json-jwt 1.2.3 → 1.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +81 -13
- data/VERSION +1 -1
- data/lib/json/jwk.rb +2 -5
- data/lib/json/jwk/jwkizable.rb +0 -7
- data/lib/json/jwk/set.rb +2 -0
- data/lib/json/jws.rb +1 -1
- data/spec/json/jwk/jwkizable_spec.rb +35 -33
- data/spec/json/jwk_spec.rb +77 -94
- data/spec/json/jws_spec.rb +45 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 277237d4a352434fcec5c0ba7b57c9b1a8d11995
|
4
|
+
data.tar.gz: efabaf69fe883f6fdfb74a57bab183476a52c7c3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 28b18f91c670f47765b070ce57c0bed07d98f5120c4046e4e4dd4439412e287ce4282a0f2909612bb3a1942260d13bb0c9b36648c9913772c584f5b5b221d1b8
|
7
|
+
data.tar.gz: 636e0f99153f0eef1f477dc4bee7ffb7a75a6fa22e1104b83778c8a88bb19ae5a392e7d93a1c6da69573aa6c72fe2febbf18141efa88dc1d544eca41295a68de
|
data/README.md
CHANGED
@@ -81,42 +81,110 @@ jwt_string = "jwt_header.jwt_claims.jwt_signature"
|
|
81
81
|
JSON::JWT.decode(jwt_string, key)
|
82
82
|
```
|
83
83
|
|
84
|
+
Supported `key` are
|
85
|
+
* `String`
|
86
|
+
* `OpenSSL::PKey::RSA`
|
87
|
+
* `OpenSSL::PKey::EC`
|
88
|
+
* `JSON::JWK`
|
89
|
+
* `JSON::JWK::Set` # NOTE: proper `JSON::JWK` in the set will be selected by `kid` in the header.
|
90
|
+
* `:skip_verification` # NOTE: skip signature verification
|
91
|
+
|
84
92
|
### JWK
|
85
93
|
|
94
|
+
`JSON::JWK.new` accepts these instances as key inputs
|
95
|
+
* `String` # NOTE: for shared key (kty=oct)
|
96
|
+
* `OpenSSL::PKey::RSA`
|
97
|
+
* `OpenSSL::PKey::EC`
|
98
|
+
* `JSON::JWK`
|
99
|
+
* `Hash`
|
100
|
+
|
101
|
+
This gem also defines
|
102
|
+
* `OpenSSL::PKey::RSA#to_jwk`
|
103
|
+
* `OpenSSL::PKey::EC#to_jwk`
|
104
|
+
|
86
105
|
#### RSA
|
87
106
|
|
88
107
|
```ruby
|
89
108
|
k = OpenSSL::PKey::RSA.new(2048)
|
90
|
-
|
91
|
-
#
|
109
|
+
|
110
|
+
k.to_jwk # NOTE: same with `JSON::JWK.new(k)`
|
111
|
+
# => JSON::JWK (private key)
|
112
|
+
|
113
|
+
k.public_key.to_jwk
|
114
|
+
# => JSON::JWK (public key)
|
115
|
+
```
|
116
|
+
|
117
|
+
```ruby
|
118
|
+
jwk = JSON::JWK.new(
|
119
|
+
kty: "RSA",
|
120
|
+
e: "AQAB",
|
121
|
+
