json-jwt 1.9.4 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: f808ae988b45e4c8e03f0afcee499e0d4c89295e
-  data.tar.gz: f0f2cd732d906a495cc247afc0fd7eaa18725be2
+SHA256:
+  metadata.gz: 0f805fa120c4c633a6be48aab961f504aa3e7d5f68aee05f13585e3751201c67
+  data.tar.gz: bb26869e462704b7ca5ae9109cd07749b76fc6ee53fc99a6db70238dbfa51c77
 SHA512:
-  metadata.gz: 5c6e99521dd9ec520097930ab4a0094f43b3e263f56c701eebc7f1278f75a51b2abf12dee99729efcf51db8d7dd40645e9546e6ad1e2ea8600e8284d00cedbfd
-  data.tar.gz: 5b87068577c488f213de6a2fe2346d757ee01d1c92aca73e2a87dbd3af07f28b321d511afb4968cd228afb47a41822c3b0040320ef47760629699701a8d8c0cc
+  metadata.gz: f2673b42a974d7b9d003f48cf17ef15580d948ef5f06ea8d4c7f46e56249d3849e342720974fcca3a979014cfc898753a541ce851099459f559568f3523f5100
+  data.tar.gz: 749aa5e6eadb127674086f77e05e691a162dddfa4cb2d3b4132a1c96649f7a8001b506169dc45112fca117afa67ca16549b090b2ad70fd7275cae2583db735ee

data/.travis.yml

@@ -3,9 +3,9 @@ before_install:
   - git submodule update --init --recursive
 
 rvm:
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0
+  - 2.3.7
+  - 2.4.4
+  - 2.5.1
 
 jdk:
   - oraclejdk8

data/VERSION

@@ -1 +1 @@
-1.9.4
+1.10.0

data/json-jwt.gemspec

@@ -11,7 +11,8 @@ Gem::Specification.new do |gem|
   gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   gem.require_paths = ['lib']
-  gem.add_runtime_dependency 'activesupport'
+  gem.required_ruby_version = '>= 2.3'
+  gem.add_runtime_dependency 'activesupport', '>= 4.2'
   gem.add_runtime_dependency 'bindata'
   gem.add_runtime_dependency 'aes_key_wrap'
   gem.add_development_dependency 'rake'

data/lib/json/jose.rb

@@ -56,11 +56,11 @@ module JSON
         end
       end
 
-      def decode(input, key_or_secret = nil, algorithms = nil, encryption_methods = nil)
+      def decode(input, key_or_secret = nil, algorithms = nil, encryption_methods = nil, allow_blank_payload = false)
         if input.is_a? Hash
-          decode_json_serialized input, key_or_secret, algorithms, encryption_methods
+          decode_json_serialized input, key_or_secret, algorithms, encryption_methods, allow_blank_payload
         else
-          decode_compact_serialized input, key_or_secret, algorithms, encryption_methods
+          decode_compact_serialized input, key_or_secret, algorithms, encryption_methods, allow_blank_payload
         end
       rescue JSON::ParserError, ArgumentError
         raise JWT::InvalidFormat.new("Invalid JSON Format")

data/lib/json/jwe.rb

@@ -248,7 +248,7 @@ module JSON
     end
 
     class << self
-      def decode_compact_serialized(input, private_key_or_secret, algorithms = nil, encryption_methods = nil)
+      def decode_compact_serialized(input, private_key_or_secret, algorithms = nil, encryption_methods = nil, _allow_blank_payload = false)
         unless input.count('.') + 1 == NUM_OF_SEGMENTS
           raise InvalidFormat.new("Invalid JWE Format. JWE should include #{NUM_OF_SEGMENTS} segments.")
         end
@@ -268,7 +268,7 @@ module JSON
         jwe
       end
 
