json-jwt 1.9.2 → 1.9.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/VERSION +1 -1
- data/json-jwt.gemspec +0 -1
- data/lib/json/jose.rb +2 -2
- data/lib/json/jwe.rb +17 -13
- data/lib/json/jwk.rb +3 -3
- data/lib/json/jwk/jwkizable.rb +11 -11
- data/lib/json/jws.rb +2 -2
- data/lib/json/jwt.rb +8 -8
- data/spec/json/jwk_spec.rb +2 -2
- data/spec/json/jws_spec.rb +13 -13
- data/spec/json/jwt_spec.rb +18 -18
- metadata +3 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 9d4b2dfb27f37a7525522312228284729a9f940698bfa3d1b7b3562f94cf998b
|
4
|
+
data.tar.gz: 865265a1f3d884476535d0f3c8d3de258db91d9ca4948283b78f4a48cc1023c3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: eae66e49d8e101e68575ec4a4bf7ac46cef62d151d3dbae4d1a1c17a7a17235f376991c7346c8e46c9605b8028bca41113da7b84d85a52b58a28050e59c586c1
|
7
|
+
data.tar.gz: '0295d9284c1fb49c1f29881c915ffacac5f5f9c985f19f2a39c2bc27aac5570102f1f2d07032f62254b88eb3e8133236d4e6d4551235c83ec03c64a324e8593e'
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.9.
|
1
|
+
1.9.3
|
data/json-jwt.gemspec
CHANGED
@@ -11,7 +11,6 @@ Gem::Specification.new do |gem|
|
|
11
11
|
gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
12
12
|
gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
13
13
|
gem.require_paths = ['lib']
|
14
|
-
gem.add_runtime_dependency 'url_safe_base64'
|
15
14
|
gem.add_runtime_dependency 'activesupport'
|
16
15
|
gem.add_runtime_dependency 'bindata'
|
17
16
|
gem.add_runtime_dependency 'securecompare'
|
data/lib/json/jose.rb
CHANGED
@@ -51,9 +51,9 @@ module JSON
|
|
51
51
|
else
|
52
52
|
decode_compact_serialized input, key_or_secret, algorithms, encryption_methods
|
53
53
|
end
|
54
|
-
rescue JSON::ParserError
|
54
|
+
rescue JSON::ParserError, ArgumentError
|
55
55
|
raise JWT::InvalidFormat.new("Invalid JSON Format")
|
56
56
|
end
|
57
57
|
end
|
58
58
|
end
|
59
|
-
end
|
59
|
+
end
|
data/lib/json/jwe.rb
CHANGED
@@ -32,7 +32,7 @@ module JSON
|
|
32
32
|
self.mac_key, self.encryption_key = derive_encryption_and_mac_keys
|
33
33
|
cipher.key = encryption_key
|
34
34
|
self.iv = cipher.random_iv # NOTE: 'iv' has to be set after 'key' for GCM
|
35
|
-
self.auth_data =
|
35
|
+
self.auth_data = Base64.urlsafe_encode64 header.to_json, padding: false
|
36
36
|
cipher.auth_data = auth_data if gcm?
|
37
37
|
self.cipher_text = cipher.update(plain_text) + cipher.final
|
38
38
|
self
|
@@ -64,7 +64,7 @@ module JSON
|
|
64
64
|
cipher_text,
|
65
65
|
authentication_tag
|
66
66
|
].collect do |segment|
|
67
|
-
|
67
|
+
Base64.urlsafe_encode64 segment.to_s, padding: false
|
68
68
|
end.join('.')