n: "0OIOijENzP0AXnxP-X8Dnazt3m4NTamfNsSCkH4xzgZAJj2Eur9-zmq9IukwN37lIrm3oAE6lL4ytNkv-DQpAivKLE8bh4c9qlB9o32VWyg-mg-2af-JlfGXYoaCW2GDMOV6EKqHBxE0x1EI0tG4gcNwO6A_kYtK6_ACgTQudWz_gnPrL-QCunjIMbbrK9JqgMZhgMARMQpB-j8oet2FFsEcquR5MWtBeAn7qC1AD2ya0EmzplZJP6oCka_VVuxAnyWfRGA0bzCBRIVbcGUXVNIXpRtA_4960e7AlGfMSA-ofN-vo7v0CMkA8BwpZHai9CAJ-cTCX1AVbov83LVIWw",
|
122
|
+
d: "BZCgNopMBdQPuHSzZMA_hmnfBHgGHrWQKlNd7x-NkCGWf-5PpPIJHNK3K0DvKetVi3FLNRYTS3ctvqeyoXgyR36HKlsJLrkpqWnvjvV_jygpUs1sXLKUJcyD7foLawfUCO90KxF_-24367967rLrqXldehkw2F3Ppy2Dw5FyU2qBqcpLeruBt6-UdMmBufzNQLisPJ67vhCTVrTNaHDDeCK2gHI3gqsnnbzOMS45VknmFOgKUp1C8GZu5BsT-AdDApEtY-DRZqnr6BxZv4-hG5OdEUA4_LCaI6JwlaAzv0Z74jpBZDC73cXWKJPgVuhARZcll5cexB2_EpgZDB6akQ",
|
123
|
+
p: "6GFVNgaXcW39NG-sRqKPzFtz1usfAkdCydPmfZirfHRhSh3OojX3Glbe7BI_SRSOLc2d2xw2_ZwKRlruY44aGEf4s5gD_nKgq2QS-1cA5uNAU91wRtY2rdoAuCnk2BX3WTZPnzyxkokFY0S0R_9IpJhRz72ggxYyhx0ymRUBIWc",
|
124
|
+
q: "5h1QX2JWLbcIT_cfrkmMoES1z06Fu88MLORYppiRDqkXl3CJFxKFtKJtDPLTf0MeTFexh81V52Ztsd8UttPInyDl9l5T0AOy8NmqHKqjI1063uy4bnHWetN7ovHftc_TOlnldAoQh9bmhZAhEyGlwa5Kros2YD2amIgDhcOmRO0"
|
125
|
+
)
|
126
|
+
jwk.to_key
|
127
|
+
# => OpenSSL::PKey::RSA (private key)
|
92
128
|
|
93
129
|
jwk = JSON::JWK.new(
|
94
130
|
kty: "RSA",
|
95
131
|
e: "AQAB",
|
96
|
-
n: "
|
97
|
-
d: "NtFBpDpwJNT7s7vc3KnBtWY7q5qSAj0S-K5REL-x1448bqNyOqr_bdEarfu-SmZAWYyvyqeFNZNxBSyfCRlzioLz9y19xqpTOu_LH_7N7CR-oKJbRSK7kGIv5Llvjl6BnuwBgTYT799x6lGhwA05KvEw3zBZmjh3ne8Etdj_W-i2LDBDUimgmVrgXWY1KvWFgh2zpptIINX2Q8UxV121bdcBIbj008Cs64m2mMpaa3ggqqNoXnYb8HnJDnYx-WIbUMHJ2-hpZAsVFNet8ZVEMt4cTKaTHY23m9Ditj-7VfFzkoiH9Yj45ewJMpcssadnAPrBgKbjTFuTdJfP8IqMoQ"
|
132
|
+
n: "0OIOijENzP0AXnxP-X8Dnazt3m4NTamfNsSCkH4xzgZAJj2Eur9-zmq9IukwN37lIrm3oAE6lL4ytNkv-DQpAivKLE8bh4c9qlB9o32VWyg-mg-2af-JlfGXYoaCW2GDMOV6EKqHBxE0x1EI0tG4gcNwO6A_kYtK6_ACgTQudWz_gnPrL-QCunjIMbbrK9JqgMZhgMARMQpB-j8oet2FFsEcquR5MWtBeAn7qC1AD2ya0EmzplZJP6oCka_VVuxAnyWfRGA0bzCBRIVbcGUXVNIXpRtA_4960e7AlGfMSA-ofN-vo7v0CMkA8BwpZHai9CAJ-cTCX1AVbov83LVIWw"
|
98
133
|
)
|
99
134
|
jwk.to_key
|
100
|
-
# => OpenSSL::PKey::RSA
|
135
|
+
# => OpenSSL::PKey::RSA (public key)
|
101
136
|
```
|
102
137
|
|
103
138
|
#### EC
|
104
139
|
|
105
140
|
```ruby
|
106
|
-
k = OpenSSL::PKey::
|
141
|
+
k = OpenSSL::PKey::EC.new('prime256v1').generate_key
|
142
|
+
|
143
|
+
k.to_jwk
|
144
|
+
# => JSON::JWK (private key)
|
145
|
+
|
146
|
+
k.private_key = nil
|
107
147
|
k.to_jwk
|
148
|
+
# => JSON::JWK (public key)
|
149
|
+
```
