json-jwt 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jws.rb +20 -2
- data/spec/interop/with_jsrsasign_spec.rb +49 -0
- data/spec/interop/with_nimbus_jose_spec.rb +99 -0
- data/spec/json/jwe_spec.rb +30 -110
- data/spec/json/jwk_spec.rb +19 -19
- data/spec/json/jws_spec.rb +16 -0
- data/spec/spec_helper.rb +5 -1
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7af9360be317e0a5babb50f93e8c65a26c576fb5
|
4
|
+
data.tar.gz: c5d99e3238a5d827874e580e00f760430410e17e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cbd77d9ae8cb41b7a37d13a152ba42e6ca403ed8670cb16be507888c9c1c6836bac9de781335da2dcacea6ee0da823813fa74b3e9af3c3b81593d869a1d8e6c4
|
7
|
+
data.tar.gz: ceda13fa9dd760b5abdb3f96b7f6a19271476e4e624f6dfcd8784ca783091ca8a607c9e8549d2709d05e8bb1fba5d2ed019bfe1cf50cd2adf837e1b7239fa23f
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.1
|
data/lib/json/jws.rb
CHANGED
@@ -59,7 +59,10 @@ module JSON
|
|
59
59
|
when ecdsa?
|
60
60
|
private_key = private_key_or_secret
|
61
61
|
verify_ecdsa_group! private_key
|
62
|
-
|
62
|
+
asn1_to_raw(
|
63
|
+
private_key.dsa_sign_asn1(digest.digest signature_base_string),
|
64
|
+
private_key
|
65
|
+
)
|
63
66
|
else
|
64
67
|
raise UnexpectedAlgorithm.new('Unknown Signature Algorithm')
|
65
68
|
end
|
@@ -75,7 +78,10 @@ module JSON
|
|
75
78
|
when ecdsa?
|
76
79
|
public_key = public_key_or_secret
|
77
80
|
verify_ecdsa_group! public_key
|
78
|
-
public_key.dsa_verify_asn1
|
81
|
+
public_key.dsa_verify_asn1(
|
82
|
+
digest.digest(signature_base_string),
|
83
|
+
raw_to_asn1(signature, public_key)
|
84
|
+
)
|
79
85
|
else
|
80
86
|
raise UnexpectedAlgorithm.new('Unknown Signature Algorithm')
|
81
87
|
end
|
@@ -104,5 +110,17 @@ module JSON
|
|
104
110
|
end
|
105
111
|
self
|
106
112
|
end
|
113
|
+
|
114
|
+
def raw_to_asn1(signature, public_key)
|
115
|
+
byte_size = (public_key.group.degree + 7) / 8
|
116
|
+
r = signature[0..(byte_size - 1)]
|
117
|
+
s = signature[byte_size..-1]
|
118
|
+
OpenSSL::ASN1::Sequence.new([r, s].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
|
119
|
+
end
|
120
|
+
|
121
|
+
def asn1_to_raw(signature, private_key)
|
122
|
+
byte_size = (private_key.group.degree + 7) / 8
|
123
|
+
OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
|
124
|
+
end
|
107
125
|
end
|
108
126
|
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'interop' do
|
4
|
+
describe 'with jsrsasign' do
|
5
|
+
context 'JWS' do
|
6
|
+
let(:public_key) do
|
7
|
+
pem = <<-PEM.strip_heredoc
|
8
|
+
-----BEGIN PUBLIC KEY-----
|
9
|
+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoBUyo8CQAFPeYPvv78ylh5MwFZjT
|
10
|
+
CLQeb042TjiMJxG+9DLFmRSMlBQ9T/RsLLc+PmpB1+7yPAR+oR5gZn3kJQ==
|
11
|
+
-----END PUBLIC KEY-----
|
12
|
+
PEM
|
13
|
+
OpenSSL::PKey::EC.new pem
|
14
|
+
end
|
15
|
+
let(:private_key) do
|
16
|
+
pem = <<-PEM.strip_heredoc
|
17
|
+
-----BEGIN PRIVATE KEY-----
|
18
|
+
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEbVzfPnZPxfAyxqE
|
19
|
+
ZV05laAoJAl+/6Xt2O4mOB611sOhRANCAASgFTKjwJAAU95g++/vzKWHkzAVmNMI
|
20
|
+
tB5vTjZOOIwnEb70MsWZFIyUFD1P9Gwstz4+akHX7vI8BH6hHmBmfeQl
|
21
|
+
-----END PRIVATE KEY-----
|
22
|
+
PEM
|
23
|
+
OpenSSL::PKey::EC.new pem
|
24
|
+
end
|
25
|
+
let(:jws_string) do
|
26
|
+