-      def decode_json_serialized(input, private_key_or_secret, algorithms = nil, encryption_methods = nil)
+      def decode_json_serialized(input, private_key_or_secret, algorithms = nil, encryption_methods = nil, _allow_blank_payload = false)
         input = input.with_indifferent_access
         jwe_encrypted_key = if input[:recipients].present?
           input[:recipients].first[:encrypted_key]

data/lib/json/jws.rb

@@ -35,6 +35,7 @@ module JSON
       if hash_or_jwt.is_a? JSON::JWT
         self.header.update hash_or_jwt.header
         self.signature = hash_or_jwt.signature
+        self.blank_payload = hash_or_jwt.blank_payload
       end
       self
     end
@@ -118,6 +119,7 @@ module JSON
         verify_ecdsa_group! private_key
         asn1_to_raw(
           private_key.dsa_sign_asn1(digest.digest signature_base_string),
+          # private_key.sign(digest, signature_base_string), # NOTE: this causes `undefined method `private?'` error in ruby 2.3
           private_key
         )
       else
@@ -139,10 +141,7 @@ module JSON
       when ecdsa?
         public_key = public_key_or_secret
         verify_ecdsa_group! public_key
-        public_key.dsa_verify_asn1(
-          digest.digest(signature_base_string),
-          raw_to_asn1(signature, public_key)
-        )
+        public_key.verify digest, raw_to_asn1(signature, public_key), signature_base_string
       else
         raise UnexpectedAlgorithm.new('Unknown Signature Algorithm')
       end
@@ -176,15 +175,18 @@ module JSON
     end
 
     class << self
-      def decode_compact_serialized(input, public_key_or_secret, algorithms = nil)
+      def decode_compact_serialized(input, public_key_or_secret, algorithms = nil, allow_blank_payload = false)
         unless input.count('.') + 1 == NUM_OF_SEGMENTS
           raise InvalidFormat.new("Invalid JWS Format. JWS should include #{NUM_OF_SEGMENTS} segments.")
         end
         header, claims, signature = input.split('.', JWS::NUM_OF_SEGMENTS).collect do |segment|
           Base64.urlsafe_decode64 segment.to_s
         end
-        header, claims = [header, claims].collect do |json|
-          JSON.parse(json).with_indifferent_access
+        header = JSON.parse(header).with_indifferent_access
+        if allow_blank_payload && claims == ''
+          claims = nil
+        else
+          claims = JSON.parse(claims).with_indifferent_access
         end
         jws = new claims
         jws.header = header
@@ -194,7 +196,7 @@ module JSON
         jws
       end
 
-      def decode_json_serialized(input, public_key_or_secret, algorithms = nil)
+      def decode_json_serialized(input, public_key_or_secret, algorithms = nil, allow_blank_payload = false)
         input = input.with_indifferent_access
         header, payload, signature = if input[:signatures].present?
           [
@@ -210,7 +212,7 @@ module JSON
           end
         end
         compact_serialized = [header, payload, signature].join('.')
-        decode_compact_serialized compact_serialized, public_key_or_secret, algorithms
+        decode_compact_serialized compact_serialized, public_key_or_secret, algorithms, allow_blank_payload
       end
     end
   end

data/lib/json/jwt.rb

@@ -6,6 +6,7 @@ require 'json/jose'
 
 module JSON
   class JWT < ActiveSupport::HashWithIndifferentAccess
+    attr_accessor :blank_payload
     attr_accessor :signature
 
     class Exception < StandardError; end
@@ -19,8 +20,10 @@ module JSON
       @content_type = 'application/jwt'
       self.typ = :JWT
       self.alg = :none
-      [:exp, :nbf, :iat].each do |key|
-        claims[key] = claims[key].to_i if claims[key]
+      unless claims.nil?
+        [:exp, :nbf, :iat].each do |key|
+          claims[key] = claims[key].to_i if claims[key]
+        end
       end
       update claims
     end
@@ -71,6 +74,22 @@ module JSON
       end
     end
 