|
150
|
+
|
151
|
+
```ruby
|
152
|
+
jwk = JSON::JWK.new(
|
153
|
+
kty: "EC",
|
154
|
+
crv: "P-256",
|
155
|
+
x: "D4L5V9QocZvfuEEGfGD5YCEbIcXR-KfF7RqqZUaovJ8",
|
156
|
+
y: "VX0T94KUo0YkhuvT2q0MXMOTtfaIjDS4fb9ii54g4gU",
|
157
|
+
d: "MCOTV6Ncg7KTuGh1hTa029ZVkqdlaXaYnfLSkZjJ_uE"
|
158
|
+
)
|
159
|
+
jwk.to_key
|
160
|
+
# => OpenSSL::PKey::EC (private key)
|
161
|
+
|
162
|
+
jwk = JSON::JWK.new(
|
163
|
+
kty: "EC",
|
164
|
+
crv: "P-256",
|
165
|
+
x: "D4L5V9QocZvfuEEGfGD5YCEbIcXR-KfF7RqqZUaovJ8",
|
166
|
+
y: "VX0T94KUo0YkhuvT2q0MXMOTtfaIjDS4fb9ii54g4gU"
|
167
|
+
)
|
168
|
+
jwk.to_key
|
169
|
+
# => OpenSSL::PKey::EC (public key)
|
170
|
+
```
|
171
|
+
|
172
|
+
#### oct
|
173
|
+
|
174
|
+
NOTE: no `String#to_jwk` is defined for now.
|
175
|
+
|
176
|
+
```ruby
|
177
|
+
JSON::JWK.new 'secret'
|
108
178
|
# => JSON::JWK
|
179
|
+
```
|
109
180
|
|
181
|
+
```ruby
|
110
182
|
jwk = JSON::JWK.new(
|
111
|
-
kty: "
|
112
|
-
|
113
|
-
n: "0OIOijENzP0AXnxP-X8Dnazt3m4NTamfNsSCkH4xzgZAJj2Eur9-zmq9IukwN37lIrm3oAE6lL4ytNkv-DQpAivKLE8bh4c9qlB9o32VWyg-mg-2af-JlfGXYoaCW2GDMOV6EKqHBxE0x1EI0tG4gcNwO6A_kYtK6_ACgTQudWz_gnPrL-QCunjIMbbrK9JqgMZhgMARMQpB-j8oet2FFsEcquR5MWtBeAn7qC1AD2ya0EmzplZJP6oCka_VVuxAnyWfRGA0bzCBRIVbcGUXVNIXpRtA_4960e7AlGfMSA-ofN-vo7v0CMkA8BwpZHai9CAJ-cTCX1AVbov83LVIWw",
|
114
|
-
d: "BZCgNopMBdQPuHSzZMA_hmnfBHgGHrWQKlNd7x-NkCGWf-5PpPIJHNK3K0DvKetVi3FLNRYTS3ctvqeyoXgyR36HKlsJLrkpqWnvjvV_jygpUs1sXLKUJcyD7foLawfUCO90KxF_-24367967rLrqXldehkw2F3Ppy2Dw5FyU2qBqcpLeruBt6-UdMmBufzNQLisPJ67vhCTVrTNaHDDeCK2gHI3gqsnnbzOMS45VknmFOgKUp1C8GZu5BsT-AdDApEtY-DRZqnr6BxZv4-hG5OdEUA4_LCaI6JwlaAzv0Z74jpBZDC73cXWKJPgVuhARZcll5cexB2_EpgZDB6akQ",
|
115
|
-
p: "6GFVNgaXcW39NG-sRqKPzFtz1usfAkdCydPmfZirfHRhSh3OojX3Glbe7BI_SRSOLc2d2xw2_ZwKRlruY44aGEf4s5gD_nKgq2QS-1cA5uNAU91wRtY2rdoAuCnk2BX3WTZPnzyxkokFY0S0R_9IpJhRz72ggxYyhx0ymRUBIWc",
|
116
|
-
q: "5h1QX2JWLbcIT_cfrkmMoES1z06Fu88MLORYppiRDqkXl3CJFxKFtKJtDPLTf0MeTFexh81V52Ztsd8UttPInyDl9l5T0AOy8NmqHKqjI1063uy4bnHWetN7ovHftc_TOlnldAoQh9bmhZAhEyGlwa5Kros2YD2amIgDhcOmRO0"
|
183
|
+
kty: "oct",
|
184
|
+
k: "secret"
|
117
185
|
)
|
118
186
|
jwk.to_key
|
119
|
-
# =>
|
187
|
+
# => String
|
120
188
|
```
|
121
189
|
|
122
190
|
## Note on Patches/Pull Requests
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2.