'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2p3dC1pZHAuZXhhbXBsZS5jb20iLCJzdWIiOiJtYWlsdG86bWlrZUBleGFtcGxlLmNvbSIsIm5iZiI6MTQzNTA2MjUyMywiZXhwIjoxNDM1MDY2MTIzLCJpYXQiOjE0MzUwNjI1MjMsImp0aSI6ImlkMTIzNDU2IiwidHlwIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9yZWdpc3RlciJ9.HFmKrExGIFm5SwzTq_ayG80ELUIKnrR9psedV_6ZsuHl5ZLZ-1nV35o0yjKkN7qPQipQMK90xMvDYpi7e2XU9Q'
|
27
|
+
end
|
28
|
+
let(:payload) do
|
29
|
+
{
|
30
|
+
iss: 'https://jwt-idp.example.com',
|
31
|
+
sub: 'mailto:mike@example.com',
|
32
|
+
nbf: 1435062523,
|
33
|
+
exp: 1435066123,
|
34
|
+
iat: 1435062523,
|
35
|
+
jti: 'id123456',
|
36
|
+
typ: 'https://example.com/register'
|
37
|
+
}
|
38
|
+
end
|
39
|
+
|
40
|
+
describe 'verify' do
|
41
|
+
it 'should succeed' do
|
42
|
+
expect do
|
43
|
+
JSON::JWT.decode(jws_string, public_key)
|
44
|
+
end.not_to raise_error
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,99 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'interop' do
|
4
|
+
describe 'with Nimbus JOSE' do
|
5
|
+
if !NimbusSpecHelper.nimbus_available?
|
6
|
+
context 'JWE' do
|
7
|
+
let(:shared_key) { SecureRandom.hex 16 } # default shared key is too short
|
8
|
+
let(:private_key_path) { der_file_path 'rsa/private_key' }
|
9
|
+
|
10
|
+
describe 'encrypt!' do
|
11
|
+
shared_examples_for :gcm_encryption do
|
12
|
+
context 'when enc=A128GCM' do
|
13
|
+
before { jwe.enc = :A128GCM }
|
14
|
+
|
15
|
+
it 'should decryptable by Nimbus JOSE JWT' do
|
16
|
+
jwe.encrypt! key
|
17
|
+
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
context 'when enc=A256GCM' do
|
22
|
+
before { jwe.enc = :A256GCM }
|
23
|
+
|
24
|
+
it 'should decryptable by Nimbus JOSE JWT' do
|
25
|
+
jwe.encrypt! key
|
26
|
+
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
shared_examples_for :cbc_encryption do
|
32
|
+
context 'when enc=A128CBC-HS256' do
|
33
|
+
before { jwe.enc = :'A128CBC-HS256' }
|
34
|
+
|
35
|
+
it 'should decryptable by Nimbus JOSE JWT' do
|
36
|
+
jwe.encrypt! key
|
37
|
+
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
context 'when enc=A256CBC-HS512' do
|
42
|
+
before { jwe.enc = :'A256CBC-HS512' }
|
43
|
+
|
44
|
+
it 'should decryptable by Nimbus JOSE JWT' do
|
45
|
+
jwe.encrypt! key
|
46
|
+
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
context 'when plaintext given' do
|
52
|
+
let(:plain_text) { 'Hello World' }
|
53
|
+
let(:jwe) { JSON::JWE.new plain_text }
|
54
|
+
|
55
|
+
context 'when alg=RSA1_5' do
|
56
|
+
let(:key) { public_key }
|
57
|
+
before { jwe.alg = :'RSA1_5' }
|
58
|
+
|
59
|
+
it_behaves_like :gcm_encryption if gcm_supported?
|
60
|
+
it_behaves_like :cbc_encryption
|
61
|
+
end
|
62
|
+
|
63
|
+
context 'when alg=RSA-OAEP' do
|
64
|
+
let(:key) { public_key }
|
65
|
+
before { jwe.alg = :'RSA-OAEP' }
|
66
|
+
|
67
|
+
it_behaves_like :gcm_encryption if gcm_supported?
|
68
|
+
it_behaves_like :cbc_encryption
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
context 'when jwt given' do
|
73
|
+
let(:plain_text) { jwt.to_s }
|
74
|
+
let(:jwt) { JSON::JWT.new(foo: :bar) }
|
75
|
+
let(:jwe) { JSON::JWE.new jwt }
|
76
|
+
|
77
|
+
context 'when alg=RSA-OAEP' do
|
78
|
+
let(:key) { public_key }
|
79
|
+
before { jwe.alg = :'RSA1_5' }
|
80
|
+
|
81
|
+
it_behaves_like :gcm_encryption if gcm_supported?