+    def to_json *args
+      if @blank_payload && args.empty?
+        ''
+      else
+        super
+      end
+    end
+
+    def update claims
+      if claims.nil?
+        @blank_payload = true
+      else
+        super
+      end
+    end
+
     def pretty_generate
       [
         JSON.pretty_generate(header),
@@ -79,10 +98,10 @@ module JSON
     end
 
     class << self
-      def decode_compact_serialized(jwt_string, key_or_secret, algorithms = nil, encryption_methods = nil)
+      def decode_compact_serialized(jwt_string, key_or_secret, algorithms = nil, encryption_methods = nil, allow_blank_payload = false)
         case jwt_string.count('.') + 1
         when JWS::NUM_OF_SEGMENTS
-          JWS.decode_compact_serialized jwt_string, key_or_secret, algorithms
+          JWS.decode_compact_serialized jwt_string, key_or_secret, algorithms, allow_blank_payload
         when JWE::NUM_OF_SEGMENTS
           JWE.decode_compact_serialized jwt_string, key_or_secret, algorithms, encryption_methods
         else
@@ -90,10 +109,10 @@ module JSON
         end
       end
 
-      def decode_json_serialized(input, key_or_secret, algorithms = nil, encryption_methods = nil)
+      def decode_json_serialized(input, key_or_secret, algorithms = nil, encryption_methods = nil, allow_blank_payload = false)
         input = input.with_indifferent_access
         if (input[:signatures] || input[:signature]).present?
-          JWS.decode_json_serialized input, key_or_secret, algorithms
+          JWS.decode_json_serialized input, key_or_secret, algorithms, allow_blank_payload
         elsif input[:ciphertext].present?
           JWE.decode_json_serialized input, key_or_secret, algorithms, encryption_methods
         else