|
1
|
+
1.2.4
|
data/lib/json/jwk.rb
CHANGED
@@ -13,6 +13,7 @@ module JSON
|
|
13
13
|
k: params,
|
14
14
|
kty: :oct
|
15
15
|
)
|
16
|
+
merge! ex_params
|
16
17
|
else
|
17
18
|
super params
|
18
19
|
merge! ex_params
|
@@ -40,11 +41,7 @@ module JSON
|
|
40
41
|
when rsa?
|
41
42
|
to_rsa_key
|
42
43
|
when ec?
|
43
|
-
|
44
|
-
to_ec_key
|
45
|
-
else
|
46
|
-
raise UnknownAlgorithm.new('This feature requires Ruby 2.0+')
|
47
|
-
end
|
44
|
+
to_ec_key
|
48
45
|
when oct?
|
49
46
|
self[:k]
|
50
47
|
else
|
data/lib/json/jwk/jwkizable.rb
CHANGED
@@ -21,13 +21,6 @@ module JSON
|
|
21
21
|
|
22
22
|
module EC
|
23
23
|
def to_jwk(ex_params = {})
|
24
|
-
# NOTE:
|
25
|
-
# OpenSSL::PKey::EC instance can be both public & private key at the same time.
|
26
|
-
# In such case, is it handled as public key or private key?
|
27
|
-
# For now, this gem handles any OpenSSL::PKey::EC instances as public key.
|
28
|
-
unless public_key?
|
29
|
-
raise UnknownAlgorithm.new('EC private key is not supported yet')
|
30
|
-
end
|
31
24
|
params = {
|
32
25
|
kty: :EC,
|
33
26
|
crv: curve_name,
|
data/lib/json/jwk/set.rb
CHANGED
data/lib/json/jws.rb
CHANGED
@@ -1,46 +1,48 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe JSON::JWK::JWKizable do
|
4
|
-
|
5
|
-
|
6
|
-
it { key.to_jwk.should be_instance_of JSON::JWK }
|
7
|
-
it { key.to_jwk.should include *expected_attributes.collect(&:to_s) }
|
8
|
-
end
|
9
|
-
end
|
4
|
+
describe '#to_jwk' do
|
5
|
+
subject { key.to_jwk }
|
10
6
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
it_behaves_like :jwkizable
|
7
|
+
shared_examples_for :jwkizable_as_public do
|
8
|
+
it { should be_instance_of JSON::JWK }
|
9
|
+
it { should include *public_key_attributes.collect(&:to_s) }
|
10
|
+
it { should_not include *private_key_attributes.collect(&:to_s) }
|
16
11
|
end
|
17
12
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
13
|
+
shared_examples_for :jwkizable_as_private do
|
14
|
+
it { should be_instance_of JSON::JWK }
|
15
|
+
it { should include *public_key_attributes.collect(&:to_s) }
|
16
|
+
it { should include *private_key_attributes.collect(&:to_s) }
|
22
17
|
end
|
23
|
-
end
|
24
18
|
|
25
|
-
|
26
|
-
|
27
|
-
let(:
|
28
|
-
|
29
|
-
|
19
|
+
describe OpenSSL::PKey::RSA do
|
20
|
+
let(:public_key_attributes) { [:kty, :n, :e] }
|
21
|
+
let(:private_key_attributes) { [:d, :p, :q] }
|
22
|
+
|
23
|
+
describe :public_key do
|
24
|
+
let(:key) { public_key :rsa }
|
25
|
+
it_behaves_like :jwkizable_as_public
|
26
|
+
end
|
27
|
+
|
28
|
+
describe :private_key do
|
29
|
+
let(:key) { private_key :rsa }
|
30
|
+
it_behaves_like :jwkizable_as_private
|
31
|
+
end
|
30
32
|
end
|
31
33
|
|
32
|
-
describe
|
33
|
-
let(:
|
34
|
-
let(:
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
34
|
+
describe OpenSSL::PKey::EC do
|
35
|
+
let(:public_key_attributes) { [:kty, :crv, :x, :y] }
|
36
|
+
let(:private_key_attributes) { [:d] }
|
37
|
+
|
38
|