|
82
|
+
it_behaves_like :cbc_encryption
|
83
|
+
end
|
84
|
+
|
85
|
+
context 'when alg=RSA-OAEP' do
|
86
|
+
let(:key) { public_key }
|
87
|
+
before { jwe.alg = :'RSA-OAEP' }
|
88
|
+
|
89
|
+
it_behaves_like :gcm_encryption if gcm_supported?
|
90
|
+
it_behaves_like :cbc_encryption
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
else
|
96
|
+
skip 'Nimbus JOSE unavailable'
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
data/spec/json/jwe_spec.rb
CHANGED
@@ -1,9 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
def gcm_supported?
|
4
|
-
RUBY_VERSION >= '2.0.0' && OpenSSL::OPENSSL_VERSION >= 'OpenSSL 1.0.1c'
|
5
|
-
end
|
6
|
-
|
7
3
|
describe JSON::JWE do
|
8
4
|
let(:shared_key) { SecureRandom.hex 16 } # default shared key is too short
|
9
5
|
let(:private_key_path) { der_file_path 'rsa/private_key' }
|
@@ -16,64 +12,28 @@ describe JSON::JWE do
|
|
16
12
|
end
|
17
13
|
|
18
14
|
describe 'encrypt!' do
|
19
|
-
shared_examples_for :gcm_encryption do
|
20
|
-
context 'when enc=A128GCM' do
|
21
|
-
before { jwe.enc = :A128GCM }
|
22
|
-
|
23
|
-
it 'should decryptable by Nimbus JOSE JWT' do
|
24
|
-
jwe.encrypt! key
|
25
|
-
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
context 'when enc=A256GCM' do
|
30
|
-
before { jwe.enc = :A256GCM }
|
31
|
-
|
32
|
-
it 'should decryptable by Nimbus JOSE JWT' do
|
33
|
-
jwe.encrypt! key
|
34
|
-
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
15
|
shared_examples_for :gcm_encryption_unsupported do
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
before { jwe.enc = :A256GCM }
|
52
|
-
|
53
|
-
it do
|
54
|
-
expect do
|
55
|
-
jwe.encrypt! key
|
56
|
-
end.to raise_error JSON::JWE::UnexpectedAlgorithm
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
shared_examples_for :cbc_encryption do
|
62
|
-
context 'when enc=A128CBC-HS256' do
|
63
|
-
before { jwe.enc = :'A128CBC-HS256' }
|
64
|
-
|
65
|
-
it 'should decryptable by Nimbus JOSE JWT' do
|
66
|
-
jwe.encrypt! key
|
67
|
-
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
16
|
+
if gcm_supported?
|
17
|
+
skip 'GSM supported'
|
18
|
+
else
|
19
|
+
context 'when enc=A128GCM' do
|
20
|
+
before { jwe.enc = :A128GCM }
|
21
|
+
|
22
|
+
it do
|
23
|
+
expect do
|
24
|
+
jwe.encrypt! key
|
25
|
+
end.to raise_error JSON::JWE::UnexpectedAlgorithm
|
26
|
+
end
|
68
27
|
end
|
69
|
-
end
|
70
28
|
|
71
|
-
|
72
|
-
|
29
|
+
context 'when enc=A256GCM' do
|
30
|
+
before { jwe.enc = :A256GCM }
|
73
31
|
|
74
|
-
|
75
|
-
|
76
|
-
|
32
|
+
it do
|
33
|
+
expect do
|
34
|
+
jwe.encrypt! key
|
35
|
+
end.to raise_error JSON::JWE::UnexpectedAlgorithm
|
36
|
+
end
|
77
37
|
end
|
78
38
|
end
|
79
39
|
end
|
@@ -99,35 +59,15 @@ describe JSON::JWE do
|
|
99
59
|
let(:jwe) { JSON::JWE.new plain_text }
|
100
60
|
|
101
61
|
context 'when alg=RSA1_5' do
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
if gcm_supported?
|
107
|
-
it_behaves_like :gcm_encryption
|
108
|
-
else
|
109
|
-
it_behaves_like :gcm_encryption_unsupported
|
110
|
-
end
|
111
|
-
it_behaves_like :cbc_encryption
|
112
|
-
else
|
113
|
-
it :TODO
|
114
|
-
end
|
62
|
+
let(:key) { public_key }
|
63
|
+
before { jwe.alg = :'RSA1_5' }
|
64
|
+
it_behaves_like :gcm_encryption_unsupported
|
115
65
|
end
|
116
66
|
|
117
67
|
context 'when alg=RSA-OAEP' do
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
if gcm_supported?