data/spec/json/jws_spec.rb

@@ -7,9 +7,17 @@ describe JSON::JWS do
     _jwt_.alg = alg
     _jwt_
   end
+  let(:jwt_blank) do
+    _jwt_ = JSON::JWT.new nil
+    _jwt_.alg = alg
+    _jwt_
+  end
   let(:jws) { JSON::JWS.new jwt }
+  let(:jws_blank) { JSON::JWS.new jwt_blank }
   let(:signed) { jws.sign! private_key_or_secret }
+  let(:signed_blank) { jws_blank.sign! private_key_or_secret }
   let(:decoded) { JSON::JWT.decode signed.to_s, public_key_or_secret }
+  let(:decoded_blank) { JSON::JWT.decode signed_blank.to_s, public_key_or_secret, nil, nil, true }
   let(:claims) do
     {
       iss: 'joe',
@@ -27,6 +35,16 @@ describe JSON::JWS do
       :RS512 => 'EHeGM2Mo3ghhUfSB99AlREehrbC6OPE-nYL_rwf88ysTnJ8L1QQ0UuCrXq4SpRutGLK_bYTK3ZALvFRPoOgK_g0QWmqv6qjQRU_QTxoq8y8APP-IgKKDuIiGH6daBV2rAPLDReqYNKsKjmTvZJo2c0a0e_WZkkj_ZwpgjTG3v0gW9lbDAzLJDz18eqtR4ZO7JTu_fyNrUrNk-w2_wpxSsn9sygIMp0lKE0_pt0b01fz3gjTDjlltU0cKSalUp4geaBDH7QRcexrolIctdQFbNKTXQxoigxD3NLNkKGH7f6A8KZdcOm8AnEjullcZs8_OWGnW43p1qrxoBRSivb9pqQ'
     }
   end
+  let(:expected_signature_blank_payload) do
+    {
+      :HS256 => 'iRFMM3GknVfzRTxlVQT87jfIw32Ik3lUYNGePPk5wnM',
+      :HS384 => 'rxyzr3I2RWRBgQaewQt3yjdp3BqkrFh-iHcet318OYHWhXvyzAE0npf0l0xi5DOV',
+      :HS512 => 'VDHOrPYrwycjaKbwccObXi6dmw4fVFqiFsNFQjqYHQAkxJGxqhfVLc1_WfKMa6C7vGSGroabaVdK7nn08XPdSQ',
+      :RS256 => 'WthQjouPVbErM7McwSY4slJjHaWqmFg1qKdmTDvttkiyAEcTjVViJkNHH9Mp573h13cXtLob1xh3UJYh5_-hSA4Y24zdyck3jp3fsOusflp1cMmhWXZ2nETKeWCEJDKRAnWynHqkwes7tgWmS0gVeuljeNkuovJlHmNRcoMR9Z3ZuiHfc2WFh-iFbM5Zne1y-_SSgAZwOD20P0Ysn28DtJTlXcm74ENqhLEJnvHS-872d6surb23kHMns43GtT5bm-aJoMLct0nO1GBapQAiKUknTsw24IfOkX4vJNQzIWVSzx3zOxXjcVHlH92af6NknIlPCfRparLC9YEK2NkJYg',
+      :RS384 => 'Jy6XNLNAyujRHYoCOtFqu7z0imHZMiwkwBr73ok_DDSDxQSA9ryt_q_tX0u8knpAIRcTJuNA0-s5DkGbpIj9coKgZ5JBvE_n9ijvNubImf8_vCDDitJemzUtnJypb9GbP4A3nWDAZC0KONVqlxpy92-9xrG5sFEzaYCFYZYnXv8kmmQEIVI1GXw4_Fx8HxRu5cae9WWTgaKQOFG54S303C0H966C1o6d9o3HQH7x8GEl632qBw4LzONWr_QpCN-UFgmJHO7yBwaP-RWnLDW3hYlb4IybRIvMQQicjkjNaNwLTmwo31orVxO53GcSjyhU2y_R843nQcNjTT_lD1QRvg',
+      :RS512 => 'ws2HZ6wvh8GMrFKiIHXDogyx8HFpa4wvrLxfZaMfCoMPf0SZ4V3tiEZRWfrxyvwpsdBj2Mgm5lt3IYAHhlI2hqWvuikDq6tuViloaAIm2xwTU060bF0GL1tQJ-h20wUukJ6fsWet8M9DNg7hcElYQMawHhk4L91YUtY2hKT_uWgPih_pn0Hq5Ve0at4CwAyXXTwCYSEH23PMsUdDfE5tfCyvL2bNQ71Ld_MvQS1NLS7hydzEtfxLK-UkDQVclFmEM3JXrPG7YSRodtKlwJ-ESDx6CaJXXDAgitSF32dslcIkmOXRJqjNmF15i_aVg0ExiU92WTpCrdwzWTt4Aphqlw',
+    }
+  end
 
   shared_examples_for :jwt_with_alg do
     it { should == jwt }
@@ -45,11 +63,37 @@ describe JSON::JWS do
     end
   end
 
+  describe 'decode' do
+    let(:alg) { :RS256 }
+    let(:private_key_or_secret) { private_key }
+    let(:public_key_or_secret) { public_key }
+
+    describe 'blank payload not allowed' do
+      it 'should raise format error' do
+        expect do
+          JSON::JWT.decode signed_blank.to_s, public_key_or_secret
+        end.to raise_error JSON::JWT::InvalidFormat
+      end
+    end
+    describe 'blank payload allowed' do
+      it 'should not raise an error' do
+        expect do
+          JSON::JWT.decode signed_blank.to_s, public_key_or_secret, nil, nil, true
+        end.to_not raise_error
+      end
+    end
+  end
+
   describe '#sign!' do
     shared_examples_for :generate_expected_signature do
       it do
         Base64.urlsafe_encode64(signed.signature, padding: false).should == expected_signature[alg]
       end
+      context 'with blank payload' do
+        it do
+          Base64.urlsafe_encode64(signed_blank.signature, padding: false).should == expected_signature_blank_payload[alg]
+        end
+      end
     end
     subject { signed }
 