+
describe :public_key do
|
39
|
+
let(:key) { public_key :ecdsa }
|
40
|
+
it_behaves_like :jwkizable_as_public
|
41
|
+
end
|
42
|
+
|
43
|
+
describe :private_key do
|
44
|
+
let(:key) { private_key :ecdsa }
|
45
|
+
it_behaves_like :jwkizable_as_private
|
44
46
|
end
|
45
47
|
end
|
46
48
|
end
|
data/spec/json/jwk_spec.rb
CHANGED
@@ -72,9 +72,14 @@ describe JSON::JWK do
|
|
72
72
|
it { should == '6v7pXTnQLMiQgvJlPJUdhAUSuGLzgF8C1r3ABAMFet6bc53ea-Pq4ZGbGu3RoAFsNRT1-RhTzDqtqXuLU6NOtw' }
|
73
73
|
end
|
74
74
|
end
|
75
|
+
|
76
|
+
describe '#to_key' do
|
77
|
+
it { jwk.to_key.should be_instance_of OpenSSL::PKey::RSA }
|
78
|
+
end
|
75
79
|
end
|
76
80
|
|
77
|
-
context 'when
|
81
|
+
context 'when EC public key given' do
|
82
|
+
let(:jwk) { JSON::JWK.new public_key(:ecdsa) }
|
78
83
|
let(:expected_coordinates) do
|
79
84
|
{
|
80
85
|
256 => {
|
@@ -91,6 +96,7 @@ describe JSON::JWK do
|
|
91
96
|
}
|
92
97
|
}
|
93
98
|
end
|
99
|
+
|
94
100
|
[256, 384, 512].each do |digest_length|
|
95
101
|
describe "EC#{digest_length}" do
|
96
102
|
let(:jwk) { JSON::JWK.new public_key(:ecdsa, digest_length: digest_length) }
|
@@ -109,49 +115,52 @@ describe JSON::JWK do
|
|
109
115
|
end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown EC Curve'
|
110
116
|
end
|
111
117
|
end
|
112
|
-
end
|
113
118
|
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
119
|
+
describe '#thumbprint' do
|
120
|
+
context 'using default hash function' do
|
121
|
+
subject { jwk.thumbprint }
|
122
|
+
it { should == '-egRpLjyZCqxBh4OOfd8JSvXwayHmNFAUNkbi8exfhc' }
|
123
|
+
end
|
124
|
+
|
125
|
+
context 'using SHA512 hash function' do
|
126
|
+
subject { jwk.thumbprint :SHA512 }
|
127
|
+
it { should == 'B_yXDZJ9doudaVCj5q5vqxshvVtW2IFnz_ypvRt5O60gemkDAhO78L6YMyTWH0ZRm15cO2_laTSaNO9yZQFsvQ' }
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
describe '#to_key' do
|
132
|
+
it { jwk.to_key.should be_instance_of OpenSSL::PKey::EC }
|
120
133
|
end
|
121
134
|
end
|
122
135
|
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
136
|
+
context 'when shared secret given' do
|
137
|
+
let(:jwk) { JSON::JWK.new 'secret' }
|
138
|
+
its(:kty) { jwk[:kty].should == :oct }
|
139
|
+
its(:x) { jwk[:k].should == 'secret' }
|
140
|
+
|
141
|
+
describe '#thumbprint' do
|
142
|
+
context 'using default hash function' do
|
143
|
+
subject { jwk.thumbprint }
|
144
|
+
it { should == 'XZPWsTEZFIerowAF9GHzBtq5CkAOcVvIBnkMu0IIQH0' }
|
131
145
|
end
|
132
|
-
its(:thumbprint) { should == 'fFn3D1P0H7Qo1ugQ-5LM6LC63LtArbkPsbQcs2F-1yA' }
|
133
|
-
end
|
134
146
|
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
kty: 'EC',
|
139
|
-
crv: 'P-256',
|
140
|
-
x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
|
141
|
-
y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
|
142
|
-
)
|
147
|
+
context 'using SHA512 hash function' do
|
148
|
+
subject { jwk.thumbprint :SHA512 }
|
149
|
+
