaaLqHOMWrW1l9985eqmCD3PD4wjwINFKrU4L0fMBCHgCDAZLhbLfUJw",
97
- d: "NtFBpDpwJNT7s7vc3KnBtWY7q5qSAj0S-K5REL-x1448bqNyOqr_bdEarfu-SmZAWYyvyqeFNZNxBSyfCRlzioLz9y19xqpTOu_LH_7N7CR-oKJbRSK7kGIv5Llvjl6BnuwBgTYT799x6lGhwA05KvEw3zBZmjh3ne8Etdj_W-i2LDBDUimgmVrgXWY1KvWFgh2zpptIINX2Q8UxV121bdcBIbj008Cs64m2mMpaa3ggqqNoXnYb8HnJDnYx-WIbUMHJ2-hpZAsVFNet8ZVEMt4cTKaTHY23m9Ditj-7VfFzkoiH9Yj45ewJMpcssadnAPrBgKbjTFuTdJfP8IqMoQ"
132
+ n: "0OIOijENzP0AXnxP-X8Dnazt3m4NTamfNsSCkH4xzgZAJj2Eur9-zmq9IukwN37lIrm3oAE6lL4ytNkv-DQpAivKLE8bh4c9qlB9o32VWyg-mg-2af-JlfGXYoaCW2GDMOV6EKqHBxE0x1EI0tG4gcNwO6A_kYtK6_ACgTQudWz_gnPrL-QCunjIMbbrK9JqgMZhgMARMQpB-j8oet2FFsEcquR5MWtBeAn7qC1AD2ya0EmzplZJP6oCka_VVuxAnyWfRGA0bzCBRIVbcGUXVNIXpRtA_4960e7AlGfMSA-ofN-vo7v0CMkA8BwpZHai9CAJ-cTCX1AVbov83LVIWw"
98
133
  )
99
134
  jwk.to_key
100
- # => OpenSSL::PKey::RSA
135
+ # => OpenSSL::PKey::RSA (public key)
101
136
  ```
102
137
 
103
138
  #### EC
104
139
 
105
140
  ```ruby
106
- k = OpenSSL::PKey::RSA.new(2048)
141
+ k = OpenSSL::PKey::EC.new('prime256v1').generate_key
142
+
143
+ k.to_jwk
144
+ # => JSON::JWK (private key)
145
+
146
+ k.private_key = nil
107
147
  k.to_jwk
148
+ # => JSON::JWK (public key)
149
+ ```
150
+
151
+ ```ruby
152
+ jwk = JSON::JWK.new(
153
+ kty: "EC",
154
+ crv: "P-256",
155
+ x: "D4L5V9QocZvfuEEGfGD5YCEbIcXR-KfF7RqqZUaovJ8",
156
+ y: "VX0T94KUo0YkhuvT2q0MXMOTtfaIjDS4fb9ii54g4gU",
157
+ d: "MCOTV6Ncg7KTuGh1hTa029ZVkqdlaXaYnfLSkZjJ_uE"
158
+ )
159
+ jwk.to_key
160
+ # => OpenSSL::PKey::EC (private key)
161
+
162
+ jwk = JSON::JWK.new(
163
+ kty: "EC",
164
+ crv: "P-256",
165
+ x: "D4L5V9QocZvfuEEGfGD5YCEbIcXR-KfF7RqqZUaovJ8",
166
+ y: "VX0T94KUo0YkhuvT2q0MXMOTtfaIjDS4fb9ii54g4gU"
167
+ )
168
+ jwk.to_key
169
+ # => OpenSSL::PKey::EC (public key)
170
+ ```
171
+
172
+ #### oct
173
+
174
+ NOTE: no `String#to_jwk` is defined for now.