|
69
69
|
end
|
70
70
|
|
@@ -72,21 +72,21 @@ module JSON
|
|
72
72
|
case options[:syntax]
|
73
73
|
when :general
|
74
74
|
{
|
75
|
-
protected:
|
75
|
+
protected: Base64.urlsafe_encode64(header.to_json, padding: false),
|
76
76
|
recipients: [{
|
77
|
-
encrypted_key:
|
77
|
+
encrypted_key: Base64.urlsafe_encode64(jwe_encrypted_key, padding: false)
|
78
78
|
}],
|
79
|
-
iv:
|
80
|
-
ciphertext:
|
81
|
-
tag:
|
79
|
+
iv: Base64.urlsafe_encode64(iv, padding: false),
|
80
|
+
ciphertext: Base64.urlsafe_encode64(cipher_text, padding: false),
|
81
|
+
tag: Base64.urlsafe_encode64(authentication_tag, padding: false)
|
82
82
|
}
|
83
83
|
else
|
84
84
|
{
|
85
|
-
protected:
|
86
|
-
encrypted_key:
|
87
|
-
iv:
|
88
|
-
ciphertext:
|
89
|
-
tag:
|
85
|
+
protected: Base64.urlsafe_encode64(header.to_json, padding: false),
|
86
|
+
encrypted_key: Base64.urlsafe_encode64(jwe_encrypted_key, padding: false),
|
87
|
+
iv: Base64.urlsafe_encode64(iv, padding: false),
|
88
|
+
ciphertext: Base64.urlsafe_encode64(cipher_text, padding: false),
|
89
|
+
tag: Base64.urlsafe_encode64(authentication_tag, padding: false)
|
90
90
|
}
|
91
91
|
end
|
92
92
|
end
|
@@ -252,7 +252,11 @@ module JSON
|
|
252
252
|
end
|
253
253
|
jwe = new
|
254
254
|
_header_json_, jwe.jwe_encrypted_key, jwe.iv, jwe.cipher_text, jwe.authentication_tag = input.split('.').collect do |segment|
|
255
|
-
|
255
|
+
begin
|
256
|
+
Base64.urlsafe_decode64 segment
|
257
|
+
rescue ArgumentError
|
258
|
+
raise DecryptionFailed
|
259
|
+
end
|
256
260
|
end
|
257
261
|
jwe.auth_data = input.split('.').first
|
258
262
|
jwe.header = JSON.parse(_header_json_).with_indifferent_access
|
data/lib/json/jwk.rb
CHANGED
@@ -34,7 +34,7 @@ module JSON
|
|
34
34
|
else
|
35
35
|
raise UnknownAlgorithm.new('Unknown Digest Algorithm')
|
36
36
|
end
|
37
|
-
|
37
|
+
Base64.urlsafe_encode64 digest.digest(normalize.to_json), padding: false
|
38
38
|
end
|
39
39
|
|
40
40
|
def to_key
|
@@ -98,7 +98,7 @@ module JSON
|
|
98
98
|
def to_rsa_key
|
99
99
|
e, n, d, p, q, dp, dq, qi = [:e, :n, :d, :p, :q, :dp, :dq, :qi].collect do |key|
|
100
100
|
if self[key]
|
101
|
-
OpenSSL::BN.new
|
101
|
+
OpenSSL::BN.new Base64.urlsafe_decode64(self[key]), 2
|
102
102
|
end
|
103
103
|
end
|
104
104
|
key = OpenSSL::PKey::RSA.new
|
@@ -132,7 +132,7 @@ module JSON
|
|
132
132
|
end
|
133
133
|
x, y, d = [:x, :y, :d].collect do |key|
|
134
134
|
if self[key]
|
135
|
-
|
135
|
+
Base64.urlsafe_decode64(self[key])
|
136
136
|
end
|
137
137
|
end
|
138
138
|
key = OpenSSL::PKey::EC.new curve_name
|
data/lib/json/jwk/jwkizable.rb
CHANGED
@@ -5,17 +5,17 @@ module JSON
|
|
5
5
|
def to_jwk(ex_params = {})
|
6
6
|
params = {
|
7
7
|
kty: :RSA,
|
8
|
-
e:
|
9
|
-
n:
|
8
|
+
e: Base64.urlsafe_encode64(e.to_s(2), padding: false),
|
9
|
+
n: Base64.urlsafe_encode64(n.to_s(2), padding: false)
|
10
10
|
}.merge ex_params
|
11
11
|
if private?
