json-jwt 1.6.3 → 1.6.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +4 -1
- data/VERSION +1 -1
- data/lib/json/jwe.rb +30 -57
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c9eaaadc2d5b284f093def37ce0cd9011c9fa77f
|
|
4
|
+
data.tar.gz: b86f15824f4bd1c6bc7fd96b4dc8eb045f0b8e28
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f1a22bf9ba1a68f2d07abfb522b175ebb7d135a6e839484d50018c07f6bba4a69d7be7d3606314acb327a4cfc696f81d95ed35ab6aa7df7e351c975bf39eb71b
|
|
7
|
+
data.tar.gz: 9a56462a3090504d2fd4ad5f5b567f8d0ad2691438a419171b12e0f3d503e5a62fb526aeacce12cb8b561abdcfefbce84475d727faee095cff2054cd4cec8411
|
data/.travis.yml
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.6.
|
|
1
|
+
1.6.4
|
data/lib/json/jwe.rb
CHANGED
|
@@ -27,7 +27,12 @@ module JSON
|
|
|
27
27
|
def encrypt!(public_key_or_secret)
|
|
28
28
|
self.public_key_or_secret = with_jwk_support public_key_or_secret
|
|
29
29
|
cipher.encrypt
|
|
30
|
-
|
|
30
|
+
self.content_encryption_key = generate_content_encryption_key
|
|
31
|
+
self.mac_key, self.encryption_key = derive_encryption_and_mac_keys
|
|
32
|
+
cipher.key = encryption_key
|
|
33
|
+
self.iv = cipher.random_iv
|
|
34
|
+
self.auth_data = UrlSafeBase64.encode64 header.to_json
|
|
35
|
+
cipher.auth_data = auth_data if gcm?
|
|
31
36
|
self.cipher_text = cipher.update(plain_text) + cipher.final
|
|
32
37
|
self
|
|
33
38
|
end
|
|
@@ -35,7 +40,14 @@ module JSON
|
|
|
35
40
|
def decrypt!(private_key_or_secret)
|
|
36
41
|
self.private_key_or_secret = with_jwk_support private_key_or_secret
|
|
37
42
|
cipher.decrypt
|
|
38
|
-
|
|
43
|
+
self.content_encryption_key = decrypt_content_encryption_key
|
|
44
|
+
self.mac_key, self.encryption_key = derive_encryption_and_mac_keys
|
|
45
|
+
cipher.key = encryption_key
|
|
46
|
+
cipher.iv = iv # NOTE: 'iv' has to be set after 'key' for GCM
|
|
47
|
+
if gcm?
|
|
48
|
+
cipher.auth_tag = authentication_tag
|
|
49
|
+
cipher.auth_data = auth_data
|
|
50
|
+
end
|
|
39
51
|
self.plain_text = cipher.update(cipher_text) + cipher.final
|
|
40
52
|
verify_cbc_authentication_tag! if cbc?
|
|
41
53
|
self
|
|
@@ -98,7 +110,7 @@ module JSON
|
|
|
98
110
|
|
|
99
111
|
def cipher
|
|
100
112
|
@cipher ||= if gcm? && !gcm_supported?
|
|
101
|
-
raise UnexpectedAlgorithm.new('AEC GCM requires Ruby 2.0+ and OpenSSL 1.0.1c+')
|
|
113
|
+
raise UnexpectedAlgorithm.new('AEC GCM requires Ruby 2.0+ and OpenSSL 1.0.1c+')
|
|
102
114
|
else
|
|
103
115
|
OpenSSL::Cipher.new cipher_name
|
|
104
116
|
end
|
|
@@ -134,15 +146,15 @@ module JSON
|
|
|
134
146
|
OpenSSL::Digest.new "SHA#{sha_size}"
|
|
135
147
|
end
|
|
136
148
|
|
|
137
|
-
def
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
149
|
+
def derive_encryption_and_mac_keys
|
|
150
|
+
case
|
|
151
|
+
when gcm?
|
|
152
|
+
[:wont_be_used, content_encryption_key]
|
|
153
|
+
when cbc?
|
|
154
|
+
content_encryption_key.unpack(
|
|
155
|
+
"a#{content_encryption_key.length / 2}" * 2
|
|
156
|
+
)
|
|
157
|
+
end
|
|
146
158
|
end
|
|
147
159
|
|
|
148
160
|
# encryption
|
|
@@ -170,40 +182,15 @@ module JSON
|
|
|
170
182
|
end
|
|
171
183
|
end
|
|
172
184
|
|
|
173
|
-
def
|
|
185
|
+
def generate_content_encryption_key
|
|
174
186
|
case
|
|
175
|
-
when
|
|
176
|
-
generate_gcm_keys!
|
|
177
|
-
when cbc?
|
|
178
|
-
generate_cbc_keys!
|
|
179
|
-
end
|
|
180
|
-
cipher.key = encryption_key
|
|
181
|
-
self.iv = cipher.random_iv
|
|
182
|
-
self.auth_data = UrlSafeBase64.encode64 header.to_json
|
|
183
|
-
if gcm?
|
|
184
|
-
cipher.auth_data = self.auth_data
|
|
185
|
-
end
|
|
186
|
-
self
|
|
187
|
-
end
|
|
188
|
-
|
|
189
|
-
def generate_gcm_keys!
|
|
190
|
-
self.content_encryption_key ||= if dir?
|
|
187
|
+
when dir?
|
|
191
188
|
public_key_or_secret
|
|
192
|
-
|
|
189
|
+
when gcm?
|
|
193
190
|
cipher.random_key
|
|
194
|
-
|
|
195
|
-
derive_encryption_and_mac_keys_gcm!
|
|
196
|
-
self
|
|
197
|
-
end
|
|
198
|
-
|
|
199
|
-
def generate_cbc_keys!
|
|
200
|
-
self.content_encryption_key ||= if dir?
|
|
201
|
-
public_key_or_secret
|
|
202
|
-
else
|
|
191
|
+
when cbc?
|
|
203
192
|
SecureRandom.random_bytes sha_size / 8
|
|
204
193
|
end
|
|
205
|
-
derive_encryption_and_mac_keys_cbc!
|
|
206
|
-
self
|
|
207
194
|
end
|
|
208
195
|
|
|
209
196
|
def authentication_tag
|
|
@@ -246,22 +233,8 @@ module JSON
|
|
|
246
233
|
else
|
|
247
234
|
raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
|
|
248
235
|
end
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
def restore_cipher_keys!
|
|
252
|
-
self.content_encryption_key = decrypt_content_encryption_key
|
|
253
|
-
case
|
|
254
|
-
when gcm?
|
|
255
|
-
derive_encryption_and_mac_keys_gcm!
|
|
256
|
-
when cbc?
|
|
257
|
-
derive_encryption_and_mac_keys_cbc!
|
|
258
|
-
end
|
|
259
|
-
cipher.key = encryption_key
|
|
260
|
-
cipher.iv = iv # NOTE: 'iv' has to be set after 'key' for GCM
|
|
261
|
-
if gcm?
|
|
262
|
-
cipher.auth_tag = authentication_tag
|
|
263
|
-
cipher.auth_data = auth_data
|
|
264
|
-
end
|
|
236
|
+
rescue OpenSSL::PKey::PKeyError
|
|
237
|
+
generate_content_encryption_key
|
|
265
238
|
end
|
|
266
239
|
|
|
267
240
|
def verify_cbc_authentication_tag!
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.
|
|
4
|
+
version: 1.6.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-08-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: multi_json
|