175
+
176
+ ```ruby
177
+ JSON::JWK.new 'secret'
108
178
  # => JSON::JWK
179
+ ```
109
180
 
181
+ ```ruby
110
182
  jwk = JSON::JWK.new(
111
- kty: "RSA",
112
- e: "AQAB",
113
- n: "0OIOijENzP0AXnxP-X8Dnazt3m4NTamfNsSCkH4xzgZAJj2Eur9-zmq9IukwN37lIrm3oAE6lL4ytNkv-DQpAivKLE8bh4c9qlB9o32VWyg-mg-2af-JlfGXYoaCW2GDMOV6EKqHBxE0x1EI0tG4gcNwO6A_kYtK6_ACgTQudWz_gnPrL-QCunjIMbbrK9JqgMZhgMARMQpB-j8oet2FFsEcquR5MWtBeAn7qC1AD2ya0EmzplZJP6oCka_VVuxAnyWfRGA0bzCBRIVbcGUXVNIXpRtA_4960e7AlGfMSA-ofN-vo7v0CMkA8BwpZHai9CAJ-cTCX1AVbov83LVIWw",
114
- d: "BZCgNopMBdQPuHSzZMA_hmnfBHgGHrWQKlNd7x-NkCGWf-5PpPIJHNK3K0DvKetVi3FLNRYTS3ctvqeyoXgyR36HKlsJLrkpqWnvjvV_jygpUs1sXLKUJcyD7foLawfUCO90KxF_-24367967rLrqXldehkw2F3Ppy2Dw5FyU2qBqcpLeruBt6-UdMmBufzNQLisPJ67vhCTVrTNaHDDeCK2gHI3gqsnnbzOMS45VknmFOgKUp1C8GZu5BsT-AdDApEtY-DRZqnr6BxZv4-hG5OdEUA4_LCaI6JwlaAzv0Z74jpBZDC73cXWKJPgVuhARZcll5cexB2_EpgZDB6akQ",
115
- p: "6GFVNgaXcW39NG-sRqKPzFtz1usfAkdCydPmfZirfHRhSh3OojX3Glbe7BI_SRSOLc2d2xw2_ZwKRlruY44aGEf4s5gD_nKgq2QS-1cA5uNAU91wRtY2rdoAuCnk2BX3WTZPnzyxkokFY0S0R_9IpJhRz72ggxYyhx0ymRUBIWc",
116
- q: "5h1QX2JWLbcIT_cfrkmMoES1z06Fu88MLORYppiRDqkXl3CJFxKFtKJtDPLTf0MeTFexh81V52Ztsd8UttPInyDl9l5T0AOy8NmqHKqjI1063uy4bnHWetN7ovHftc_TOlnldAoQh9bmhZAhEyGlwa5Kros2YD2amIgDhcOmRO0"
183
+ kty: "oct",
184
+ k: "secret"
117
185
  )
118
186
  jwk.to_key
119
- # => OpenSSL::PKey::EC
187
+ # => String
120
188
  ```
121
189
 
122
190
  ## Note on Patches/Pull Requests
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.2.3
1
+ 1.2.4
data/lib/json/jwk.rb CHANGED
@@ -13,6 +13,7 @@ module JSON
13
13
  k: params,
14
14
  kty: :oct
15
15
  )
16
+ merge! ex_params
16
17
  else
17
18
  super params
18
19
  merge! ex_params
@@ -40,11 +41,7 @@ module JSON
40
41
  when rsa?
41
42
  to_rsa_key
42
43
  when ec?
43
- if RUBY_VERSION >= '2.0.0'
44
- to_ec_key
45
- else
46
- raise UnknownAlgorithm.new('This feature requires Ruby 2.0+')
47
- end
44
+ to_ec_key
48
45
  when oct?
49
46
  self[:k]
50
47
  else
data/lib/json/jwk/jwkizable.rb CHANGED
@@ -21,13 +21,6 @@ module JSON
21
21
 
22
22
  module EC
23
23
  def to_jwk(ex_params = {})
24
- # NOTE:
25
- # OpenSSL::PKey::EC instance can be both public & private key at the same time.
26
- # In such case, is it handled as public key or private key?
27
- # For now, this gem handles any OpenSSL::PKey::EC instances as public key.
28
- unless public_key?