|
123
|
-
it_behaves_like :gcm_encryption
|
124
|
-
else
|
125
|
-
it_behaves_like :gcm_encryption_unsupported
|
126
|
-
end
|
127
|
-
it_behaves_like :cbc_encryption
|
128
|
-
else
|
129
|
-
it :TODO
|
130
|
-
end
|
68
|
+
let(:key) { public_key }
|
69
|
+
before { jwe.alg = :'RSA-OAEP' }
|
70
|
+
it_behaves_like :gcm_encryption_unsupported
|
131
71
|
end
|
132
72
|
|
133
73
|
context 'when alg=dir' do
|
@@ -165,35 +105,15 @@ describe JSON::JWE do
|
|
165
105
|
let(:jwe) { JSON::JWE.new jwt }
|
166
106
|
|
167
107
|
context 'when alg=RSA-OAEP' do
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
if gcm_supported?
|
173
|
-
it_behaves_like :gcm_encryption
|
174
|
-
else
|
175
|
-
it_behaves_like :gcm_encryption_unsupported
|
176
|
-
end
|
177
|
-
it_behaves_like :cbc_encryption
|
178
|
-
else
|
179
|
-
it :TODO
|
180
|
-
end
|
108
|
+
let(:key) { public_key }
|
109
|
+
before { jwe.alg = :'RSA1_5' }
|
110
|
+
it_behaves_like :gcm_encryption_unsupported
|
181
111
|
end
|
182
112
|
|
183
113
|
context 'when alg=RSA-OAEP' do
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
if gcm_supported?
|
189
|
-
it_behaves_like :gcm_encryption
|
190
|
-
else
|
191
|
-
it_behaves_like :gcm_encryption_unsupported
|
192
|
-
end
|
193
|
-
it_behaves_like :cbc_encryption
|
194
|
-
else
|
195
|
-
it :TODO
|
196
|
-
end
|
114
|
+
let(:key) { public_key }
|
115
|
+
before { jwe.alg = :'RSA-OAEP' }
|
116
|
+
it_behaves_like :gcm_encryption_unsupported
|
197
117
|
end
|
198
118
|
end
|
199
119
|
end
|
data/spec/json/jwk_spec.rb
CHANGED
@@ -82,27 +82,27 @@ describe JSON::JWK do
|
|
82
82
|
let(:n) { 'AK8ppaAGn6N3jDic2DhDN5mI5mWzvhfL1AFZOS9q2EBM8L5sjZbYiaHeNoKillZGmEF9a9g6Z20bDnoHTuHPsx93HYkZqPumFZ8K9lLCbqKAMWw2Qgk10RgrZ-kblJotTBCeer9-tZSWO-OWFzP4gp8MpSuQOQbwTJwDgEkFIQLUK2YgzWbn1PoW8xcfbVyWhZD880ELGRW6GhRgYAl0DN_EQS8kyUa0CusYCzOOg2W3-7qjYeojyP6jiOEr-eyjC7hcUvTVoTfz84BiZv72KS3i5JS8ZNNuRp5Ce51wjoDDUoNxDLWv6Da6qMaGpKz6NTSNbvhE_KFhpp4wf5yRQD8=' }
|
83
83
|
let(:pem) do
|
84
84
|
if RUBY_VERSION >= '1.9.3'
|
85
|
-
<<-PEM
|
86
|
-
-----BEGIN PUBLIC KEY-----
|
87
|
-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
|
88
|
-
mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
|
89
|
-
H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
|
90
|
-
nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
|
91
|
-
38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
|
92
|
-
LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
|
93
|
-
PwIDAQAB
|
94
|
-
-----END PUBLIC KEY-----
|
85
|
+
<<-PEM.strip_heredoc
|
86
|
+
-----BEGIN PUBLIC KEY-----
|
87
|
+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
|
88
|
+
mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
|
89
|
+
H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
|
90
|
+
nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
|
91
|
+
38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
|
92
|
+
LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
|
93
|
+
PwIDAQAB
|
94
|
+
-----END PUBLIC KEY-----
|
95
95
|
PEM
|
96
96
|
else
|
97
|
-
<<-PEM
|
98
|
-
-----BEGIN RSA PUBLIC KEY-----
|
99
|
-
MIIBCgKCAQEArymloAafo3eMOJzYOEM3mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJ
|
