json-jwt 1.9.0 → 1.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jws.rb +23 -0
- data/lib/json/jwt.rb +0 -16
- data/spec/json/jwt_spec.rb +18 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 366867063d5d6443dc46c34adadd1a3fd4a7b574
|
|
4
|
+
data.tar.gz: 8295a9c7c3620e1cb32d47e4b27f2e6fbf947790
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5ce3939943d51965ca03d2dd34c6c40623b2d337ca6b8206dcc90ae29cf0e450c205bd66191ad6bc29f70edcf3567d92ad30cc96ee20dec3b737bbae134960b4
|
|
7
|
+
data.tar.gz: 7fdd1b34b2535b3fd905e46badd0d2cee536a071eb434bc145179c07772019823bff4fc2fc22eefebb40479570439e430cab9ad1e26849775cbfc45de2952bbb
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.9.
|
|
1
|
+
1.9.1
|
data/lib/json/jws.rb
CHANGED
|
@@ -13,6 +13,7 @@ module JSON
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def sign!(private_key_or_secret)
|
|
16
|
+
self.alg = autodetected_algorithm_from(private_key_or_secret) if algorithm == :autodetect
|
|
16
17
|
self.signature = sign signature_base_string, private_key_or_secret
|
|
17
18
|
self
|
|
18
19
|
end
|
|
@@ -68,6 +69,28 @@ module JSON
|
|
|
68
69
|
[:ES256, :ES384, :ES512].include? algorithm.try(:to_sym)
|
|
69
70
|
end
|
|
70
71
|
|
|
72
|
+
def autodetected_algorithm_from(private_key_or_secret)
|
|
73
|
+
case private_key_or_secret
|
|
74
|
+
when String
|
|
75
|
+
:HS256
|
|
76
|
+
when OpenSSL::PKey::RSA
|
|
77
|
+
:RS256
|
|
78
|
+
when OpenSSL::PKey::EC
|
|
79
|
+
case private_key_or_secret.group.curve_name
|
|
80
|
+
when 'prime256v1'
|
|
81
|
+
:ES256
|
|
82
|
+
when 'secp384r1'
|
|
83
|
+
:ES384
|
|
84
|
+
when 'secp521r1'
|
|
85
|
+
:ES512
|
|
86
|
+
else
|
|
87
|
+
raise UnknownAlgorithm.new('Unknown EC Curve')
|
|
88
|
+
end
|
|
89
|
+
else
|
|
90
|
+
raise UnexpectedAlgorithm.new('Signature algorithm auto-detection failed')
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
71
94
|
def signature_base_string
|
|
72
95
|
@signature_base_string ||= [
|
|
73
96
|
header.to_json,
|
data/lib/json/jwt.rb
CHANGED
|
@@ -26,22 +26,6 @@ module JSON
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
def sign(private_key_or_secret, algorithm = :autodetect)
|
|
29
|
-
if algorithm == :autodetect
|
|
30
|
-
# NOTE:
|
|
31
|
-
# I'd like to make :RS256 default.
|
|
32
|
-
# However, by histrical reasons, :HS256 was default.
|
|
33
|
-
# This code is needed to keep legacy behavior.
|
|
34
|
-
algorithm = case private_key_or_secret
|
|
35
|
-
when String
|
|
36
|
-
:HS256
|
|
37
|
-
when OpenSSL::PKey::RSA
|
|
38
|
-
:RS256
|
|
39
|
-
when OpenSSL::PKey::EC
|
|
40
|
-
:ES256
|
|
41
|
-
else
|
|
42
|
-
raise UnexpectedAlgorithm.new('Signature algorithm auto-detection failed')
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
29
|
jws = JWS.new self
|
|
46
30
|
jws.kid ||= private_key_or_secret[:kid] if private_key_or_secret.is_a? JSON::JWK
|
|
47
31
|
jws.alg = algorithm
|
data/spec/json/jwt_spec.rb
CHANGED
|
@@ -56,10 +56,27 @@ describe JSON::JWT do
|
|
|
56
56
|
its(:alg) { should == :HS256 }
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
-
context '
|
|
59
|
+
context 'when key is RSA key' do
|
|
60
60
|
let(:key) { private_key }
|
|
61
61
|
its(:alg) { should == :RS256 }
|
|
62
62
|
end
|
|
63
|
+
|
|
64
|
+
context 'when key is EC key' do
|
|
65
|
+
context 'when prime256v1' do
|
|
66
|
+
let(:key) { private_key(:ecdsa) }
|
|
67
|
+
its(:alg) { should == :ES256 }
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
context 'when secp384r1' do
|
|
71
|
+
let(:key) { private_key(:ecdsa, digest_length: 384) }
|
|
72
|
+
its(:alg) { should == :ES384 }
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
context 'when secp521r1' do
|
|
76
|
+
let(:key) { private_key(:ecdsa, digest_length: 512) }
|
|
77
|
+
its(:alg) { should == :ES512 }
|
|
78
|
+
end
|
|
79
|
+
end
|
|
63
80
|
end
|
|
64
81
|
|
|
65
82
|
context 'when non-JWK key is given' do
|