RubyGems - json-jwt - Versions diffs - 1.6.1 → 1.6.2 - Mend

json-jwt 1.6.1 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of json-jwt might be problematic. Click here for more details.

Files changed (10) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e014795b26fe48d18d0f37edaf30a2eb29d0a689
-  data.tar.gz: a50037efeb277bc1b8668d68308cd4b7580ebd55
+  metadata.gz: 701cf86a3ceb49918c808ffdd2d207d6711c6803
+  data.tar.gz: 7a00b2dac244dfee8ded0665f35fc7dd02eb7fef
 SHA512:
-  metadata.gz: 70400f0219db63ba3941b59c0707dca053a714e85ecc7365316eabccadd057352230ed1a9958fe375278278d35a9066b568a404ce69d8ca845e014838d243ec6
-  data.tar.gz: e4d468d26981e6cd8ea4367f945874ee09ed4cdc00e30488730a1852d1902b93cc8c3c6e990175a7274c40e0e4a095af77da036d3a6628a97f6b46bd7fd08808
+  metadata.gz: 62d1b3916ddcfed3e7169d9fccb3b8c59b29ff0b2e7f9c9ee7b9c6dc28966c7706f59c013c44d9e5a0a3d8237d7325c37b822d1fcc66f45123e77a80760f6f52
+  data.tar.gz: 59c93232656b3da54db7b58ae15f8efffc1179a9d211daa3327f8634907409c768a1a7513cb68af2a567dbce0ff06fb29a6fdb0da743233349f9cff0f893c913

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 1.6.1
1	+ 1.6.2

data/lib/json/jose.rb CHANGED

@@ -20,6 +20,19 @@ module JSON
       end
     end
+    def with_jwk_support(key)
+      case key
+      when JSON::JWK
+        key.to_key
+      when JSON::JWK::Set
+        key.detect do |jwk|
+          jwk[:kid] && jwk[:kid] == kid
+        end.try(:to_key) or raise JWK::Set::KidNotFound
+      else
+        key
+      end
+    end
     module ClassMethods
       def register_header_keys(*keys)
         keys.each do |header_key|

data/lib/json/jwe.rb CHANGED

@@ -25,7 +25,7 @@ module JSON
     end
     def encrypt!(public_key_or_secret)
-      self.public_key_or_secret = public_key_or_secret
+      self.public_key_or_secret = with_jwk_support public_key_or_secret
       cipher.encrypt
       generate_cipher_keys!
       self.cipher_text = cipher.update(plain_text) + cipher.final
@@ -33,7 +33,7 @@ module JSON
     end
     def decrypt!(private_key_or_secret)
-      self.private_key_or_secret = private_key_or_secret
+      self.private_key_or_secret = with_jwk_support private_key_or_secret
       cipher.decrypt
       restore_cipher_keys!
       self.plain_text = cipher.update(cipher_text) + cipher.final

data/lib/json/jwk.rb CHANGED

@@ -18,6 +18,7 @@ module JSON
         super params
         merge! ex_params
       end
+      self[:kid] ||= thumbprint rescue nil #ignore
     end
     def content_type

data/lib/json/jws.rb CHANGED

@@ -106,19 +106,6 @@ module JSON
       raise UnexpectedAlgorithm.new(e.message)
     end
-    def with_jwk_support(key)
-      case key
-      when JSON::JWK
-        key.to_key
-      when JSON::JWK::Set
-        key.detect do |jwk|
-          jwk[:kid] && jwk[:kid] == kid
-        end.try(:to_key) or raise JWK::Set::KidNotFound
-      else
-        key
-      end
-    end
     def verify_ecdsa_group!(key)
       group_name = case digest.digest_length * 8
       when 256

data/lib/json/jwt.rb CHANGED

@@ -26,14 +26,23 @@ module JSON
       update claims
     end
-    def sign(private_key_or_secret, algorithm = :HS256)
-      jws = JWS.new self
+    def sign(private_key_or_secret, algorithm = :autodetect)
+      if algorithm == :autodetect
+        # NOTE:
+        #  I'd like to make :RS256 default.
+        #  However, by histrical reasons, :HS256 was default.
+        #  This code is needed to keep legacy behavior.
+        algorithm = private_key_or_secret.is_a?(String) ? :HS256 : :RS256
+      end
+      jws = JWS.new self.dup
+      jws.kid ||= private_key_or_secret[:kid] if private_key_or_secret.is_a? JSON::JWK
       jws.alg = algorithm
       jws.sign! private_key_or_secret
     end
     def encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256')
       jwe = JWE.new self
+      jwe.kid ||= public_key_or_secret[:kid] if public_key_or_secret.is_a? JSON::JWK
       jwe.alg = algorithm
       jwe.enc = encryption_method
       jwe.encrypt! public_key_or_secret