|
12
12
|
params.merge!(
|
13
|
-
d:
|
14
|
-
p:
|
15
|
-
q:
|
16
|
-
dp:
|
17
|
-
dq:
|
18
|
-
qi:
|
13
|
+
d: Base64.urlsafe_encode64(d.to_s(2), padding: false),
|
14
|
+
p: Base64.urlsafe_encode64(p.to_s(2), padding: false),
|
15
|
+
q: Base64.urlsafe_encode64(q.to_s(2), padding: false),
|
16
|
+
dp: Base64.urlsafe_encode64(dmp1.to_s(2), padding: false),
|
17
|
+
dq: Base64.urlsafe_encode64(dmq1.to_s(2), padding: false),
|
18
|
+
qi: Base64.urlsafe_encode64(iqmp.to_s(2), padding: false),
|
19
19
|
)
|
20
20
|
end
|
21
21
|
JWK.new params
|
@@ -27,10 +27,10 @@ module JSON
|
|
27
27
|
params = {
|
28
28
|
kty: :EC,
|
29
29
|
crv: curve_name,
|
30
|
-
x:
|
31
|
-
y:
|
30
|
+
x: Base64.urlsafe_encode64([coordinates[:x]].pack('H*'), padding: false),
|
31
|
+
y: Base64.urlsafe_encode64([coordinates[:y]].pack('H*'), padding: false)
|
32
32
|
}.merge ex_params
|
33
|
-
params[:d] =
|
33
|
+
params[:d] = Base64.urlsafe_encode64([coordinates[:d]].pack('H*'), padding: false) if private_key?
|
34
34
|
JWK.new params
|
35
35
|
end
|
36
36
|
|
data/lib/json/jws.rb
CHANGED
@@ -96,7 +96,7 @@ module JSON
|
|
96
96
|
header.to_json,
|
97
97
|
self.to_json
|
98
98
|
].collect do |segment|
|
99
|
-
|
99
|
+
Base64.urlsafe_encode64 segment, padding: false
|
100
100
|
end.join('.')
|
101
101
|
end
|
102
102
|
|
@@ -180,7 +180,7 @@ module JSON
|
|
180
180
|
raise InvalidFormat.new("Invalid JWS Format. JWS should include #{NUM_OF_SEGMENTS} segments.")
|
181
181
|
end
|
182
182
|
header, claims, signature = input.split('.', JWS::NUM_OF_SEGMENTS).collect do |segment|
|
183
|
-
|
183
|
+
Base64.urlsafe_decode64 segment.to_s
|
184
184
|
end
|
185
185
|
header, claims = [header, claims].collect do |json|
|
186
186
|
JSON.parse(json).with_indifferent_access
|
data/lib/json/jwt.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
require 'openssl'
|
2
|
-
require '
|
2
|
+
require 'base64'
|
3
3
|
require 'active_support'
|
4
4
|
require 'active_support/core_ext'
|
5
5
|
require 'json/jose'
|
@@ -46,7 +46,7 @@ module JSON
|
|
46
46
|
self.to_json,
|
47
47
|
signature
|
48
48
|
].collect do |segment|
|
49
|
-
|
49
|
+
Base64.urlsafe_encode64 segment.to_s, padding: false
|
50
50
|
end.join('.')
|
51
51
|
end
|
52
52
|
|
@@ -54,17 +54,17 @@ module JSON
|
|
54
54
|
case options[:syntax]
|
55
55
|
when :general
|
56
56
|
{
|
57
|
-
payload:
|
57
|
+
payload: Base64.urlsafe_encode64(self.to_json, padding: false),
|
58
58
|
signatures: [{
|
59
|
-
protected:
|
60
|
-
signature:
|
59
|
+
protected: Base64.urlsafe_encode64(header.to_json, padding: false),
|
60
|
+
signature: Base64.urlsafe_encode64(signature.to_s, padding: false)
|
61
61
|
}]
|
62
62
|
}
|
63
63
|
when :flattened
|
64
64
|
{
|
65
|
-
protected:
|
66
|
-
payload:
|
67
|
-
signature:
|
65
|
+
protected: Base64.urlsafe_encode64(header.to_json, padding: false),
|
66
|
+
payload: Base64.urlsafe_encode64(self.to_json, padding: false),
|
67
|
+
signature: Base64.urlsafe_encode64(signature.to_s, padding: false)
|
68
68
|
}
|
69
69
|
else
|
70
70
|
super
|
data/spec/json/jwk_spec.rb
CHANGED
@@ -79,8 +79,8 @@ describe JSON::JWK do
|
|
79
79
|
let(:jwk) { JSON::JWK.new public_key }
|
80
80
|
it { jwk.keys.collect(&:to_sym).should include :kty, :e, :n }
|
81
81
|
its(:kty) { jwk[:kty].should == :RSA }
|
82
|
-
its(:e) { jwk[:e].should ==
|
83
|
-
its(:n) { jwk[:n].should ==
|
82
|
+
its(:e) { jwk[:e].should == Base64.urlsafe_encode64(public_key.e.to_s(2), padding: false) }
|
83
|
+
its(:n) { jwk[:n].should == Base64.urlsafe_encode64(public_key.n.to_s(2), padding: false) }