29
- raise UnknownAlgorithm.new('EC private key is not supported yet')
30
- end
31
24
  params = {
32
25
  kty: :EC,
33
26
  crv: curve_name,
data/lib/json/jwk/set.rb CHANGED
@@ -1,6 +1,8 @@
1
1
  module JSON
2
2
  class JWK
3
3
  class Set < Array
4
+ class KidNotFound < JWT::Exception; end
5
+
4
6
  def initialize(*jwks)
5
7
  jwks = Array(jwks).flatten.collect do |jwk|
6
8
  JWK.new jwk
data/lib/json/jws.rb CHANGED
@@ -129,7 +129,7 @@ module JSON
129
129
  when JSON::JWK::Set
130
130
  key.detect do |jwk|
131
131
  jwk[:kid] && jwk[:kid] == header[:kid]
132
- end.try(:to_key)
132
+ end.try(:to_key) or raise JWK::Set::KidNotFound
133
133
  else
134
134
  key
135
135
  end
data/spec/json/jwk/jwkizable_spec.rb CHANGED
@@ -1,46 +1,48 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe JSON::JWK::JWKizable do
4
- shared_examples_for :jwkizable do
5
- describe '#to_jwk' do
6
- it { key.to_jwk.should be_instance_of JSON::JWK }
7
- it { key.to_jwk.should include *expected_attributes.collect(&:to_s) }
8
- end
9
- end
4
+ describe '#to_jwk' do
5
+ subject { key.to_jwk }
10
6
 
11
- describe OpenSSL::PKey::RSA do
12
- describe :public_key do
13
- let(:key) { public_key :rsa }
14
- let(:expected_attributes) { [:kty, :n, :e] }
15
- it_behaves_like :jwkizable
7
+ shared_examples_for :jwkizable_as_public do
8
+ it { should be_instance_of JSON::JWK }
9
+ it { should include *public_key_attributes.collect(&:to_s) }
10
+ it { should_not include *private_key_attributes.collect(&:to_s) }
16
11
  end
17
12
 
18
- describe :private_key do
19
- let(:key) { private_key :rsa }
20
- let(:expected_attributes) { [:kty, :n, :e, :d] }
21
- it_behaves_like :jwkizable
13
+ shared_examples_for :jwkizable_as_private do
14
+ it { should be_instance_of JSON::JWK }
15
+ it { should include *public_key_attributes.collect(&:to_s) }
16
+ it { should include *private_key_attributes.collect(&:to_s) }
22
17
  end
23
- end
24
18
 
25
- describe OpenSSL::PKey::EC do
26
- describe :public_key do
27
- let(:key) { public_key :ecdsa }
28
- let(:expected_attributes) { [:kty, :crv, :x, :y] }
29
- it_behaves_like :jwkizable
19
+ describe OpenSSL::PKey::RSA do
20
+ let(:public_key_attributes) { [:kty, :n, :e] }
21
+ let(:private_key_attributes) { [:d, :p, :q] }
22
+
23
+ describe :public_key do
24
+ let(:key) { public_key :rsa }
25
+ it_behaves_like :jwkizable_as_public
26
+ end
27
+
28
+ describe :private_key do
29
+ let(:key) { private_key :rsa }
30
+ it_behaves_like :jwkizable_as_private
31
+ end
30
32
  end
31
33
 
32
- describe :private_key do
33
- let(:key) { private_key :ecdsa }
34
- let(:expected_attributes) { [:kty, :crv, :x, :y] } # NOTE: handled as public key
35
- it_behaves_like :jwkizable
36
-
37
- context 'when public key is not contained' do
38
- before { key.public_key = nil }
39
- it do
40
- expect do
41
- key.to_jwk
42
- end.to raise_error JSON::JWK::UnknownAlgorithm, 'EC private key is not supported yet'
43
- end
34
+ describe OpenSSL::PKey::EC do
35
+ let(:public_key_attributes) { [:kty, :crv, :x, :y] }
36
+ let(:private_key_attributes) { [:d] }
37
+
38
+ describe :public_key do
39
+ let(:key) { public_key :ecdsa }
40
+ it_behaves_like :jwkizable_as_public
41
+ end
42
+
43
+ describe :private_key do
44
+ let(:key) { private_key :ecdsa }
45
+ it_behaves_like :jwkizable_as_private