it { should == 'rK7EtcEe9Xr0kryR9lNnyOTRe7Vb_BglbTBtbcVG2LzvL26_PFaMCwOtiUiXWfCK-wV8vcxjmvbcvV4ZxDE0FQ' }
|
143
150
|
end
|
144
|
-
its(:thumbprint) { should == '-egRpLjyZCqxBh4OOfd8JSvXwayHmNFAUNkbi8exfhc' }
|
145
151
|
end
|
146
152
|
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
153
|
+
describe '#to_key' do
|
154
|
+
it { jwk.to_key.should be_instance_of String }
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
describe 'unknown key type' do
|
159
|
+
it do
|
160
|
+
key = OpenSSL::PKey::DSA.generate 256
|
161
|
+
expect do
|
162
|
+
JSON::JWK.new key
|
163
|
+
end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Key Type'
|
155
164
|
end
|
156
165
|
end
|
157
166
|
|
@@ -167,30 +176,17 @@ describe JSON::JWK do
|
|
167
176
|
let(:e) { 'AQAB' }
|
168
177
|
let(:n) { 'AK8ppaAGn6N3jDic2DhDN5mI5mWzvhfL1AFZOS9q2EBM8L5sjZbYiaHeNoKillZGmEF9a9g6Z20bDnoHTuHPsx93HYkZqPumFZ8K9lLCbqKAMWw2Qgk10RgrZ-kblJotTBCeer9-tZSWO-OWFzP4gp8MpSuQOQbwTJwDgEkFIQLUK2YgzWbn1PoW8xcfbVyWhZD880ELGRW6GhRgYAl0DN_EQS8kyUa0CusYCzOOg2W3-7qjYeojyP6jiOEr-eyjC7hcUvTVoTfz84BiZv72KS3i5JS8ZNNuRp5Ce51wjoDDUoNxDLWv6Da6qMaGpKz6NTSNbvhE_KFhpp4wf5yRQD8=' }
|
169
178
|
let(:pem) do
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
PEM
|
182
|
-
else
|
183
|
-
<<-PEM.strip_heredoc
|
184
|
-
-----BEGIN RSA PUBLIC KEY-----
|
185
|
-
MIIBCgKCAQEArymloAafo3eMOJzYOEM3mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJ
|
186
|
-
od42gqKWVkaYQX1r2DpnbRsOegdO4c+zH3cdiRmo+6YVnwr2UsJuooAxbDZCCTXR
|
187
|
-
GCtn6RuUmi1MEJ56v361lJY745YXM/iCnwylK5A5BvBMnAOASQUhAtQrZiDNZufU
|
188
|
-
+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI
|
189
|
-
/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYpLeLklLxk025GnkJ7nXCOgMNSg3EMta/o
|
190
|
-
NrqoxoakrPo1NI1u+ET8oWGmnjB/nJFAPwIDAQAB
|
191
|
-
-----END RSA PUBLIC KEY-----
|
192
|
-
PEM
|
193
|
-
end
|
179
|
+
<<-PEM.strip_heredoc
|
180
|
+
-----BEGIN PUBLIC KEY-----
|
181
|
+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
|
182
|
+
mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
|
183
|
+
H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
|
184
|
+
nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
|
185
|
+
38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
|
186
|
+
LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
|
187
|
+
PwIDAQAB
|
188
|
+
-----END PUBLIC KEY-----
|
189
|
+
PEM
|
194
190
|
end
|
195
191
|
|
196
192
|
it { should be_instance_of OpenSSL::PKey::RSA }
|
@@ -206,43 +202,30 @@ describe JSON::JWK do
|
|
206
202
|
end
|
207
203
|
|
208
204
|
context 'when ECDSA' do
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
JSON::JWK.decode(jwk).should be_instance_of OpenSSL::PKey::EC
|
232
|
-
end
|
205
|
+
[{
|
206
|
+
alg: 'EC',
|
207
|
+
crv: 'P-256',
|
208
|
+
kty: 'EC',
|
209
|
+
x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
|
210
|
+
y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
|
211
|
+
}, {
|
212
|
+
alg: 'EC',
|
213
|
+
crv: 'P-384',
|
214
|
+
kty: 'EC',