|
84
84
|
|
85
85
|
context 'when kid/use options given' do
|
86
86
|
let(:jwk) { JSON::JWK.new public_key, kid: '12345', use: :sig }
|
data/spec/json/jws_spec.rb
CHANGED
@@ -48,7 +48,7 @@ describe JSON::JWS do
|
|
48
48
|
describe '#sign!' do
|
49
49
|
shared_examples_for :generate_expected_signature do
|
50
50
|
it do
|
51
|
-
|
51
|
+
Base64.urlsafe_encode64(signed.signature, padding: false).should == expected_signature[alg]
|
52
52
|
end
|
53
53
|
end
|
54
54
|
subject { signed }
|
@@ -279,10 +279,10 @@ describe JSON::JWS do
|
|
279
279
|
context 'when general' do
|
280
280
|
it 'should return General JWS JSON Serialization' do
|
281
281
|
signed.to_json(syntax: :general).should == {
|
282
|
-
payload:
|
282
|
+
payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
|
283
283
|
signatures: [{
|
284
|
-
protected:
|
285
|
-
signature:
|
284
|
+
protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false),
|
285
|
+
signature: Base64.urlsafe_encode64(signed.signature, padding: false)
|
286
286
|
}]
|
287
287
|
}.to_json
|
288
288
|
end
|
@@ -290,10 +290,10 @@ describe JSON::JWS do
|
|
290
290
|
context 'when not signed yet' do
|
291
291
|
it 'should not fail' do
|
292
292
|
jws.to_json(syntax: :general).should == {
|
293
|
-
payload:
|
293
|
+
payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
|
294
294
|
signatures: [{
|
295
|
-
protected:
|
296
|
-
signature:
|
295
|
+
protected: Base64.urlsafe_encode64(jws.header.to_json, padding: false),
|
296
|
+
signature: Base64.urlsafe_encode64('', padding: false)
|
297
297
|
}]
|
298
298
|
}.to_json
|
299
299
|
end
|
@@ -303,18 +303,18 @@ describe JSON::JWS do
|
|
303
303
|
context 'when flattened' do
|
304
304
|
it 'should return Flattened JWS JSON Serialization' do
|
305
305
|
signed.to_json(syntax: :flattened).should == {
|
306
|
-
protected:
|
307
|
-
payload:
|
308
|
-
signature:
|
306
|
+
protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false),
|
307
|
+
payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
|
308
|
+
signature: Base64.urlsafe_encode64(signed.signature, padding: false)
|
309
309
|
}.to_json
|
310
310
|
end
|
311
311
|
|
312
312
|
context 'when not signed yet' do
|
313
313
|
it 'should not fail' do
|
314
314
|
jws.to_json(syntax: :flattened).should == {
|
315
|
-
protected:
|
316
|
-
payload:
|
317
|
-
signature:
|
315
|
+
protected: Base64.urlsafe_encode64(jws.header.to_json, padding: false),
|
316
|
+
payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
|
317
|
+
signature: Base64.urlsafe_encode64('', padding: false)
|
318
318
|
}.to_json
|
319
319
|
end
|
320
320
|
end
|
data/spec/json/jwt_spec.rb
CHANGED
@@ -202,7 +202,7 @@ describe JSON::JWT do
|
|
202
202
|
header, payload, signature = jws.to_s.split('.')
|
203
203
|
malformed_header = {alg: :none}.to_json
|
204
204
|
[
|
205
|
-
|
205
|
+
Base64.urlsafe_encode64(malformed_header, padding: false),
|
206
206
|
payload,
|
207
207
|
''
|
208
208
|
].join('.')
|
@@ -226,7 +226,7 @@ describe JSON::JWT do
|
|
226
226
|
header, payload, signature = jws.to_s.split('.')
|
227
227
|
malformed_header = {alg: :none}.to_json
|
228
228
|
[
|
229
|
-
|
229
|
+
Base64.urlsafe_encode64(malformed_header, padding: false),
|
230
230
|
payload,
|
231
231
|
''
|
232
232
|
].join('.')
|
@@ -246,12 +246,12 @@ describe JSON::JWT do
|
|
246
246
|
malformed_signature = OpenSSL::HMAC.digest(
|
247
247
|
OpenSSL::Digest.new('SHA256'),
|
248
248
|
public_key.to_s,
|
249
|
-
[
|
249
|
+
[Base64.urlsafe_encode64(malformed_header, padding: false), payload].join('.')