44
46
  end
45
47
  end
46
48
  end
data/spec/json/jwk_spec.rb CHANGED
@@ -72,9 +72,14 @@ describe JSON::JWK do
72
72
  it { should == '6v7pXTnQLMiQgvJlPJUdhAUSuGLzgF8C1r3ABAMFet6bc53ea-Pq4ZGbGu3RoAFsNRT1-RhTzDqtqXuLU6NOtw' }
73
73
  end
74
74
  end
75
+
76
+ describe '#to_key' do
77
+ it { jwk.to_key.should be_instance_of OpenSSL::PKey::RSA }
78
+ end
75
79
  end
76
80
 
77
- context 'when ECDSA public key given' do
81
+ context 'when EC public key given' do
82
+ let(:jwk) { JSON::JWK.new public_key(:ecdsa) }
78
83
  let(:expected_coordinates) do
79
84
  {
80
85
  256 => {
@@ -91,6 +96,7 @@ describe JSON::JWK do
91
96
  }
92
97
  }
93
98
  end
99
+
94
100
  [256, 384, 512].each do |digest_length|
95
101
  describe "EC#{digest_length}" do
96
102
  let(:jwk) { JSON::JWK.new public_key(:ecdsa, digest_length: digest_length) }
@@ -109,49 +115,52 @@ describe JSON::JWK do
109
115
  end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown EC Curve'
110
116
  end
111
117
  end
112
- end
113
118
 
114
- describe 'unknown key type' do
115
- it do
116
- key = OpenSSL::PKey::DSA.generate 256
117
- expect do
118
- JSON::JWK.new key
119
- end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Key Type'
119
+ describe '#thumbprint' do
120
+ context 'using default hash function' do
121
+ subject { jwk.thumbprint }
122
+ it { should == '-egRpLjyZCqxBh4OOfd8JSvXwayHmNFAUNkbi8exfhc' }
123
+ end
124
+
125
+ context 'using SHA512 hash function' do
126
+ subject { jwk.thumbprint :SHA512 }
127
+ it { should == 'B_yXDZJ9doudaVCj5q5vqxshvVtW2IFnz_ypvRt5O60gemkDAhO78L6YMyTWH0ZRm15cO2_laTSaNO9yZQFsvQ' }
128
+ end
129
+ end
130
+
131
+ describe '#to_key' do
132
+ it { jwk.to_key.should be_instance_of OpenSSL::PKey::EC }
120
133
  end
121
134
  end
122
135
 
123
- describe '#thumbprint' do
124
- context 'when kty=RSA' do
125
- subject do
126
- JSON::JWK.new(
127
- kty: :RSA,
128
- e: 'AQAB',
129
- n: '0OIOijENzP0AXnxP-X8Dnazt3m4NTamfNsSCkH4xzgZAJj2Eur9-zmq9IukwN37lIrm3oAE6lL4ytNkv-DQpAivKLE8bh4c9qlB9o32VWyg-mg-2af-JlfGXYoaCW2GDMOV6EKqHBxE0x1EI0tG4gcNwO6A_kYtK6_ACgTQudWz_gnPrL-QCunjIMbbrK9JqgMZhgMARMQpB-j8oet2FFsEcquR5MWtBeAn7qC1AD2ya0EmzplZJP6oCka_VVuxAnyWfRGA0bzCBRIVbcGUXVNIXpRtA_4960e7AlGfMSA-ofN-vo7v0CMkA8BwpZHai9CAJ-cTCX1AVbov83LVIWw'
130
- )
136
+ context 'when shared secret given' do
137
+ let(:jwk) { JSON::JWK.new 'secret' }
138
+ its(:kty) { jwk[:kty].should == :oct }
139
+ its(:x) { jwk[:k].should == 'secret' }
140
+
141
+ describe '#thumbprint' do
142
+ context 'using default hash function' do
143
+ subject { jwk.thumbprint }
144
+ it { should == 'XZPWsTEZFIerowAF9GHzBtq5CkAOcVvIBnkMu0IIQH0' }
131
145
  end
132
- its(:thumbprint) { should == 'fFn3D1P0H7Qo1ugQ-5LM6LC63LtArbkPsbQcs2F-1yA' }
133
- end
134
146
 
135
- context 'when kty=EC' do
136
- subject do
137
- JSON::JWK.new(
138
- kty: 'EC',
139
- crv: 'P-256',
140
- x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
141
- y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
142
- )
147
+ context 'using SHA512 hash function' do
148
+ subject { jwk.thumbprint :SHA512 }
149
+ it { should == 'rK7EtcEe9Xr0kryR9lNnyOTRe7Vb_BglbTBtbcVG2LzvL26_PFaMCwOtiUiXWfCK-wV8vcxjmvbcvV4ZxDE0FQ' }
143
150
  end
144
- its(:thumbprint) { should == '-egRpLjyZCqxBh4OOfd8JSvXwayHmNFAUNkbi8exfhc' }
145
151
  end