|
215
|
+
x: 'plzApyFnK7qzhg5XnIZbFj2hZoH2Vdl4-RFm7DnsNMG9tyqrpfq2RyjfKABbcFRt',
|
216
|
+
y: 'ixBzffhk3fcbmeipGLkvQBNCzeNm6QL3hOUTH6IFBzOL0Y7HsGTopNTTspLjlivb'
|
217
|
+
}, {
|
218
|
+
alg: 'EC',
|
219
|
+
crv: 'P-521',
|
220
|
+
kty: 'EC',
|
221
|
+
x: 'AcMCD-a0a6rnE9TvC0mOqF_DGXRg5Y3iTb4eHNwTm2kD6iujx9M_f8d_FGHr0OhpqzEn4rYPYZouGsbIPEgL0q__',
|
222
|
+
y: 'AULYEd8l-bV_BI289aezhSLZ1RDF2ltgDPEy9Y7YtqYa4cJcpiyzVDMpXWwBp6cjg6TXINkoVrVXZhN404ihu4I2'
|
223
|
+
}].each do |jwk|
|
224
|
+
describe jwk['crv'] do
|
225
|
+
it do
|
226
|
+
JSON::JWK.decode(jwk).should be_instance_of OpenSSL::PKey::EC
|
233
227
|
end
|
234
228
|
end
|
235
|
-
else
|
236
|
-
it do
|
237
|
-
expect do
|
238
|
-
JSON::JWK.decode(
|
239
|
-
kty: :EC,
|
240
|
-
crv: 'P-256',
|
241
|
-
x: 'MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4',
|
242
|
-
y: '4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM'
|
243
|
-
)
|
244
|
-
end.to raise_error JSON::JWK::UnknownAlgorithm
|
245
|
-
end
|
246
229
|
end
|
247
230
|
end
|
248
231
|
|
data/spec/json/jws_spec.rb
CHANGED
@@ -122,7 +122,26 @@ describe JSON::JWS do
|
|
122
122
|
end
|
123
123
|
|
124
124
|
context 'when JSON::JWK::Set key given' do
|
125
|
-
|
125
|
+
let(:alg) { :HS256 }
|
126
|
+
let(:kid) { 'kid' }
|
127
|
+
let(:jwks) do
|
128
|
+
jwk = JSON::JWK.new shared_secret, kid: kid
|
129
|
+
JSON::JWK::Set.new jwk, JSON::JWK.new('another')
|
130
|
+
end
|
131
|
+
let(:signed) { jws.sign!(jwks) }
|
132
|
+
|
133
|
+
context 'when jwk is found by given kid' do
|
134
|
+
before { jws.header[:kid] = kid }
|
135
|
+
it { should == jws.sign!('secret') }
|
136
|
+
end
|
137
|
+
|
138
|
+
context 'otherwise' do
|
139
|
+
it do
|
140
|
+
expect do
|
141
|
+
subject
|
142
|
+
end.to raise_error JSON::JWK::Set::KidNotFound
|
143
|
+
end
|
144
|
+
end
|
126
145
|
end
|
127
146
|
|
128
147
|
describe 'unknown algorithm' do
|
@@ -211,6 +230,31 @@ describe JSON::JWS do
|
|
211
230
|
end
|
212
231
|
end
|
213
232
|
|
233
|
+
context 'when JSON::JWK::Set key given' do
|
234
|
+
subject { JSON::JWT.decode signed.to_s, jwks }
|
235
|
+
|
236
|
+
let(:alg) { :HS256 }
|
237
|
+
let(:kid) { 'kid' }
|
238
|
+
let(:jwks) do
|
239
|
+
jwk = JSON::JWK.new shared_secret, kid: kid
|
240
|
+
JSON::JWK::Set.new jwk, JSON::JWK.new('another')
|
241
|
+
end
|
242
|
+
let(:signed) { jws.sign!(jwks) }
|
243
|
+
|
244
|
+
context 'when jwk is found by given kid' do
|
245
|
+
before { jws.header[:kid] = kid }
|
246
|
+
it { should == signed }
|
247
|
+
end
|
248
|
+
|
249
|
+
context 'otherwise' do
|
250
|
+
it do
|
251
|
+
expect do
|
252
|
+
subject
|
253
|
+
end.to raise_error JSON::JWK::Set::KidNotFound
|
254
|
+
end
|
255
|
+
end
|
256
|
+
end
|
257
|
+
|
214
258
|
describe 'unknown algorithm' do
|
215
259
|
let(:alg) { :unknown }
|
216
260
|
it do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-08-
|
11
|
+
date: 2015-08-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: multi_json
|