data/spec/json/jwk_spec.rb CHANGED

@@ -2,21 +2,38 @@ require 'spec_helper'
 describe JSON::JWK do
   describe '#initialize' do
-    subject { JSON::JWK.new key }
+    let(:jwk) { JSON::JWK.new key }
+    subject { jwk }
+    shared_examples_for :jwk_with_kid do
+      it { should be_instance_of JSON::JWK }
+      describe 'kid' do
+        subject { jwk[:kid] }
+        it { should == jwk.thumbprint }
+      end
+    end
+    shared_examples_for :jwk_without_kid do
+      it { should be_instance_of JSON::JWK }
+      describe 'kid' do
+        subject { jwk[:kid] }
+        it { should be_blank }
+      end
+    end
     context 'with OpenSSL::PKey::RSA' do
       let(:key) { public_key }
-      it { should be_instance_of JSON::JWK }
+      it_behaves_like :jwk_with_kid
     end
     context 'with OpenSSL::PKey::EC' do
       let(:key) { public_key :ecdsa }
-      it { should be_instance_of JSON::JWK }
+      it_behaves_like :jwk_with_kid
     end
     context 'with String' do
       let(:key) { 'secret' }
-      it { should be_instance_of JSON::JWK }
+      it_behaves_like :jwk_with_kid
     end
     context 'with JSON::JWK' do
@@ -26,7 +43,7 @@ describe JSON::JWK do
           kty: :oct
         )
       end
-      it { should be_instance_of JSON::JWK }
+      it_behaves_like :jwk_with_kid
     end
     context 'with Hash' do
@@ -36,7 +53,12 @@ describe JSON::JWK do
           kty: :oct
         }
       end
-      it { should be_instance_of JSON::JWK }
+      it_behaves_like :jwk_with_kid
+    end
+    context 'with nothing' do
+      let(:jwk) { JSON::JWK.new }
+      it_behaves_like :jwk_without_kid
     end
   end

data/spec/json/jwt_spec.rb CHANGED

@@ -47,6 +47,37 @@ describe JSON::JWT do
         end
       end
     end
+    context 'when no algirithm specified' do
+      subject { jwt.sign(key) }
+      context 'when key is String' do
+        let(:key) { shared_secret }
+        its(:alg) { should == :HS256 }
+      end
+      context 'otherwise' do
+        let(:key) { private_key }
+        its(:alg) { should == :RS256 }
+      end
+    end
+    context 'when non-JWK key is given' do
+      let(:key) { private_key }
+      it 'should not set kid header automatically' do
+        jws = jwt.sign(key, :RS256)
+        jws.kid.should be_blank
+      end
+    end
+    context 'when JWK is given' do
+      let(:key) { JSON::JWK.new private_key }
+      it 'should set kid header automatically' do
+        jws = jwt.sign(key, :RS256)
+        jwt.kid.should be_blank
+        jws.kid.should == key[:kid]
+      end
+    end
   end
   describe '#encrypt' do
@@ -67,6 +98,23 @@ describe JSON::JWT do
     it 'should accept optional algorithm and encryption method' do
       jwt.encrypt(SecureRandom.hex(32), :dir, :'A256CBC-HS512').should be_a JSON::JWE
     end
+    context 'when non-JWK key is given' do
+      let(:key) { shared_key }
+      it 'should not set kid header automatically' do
+        jwe = jwt.encrypt(key, :dir)
+        jwe.kid.should be_blank
+      end
+    end
+    context 'when JWK is given' do
+      let(:key) { JSON::JWK.new shared_key }
+      it 'should set kid header automatically' do
+        jwe = jwt.encrypt(key, :dir)
+        jwt.kid.should be_blank
+        jwe.kid.should == key[:kid]
+      end
+    end
   end
   describe '.decode' do

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.6.1
+  version: 1.6.2
 platform: ruby
 authors:
 - nov matake
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-06-21 00:00:00.000000000 Z
+date: 2016-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json