146
152
 
147
- context 'when kty=oct' do
148
- subject do
149
- JSON::JWK.new(
150
- kty: 'oct',
151
- k: 'secret'
152
- )
153
- end
154
- its(:thumbprint) { should == 'XZPWsTEZFIerowAF9GHzBtq5CkAOcVvIBnkMu0IIQH0' }
153
+ describe '#to_key' do
154
+ it { jwk.to_key.should be_instance_of String }
155
+ end
156
+ end
157
+
158
+ describe 'unknown key type' do
159
+ it do
160
+ key = OpenSSL::PKey::DSA.generate 256
161
+ expect do
162
+ JSON::JWK.new key
163
+ end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Key Type'
155
164
  end
156
165
  end
157
166
 
@@ -167,30 +176,17 @@ describe JSON::JWK do
167
176
  let(:e) { 'AQAB' }
168
177
  let(:n) { 'AK8ppaAGn6N3jDic2DhDN5mI5mWzvhfL1AFZOS9q2EBM8L5sjZbYiaHeNoKillZGmEF9a9g6Z20bDnoHTuHPsx93HYkZqPumFZ8K9lLCbqKAMWw2Qgk10RgrZ-kblJotTBCeer9-tZSWO-OWFzP4gp8MpSuQOQbwTJwDgEkFIQLUK2YgzWbn1PoW8xcfbVyWhZD880ELGRW6GhRgYAl0DN_EQS8kyUa0CusYCzOOg2W3-7qjYeojyP6jiOEr-eyjC7hcUvTVoTfz84BiZv72KS3i5JS8ZNNuRp5Ce51wjoDDUoNxDLWv6Da6qMaGpKz6NTSNbvhE_KFhpp4wf5yRQD8=' }
169
178
  let(:pem) do
170
- if RUBY_VERSION >= '1.9.3'
171
- <<-PEM.strip_heredoc
172
- -----BEGIN PUBLIC KEY-----
173
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
174
- mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
175
- H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
176
- nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
177
- 38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
178
- LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
179
- PwIDAQAB
180
- -----END PUBLIC KEY-----
181
- PEM
182
- else
183
- <<-PEM.strip_heredoc
184
- -----BEGIN RSA PUBLIC KEY-----
185
- MIIBCgKCAQEArymloAafo3eMOJzYOEM3mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJ
186
- od42gqKWVkaYQX1r2DpnbRsOegdO4c+zH3cdiRmo+6YVnwr2UsJuooAxbDZCCTXR
187
- GCtn6RuUmi1MEJ56v361lJY745YXM/iCnwylK5A5BvBMnAOASQUhAtQrZiDNZufU
188
- +hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI
189
- /qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYpLeLklLxk025GnkJ7nXCOgMNSg3EMta/o
190
- NrqoxoakrPo1NI1u+ET8oWGmnjB/nJFAPwIDAQAB
191
- -----END RSA PUBLIC KEY-----
192
- PEM
193
- end
179
+ <<-PEM.strip_heredoc
180
+ -----BEGIN PUBLIC KEY-----
181
+ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
182
+ mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
183
+ H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
184
+ nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
185
+ 38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
186
+ LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
187
+ PwIDAQAB
188
+ -----END PUBLIC KEY-----
189
+ PEM
194
190
  end
195
191
 
196
192
  it { should be_instance_of OpenSSL::PKey::RSA }
@@ -206,43 +202,30 @@ describe JSON::JWK do
206
202
  end
207
203
 
208
204
  context 'when ECDSA' do
209
- if RUBY_VERSION >= '2.0.0'
210
- [{
211
- alg: 'EC',
212
- crv: 'P-256',
213
- kty: 'EC',
214
- x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
215
- y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
216
- }, {
217
- alg: 'EC',
218
- crv: 'P-384',
219
- kty: 'EC',
220
- x: 'plzApyFnK7qzhg5XnIZbFj2hZoH2Vdl4-RFm7DnsNMG9tyqrpfq2RyjfKABbcFRt',
221
- y: 'ixBzffhk3fcbmeipGLkvQBNCzeNm6QL3hOUTH6IFBzOL0Y7HsGTopNTTspLjlivb'
222
- }, {
223
- alg: 'EC',
224
- crv: 'P-521',
225
- kty: 'EC',
226