100
|
-
od42gqKWVkaYQX1r2DpnbRsOegdO4c+zH3cdiRmo+6YVnwr2UsJuooAxbDZCCTXR
|
101
|
-
GCtn6RuUmi1MEJ56v361lJY745YXM/iCnwylK5A5BvBMnAOASQUhAtQrZiDNZufU
|
102
|
-
+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI
|
103
|
-
/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYpLeLklLxk025GnkJ7nXCOgMNSg3EMta/o
|
104
|
-
NrqoxoakrPo1NI1u+ET8oWGmnjB/nJFAPwIDAQAB
|
105
|
-
-----END RSA PUBLIC KEY-----
|
97
|
+
<<-PEM.strip_heredoc
|
98
|
+
-----BEGIN RSA PUBLIC KEY-----
|
99
|
+
MIIBCgKCAQEArymloAafo3eMOJzYOEM3mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJ
|
100
|
+
od42gqKWVkaYQX1r2DpnbRsOegdO4c+zH3cdiRmo+6YVnwr2UsJuooAxbDZCCTXR
|
101
|
+
GCtn6RuUmi1MEJ56v361lJY745YXM/iCnwylK5A5BvBMnAOASQUhAtQrZiDNZufU
|
102
|
+
+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI
|
103
|
+
/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYpLeLklLxk025GnkJ7nXCOgMNSg3EMta/o
|
104
|
+
NrqoxoakrPo1NI1u+ET8oWGmnjB/nJFAPwIDAQAB
|
105
|
+
-----END RSA PUBLIC KEY-----
|
106
106
|
PEM
|
107
107
|
end
|
108
108
|
end
|
data/spec/json/jws_spec.rb
CHANGED
@@ -69,6 +69,22 @@ describe JSON::JWS do
|
|
69
69
|
it_behaves_like :jwt_with_alg
|
70
70
|
it_behaves_like :generate_expected_signature
|
71
71
|
end
|
72
|
+
|
73
|
+
[:ES256, :ES384, :ES512].each do |algorithm|
|
74
|
+
describe algorithm do
|
75
|
+
let(:private_key_or_secret) { private_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
|
76
|
+
let(:public_key_or_secret) { public_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
|
77
|
+
it 'should be self-verifiable' do
|
78
|
+
expect do
|
79
|
+
JSON::JWT.decode(
|
80
|
+
JSON::JWT.new(claims).sign(
|
81
|
+
private_key_or_secret, algorithm
|
82
|
+
).to_s, public_key_or_secret
|
83
|
+
)
|
84
|
+
end.not_to raise_error
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
72
88
|
end
|
73
89
|
|
74
90
|
describe 'unknown algorithm' do
|
data/spec/spec_helper.rb
CHANGED
@@ -14,5 +14,9 @@ RSpec.configure do |config|
|
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
17
|
+
def gcm_supported?
|
18
|
+
RUBY_VERSION >= '2.0.0' && OpenSSL::OPENSSL_VERSION >= 'OpenSSL 1.0.1c'
|
19
|
+
end
|
20
|
+
|
17
21
|
require 'helpers/sign_key_fixture_helper'
|
18
|
-
require 'helpers/nimbus_spec_helper'
|
22
|
+
require 'helpers/nimbus_spec_helper'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-06-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: multi_json
|
@@ -171,6 +171,8 @@ files:
|
|
171
171
|
- spec/fixtures/rsa/public_key.pem
|
172
172
|
- spec/helpers/nimbus_spec_helper.rb
|
173
173
|
- spec/helpers/sign_key_fixture_helper.rb
|
174
|
+
- spec/interop/with_jsrsasign_spec.rb
|
175
|
+
- spec/interop/with_nimbus_jose_spec.rb
|
174
176
|
- spec/json/jwe_spec.rb
|
175
177
|
- spec/json/jwk/set_spec.rb
|
176
178
|
- spec/json/jwk_spec.rb
|
@@ -214,6 +216,8 @@ test_files:
|
|
214
216
|
- spec/fixtures/rsa/public_key.pem
|
215
217
|
- spec/helpers/nimbus_spec_helper.rb
|
216
218
|
- spec/helpers/sign_key_fixture_helper.rb
|
219
|
+
- spec/interop/with_jsrsasign_spec.rb
|
220
|
+
- spec/interop/with_nimbus_jose_spec.rb
|
217
221
|
- spec/json/jwe_spec.rb
|
218
222
|
- spec/json/jwk/set_spec.rb
|
219
223
|
- spec/json/jwk_spec.rb
|