@@ -176,6 +220,32 @@ describe JSON::JWS do
           decoded[:'http://example.com/is_root'] == true
         end
       end
+
+      context 'with blank payload' do
+        it do
+          expect { decoded_blank }.not_to raise_error
+          decoded_blank.should be_a JSON::JWT
+        end
+
+        describe 'header' do
+          let(:header) { decoded_blank.header }
+          it 'should be parsed successfully' do
+            header[:typ].should == 'JWT'
+            header[:alg].should == alg.to_s
+          end
+        end
+
+        describe 'claims' do
+          it 'should be parsed successfully' do
+            p decoded_blank.blank_payload
+            decoded_blank.blank_payload.should == true
+            decoded_blank[:iss].should == nil
+            decoded_blank[:exp].should == nil
+            decoded[:'http://example.com/is_root'] == nil
+          end
+        end
+      end
+
     end
     subject { decoded }
 
@@ -274,6 +344,12 @@ describe JSON::JWS do
         jws.to_json.should == claims.to_json
       end
     end
+    context 'with blank payload' do
+      it 'should JSONize payload' do
+        puts ("jws_blank: #{jws_blank.to_json.inspect}")
+        jws_blank.to_json.should == ''
+      end
+    end
 
     context 'when syntax option given' do
       context 'when general' do
@@ -286,6 +362,17 @@ describe JSON::JWS do
             }]
           }.to_json
         end
+        context 'with blank payload' do
+          it 'should return General JWS JSON Serialization' do
+            signed_blank.to_json(syntax: :general).should == {
+              payload: '',
+              signatures: [{
+                protected: Base64.urlsafe_encode64(signed_blank.header.to_json, padding: false),
+                signature: Base64.urlsafe_encode64(signed_blank.signature, padding: false)
+              }]
+            }.to_json
+          end
+        end
 
         context 'when not signed yet' do
           it 'should not fail' do
@@ -297,6 +384,17 @@ describe JSON::JWS do
               }]
             }.to_json
           end
+          context 'with blank payload' do
+            it 'should not fail' do
+              jws_blank.to_json(syntax: :general).should == {
+                payload: '',
+                signatures: [{
+                  protected: Base64.urlsafe_encode64(jws_blank.header.to_json, padding: false),
+                  signature: Base64.urlsafe_encode64('', padding: false)
+                }]
+              }.to_json
+            end
+          end
         end
       end
 
@@ -308,6 +406,15 @@ describe JSON::JWS do
             signature: Base64.urlsafe_encode64(signed.signature, padding: false)
           }.to_json
         end
+        context 'with blank payload' do
+          it 'should return Flattened JWS JSON Serialization' do
+            signed_blank.to_json(syntax: :flattened).should == {
+              protected: Base64.urlsafe_encode64(signed_blank.header.to_json, padding: false),
+              payload: '',
+              signature: Base64.urlsafe_encode64(signed_blank.signature, padding: false)
+            }.to_json
+          end
+        end
 
         context 'when not signed yet' do
           it 'should not fail' do
@@ -317,6 +424,15 @@ describe JSON::JWS do
               signature: Base64.urlsafe_encode64('', padding: false)
             }.to_json
           end
+          context 'with blank payload' do
+            it 'should not fail' do
+              jws_blank.to_json(syntax: :flattened).should == {
+                protected: Base64.urlsafe_encode64(jws_blank.header.to_json, padding: false),
+                payload: '',
+                signature: Base64.urlsafe_encode64('', padding: false)
+              }.to_json
+            end
+          end
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.9.4
+  version: 1.10.0
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-01 00:00:00.000000000 Z
+date: 2018-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '4.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '4.2'
 - !ruby/object:Gem::Dependency
   name: bindata
   requirement: !ruby/object:Gem::Requirement
@@ -166,7 +166,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -174,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and