- x: 'AcMCD-a0a6rnE9TvC0mOqF_DGXRg5Y3iTb4eHNwTm2kD6iujx9M_f8d_FGHr0OhpqzEn4rYPYZouGsbIPEgL0q__',
227
- y: 'AULYEd8l-bV_BI289aezhSLZ1RDF2ltgDPEy9Y7YtqYa4cJcpiyzVDMpXWwBp6cjg6TXINkoVrVXZhN404ihu4I2'
228
- }].each do |jwk|
229
- describe jwk['crv'] do
230
- it do
231
- JSON::JWK.decode(jwk).should be_instance_of OpenSSL::PKey::EC
232
- end
205
+ [{
206
+ alg: 'EC',
207
+ crv: 'P-256',
208
+ kty: 'EC',
209
+ x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
210
+ y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
211
+ }, {
212
+ alg: 'EC',
213
+ crv: 'P-384',
214
+ kty: 'EC',
215
+ x: 'plzApyFnK7qzhg5XnIZbFj2hZoH2Vdl4-RFm7DnsNMG9tyqrpfq2RyjfKABbcFRt',
216
+ y: 'ixBzffhk3fcbmeipGLkvQBNCzeNm6QL3hOUTH6IFBzOL0Y7HsGTopNTTspLjlivb'
217
+ }, {
218
+ alg: 'EC',
219
+ crv: 'P-521',
220
+ kty: 'EC',
221
+ x: 'AcMCD-a0a6rnE9TvC0mOqF_DGXRg5Y3iTb4eHNwTm2kD6iujx9M_f8d_FGHr0OhpqzEn4rYPYZouGsbIPEgL0q__',
222
+ y: 'AULYEd8l-bV_BI289aezhSLZ1RDF2ltgDPEy9Y7YtqYa4cJcpiyzVDMpXWwBp6cjg6TXINkoVrVXZhN404ihu4I2'
223
+ }].each do |jwk|
224
+ describe jwk['crv'] do
225
+ it do
226
+ JSON::JWK.decode(jwk).should be_instance_of OpenSSL::PKey::EC
233
227
  end
234
228
  end
235
- else
236
- it do
237
- expect do
238
- JSON::JWK.decode(
239
- kty: :EC,
240
- crv: 'P-256',
241
- x: 'MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4',
242
- y: '4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM'
243
- )
244
- end.to raise_error JSON::JWK::UnknownAlgorithm
245
- end
246
229
  end
247
230
  end
248
231
 
data/spec/json/jws_spec.rb CHANGED
@@ -122,7 +122,26 @@ describe JSON::JWS do
122
122
  end
123
123
 
124
124
  context 'when JSON::JWK::Set key given' do
125
- it :TODO
125
+ let(:alg) { :HS256 }
126
+ let(:kid) { 'kid' }
127
+ let(:jwks) do
128
+ jwk = JSON::JWK.new shared_secret, kid: kid
129
+ JSON::JWK::Set.new jwk, JSON::JWK.new('another')
130
+ end
131
+ let(:signed) { jws.sign!(jwks) }
132
+
133
+ context 'when jwk is found by given kid' do
134
+ before { jws.header[:kid] = kid }
135
+ it { should == jws.sign!('secret') }
136
+ end
137
+
138
+ context 'otherwise' do
139
+ it do
140
+ expect do
141
+ subject
142
+ end.to raise_error JSON::JWK::Set::KidNotFound
143
+ end
144
+ end
126
145
  end
127
146
 
128
147
  describe 'unknown algorithm' do
@@ -211,6 +230,31 @@ describe JSON::JWS do
211
230
  end
212
231
  end
213
232
 
233
+ context 'when JSON::JWK::Set key given' do
234
+ subject { JSON::JWT.decode signed.to_s, jwks }
235
+
236
+ let(:alg) { :HS256 }
237
+ let(:kid) { 'kid' }
238
+ let(:jwks) do
239
+ jwk = JSON::JWK.new shared_secret, kid: kid
240
+ JSON::JWK::Set.new jwk, JSON::JWK.new('another')
241
+ end
242
+ let(:signed) { jws.sign!(jwks) }
243
+
244
+ context 'when jwk is found by given kid' do
245
+ before { jws.header[:kid] = kid }
246
+ it { should == signed }
247
+ end
248
+
249
+ context 'otherwise' do
250
+ it do
251
+ expect do
252
+ subject
253
+ end.to raise_error JSON::JWK::Set::KidNotFound
254
+ end
255
+ end
256
+ end
257
+
214
258
  describe 'unknown algorithm' do
215
259
  let(:alg) { :unknown }
216
260
  it do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.3
4
+ version: 1.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-13 00:00:00.000000000 Z
11
+ date: 2015-08-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: multi_json