|
250
250
|
)
|
251
251
|
[
|
252
|
-
|
252
|
+
Base64.urlsafe_encode64(malformed_header, padding: false),
|
253
253
|
payload,
|
254
|
-
|
254
|
+
Base64.urlsafe_encode64(malformed_signature, padding: false)
|
255
255
|
].join('.')
|
256
256
|
end
|
257
257
|
|
@@ -276,14 +276,14 @@ describe JSON::JWT do
|
|
276
276
|
digest = OpenSSL::Digest.new('SHA256')
|
277
277
|
malformed_signature = private_key.sign_pss(
|
278
278
|
digest,
|
279
|
-
[
|
279
|
+
[Base64.urlsafe_encode64(malformed_header, padding: false), payload].join('.'),
|
280
280
|
salt_length: :digest,
|
281
281
|
mgf1_hash: digest
|
282
282
|
)
|
283
283
|
[
|
284
|
-
|
284
|
+
Base64.urlsafe_encode64(malformed_header, padding: false),
|
285
285
|
payload,
|
286
|
-
|
286
|
+
Base64.urlsafe_encode64(malformed_signature, padding: false)
|
287
287
|
].join('.')
|
288
288
|
end
|
289
289
|
|
@@ -310,12 +310,12 @@ describe JSON::JWT do
|
|
310
310
|
malformed_header = {alg: :RS512}.to_json
|
311
311
|
malformed_signature = private_key.sign(
|
312
312
|
OpenSSL::Digest.new('SHA512'),
|
313
|
-
[
|
313
|
+
[Base64.urlsafe_encode64(malformed_header, padding: false), payload].join('.')
|
314
314
|
)
|
315
315
|
[
|
316
|
-
|
316
|
+
Base64.urlsafe_encode64(malformed_header, padding: false),
|
317
317
|
payload,
|
318
|
-
|
318
|
+
Base64.urlsafe_encode64(malformed_signature, padding: false)
|
319
319
|
].join('.')
|
320
320
|
end
|
321
321
|
|
@@ -377,10 +377,10 @@ describe JSON::JWT do
|
|
377
377
|
context 'when general' do
|
378
378
|
let(:serialized) do
|
379
379
|
{
|
380
|
-
payload:
|
380
|
+
payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
|
381
381
|
signatures: [{
|
382
|
-
protected:
|
383
|
-
signature:
|
382
|
+
protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false),
|
383
|
+
signature: Base64.urlsafe_encode64(signed.signature, padding: false)
|
384
384
|
}]
|
385
385
|
}
|
386
386
|
end
|
@@ -390,9 +390,9 @@ describe JSON::JWT do
|
|
390
390
|
context 'when flattened' do
|
391
391
|
let(:serialized) do
|
392
392
|
{
|
393
|
-
protected:
|
394
|
-
payload:
|
395
|
-
signature:
|
393
|
+
protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false),
|
394
|
+
payload: Base64.urlsafe_encode64(claims.to_json, padding: false),
|
395
|
+
signature: Base64.urlsafe_encode64(signed.signature, padding: false)
|
396
396
|
}
|
397
397
|
end
|
398
398
|
it_behaves_like :json_serialization_parser
|
@@ -465,7 +465,7 @@ describe JSON::JWT do
|
|
465
465
|
context 'when too many dots' do
|
466
466
|
it do
|
467
467
|
expect do
|
468
|
-
JSON::JWT.decode 'header.payload.signature.
|
468
|
+
JSON::JWT.decode 'header.payload.signature.too.many.dots'
|
469
469
|
end.to raise_error JSON::JWT::InvalidFormat
|
470
470
|
end
|
471
471
|
end
|
metadata
CHANGED
@@ -1,29 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.9.
|
4
|
+
version: 1.9.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-04-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: url_safe_base64
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - ">="
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '0'
|
20
|
-
type: :runtime
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - ">="
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '0'
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: activesupport
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -202,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
202
188
|
version: '0'
|
203
189
|
requirements: []
|
204
190
|
rubyforge_project:
|
205
|
-
rubygems_version: 2.
|
191
|
+
rubygems_version: 2.7.3
|
206
192
|
signing_key:
|
207
193
|
specification_version: 4
|
208
194
|
summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
|