json-jwt 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jws.rb +20 -2
- data/spec/interop/with_jsrsasign_spec.rb +49 -0
- data/spec/interop/with_nimbus_jose_spec.rb +99 -0
- data/spec/json/jwe_spec.rb +30 -110
- data/spec/json/jwk_spec.rb +19 -19
- data/spec/json/jws_spec.rb +16 -0
- data/spec/spec_helper.rb +5 -1
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7af9360be317e0a5babb50f93e8c65a26c576fb5
|
4
|
+
data.tar.gz: c5d99e3238a5d827874e580e00f760430410e17e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cbd77d9ae8cb41b7a37d13a152ba42e6ca403ed8670cb16be507888c9c1c6836bac9de781335da2dcacea6ee0da823813fa74b3e9af3c3b81593d869a1d8e6c4
|
7
|
+
data.tar.gz: ceda13fa9dd760b5abdb3f96b7f6a19271476e4e624f6dfcd8784ca783091ca8a607c9e8549d2709d05e8bb1fba5d2ed019bfe1cf50cd2adf837e1b7239fa23f
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.1
|
data/lib/json/jws.rb
CHANGED
@@ -59,7 +59,10 @@ module JSON
|
|
59
59
|
when ecdsa?
|
60
60
|
private_key = private_key_or_secret
|
61
61
|
verify_ecdsa_group! private_key
|
62
|
-
|
62
|
+
asn1_to_raw(
|
63
|
+
private_key.dsa_sign_asn1(digest.digest signature_base_string),
|
64
|
+
private_key
|
65
|
+
)
|
63
66
|
else
|
64
67
|
raise UnexpectedAlgorithm.new('Unknown Signature Algorithm')
|
65
68
|
end
|
@@ -75,7 +78,10 @@ module JSON
|
|
75
78
|
when ecdsa?
|
76
79
|
public_key = public_key_or_secret
|
77
80
|
verify_ecdsa_group! public_key
|
78
|
-
public_key.dsa_verify_asn1
|
81
|
+
public_key.dsa_verify_asn1(
|
82
|
+
digest.digest(signature_base_string),
|
83
|
+
raw_to_asn1(signature, public_key)
|
84
|
+
)
|
79
85
|
else
|
80
86
|
raise UnexpectedAlgorithm.new('Unknown Signature Algorithm')
|
81
87
|
end
|
@@ -104,5 +110,17 @@ module JSON
|
|
104
110
|
end
|
105
111
|
self
|
106
112
|
end
|
113
|
+
|
114
|
+
def raw_to_asn1(signature, public_key)
|
115
|
+
byte_size = (public_key.group.degree + 7) / 8
|
116
|
+
r = signature[0..(byte_size - 1)]
|
117
|
+
s = signature[byte_size..-1]
|
118
|
+
OpenSSL::ASN1::Sequence.new([r, s].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
|
119
|
+
end
|
120
|
+
|
121
|
+
def asn1_to_raw(signature, private_key)
|
122
|
+
byte_size = (private_key.group.degree + 7) / 8
|
123
|
+
OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
|
124
|
+
end
|
107
125
|
end
|
108
126
|
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'interop' do
|
4
|
+
describe 'with jsrsasign' do
|
5
|
+
context 'JWS' do
|
6
|
+
let(:public_key) do
|
7
|
+
pem = <<-PEM.strip_heredoc
|
8
|
+
-----BEGIN PUBLIC KEY-----
|
9
|
+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoBUyo8CQAFPeYPvv78ylh5MwFZjT
|
10
|
+
CLQeb042TjiMJxG+9DLFmRSMlBQ9T/RsLLc+PmpB1+7yPAR+oR5gZn3kJQ==
|
11
|
+
-----END PUBLIC KEY-----
|
12
|
+
PEM
|
13
|
+
OpenSSL::PKey::EC.new pem
|
14
|
+
end
|
15
|
+
let(:private_key) do
|
16
|
+
pem = <<-PEM.strip_heredoc
|
17
|
+
-----BEGIN PRIVATE KEY-----
|
18
|
+
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEbVzfPnZPxfAyxqE
|
19
|
+
ZV05laAoJAl+/6Xt2O4mOB611sOhRANCAASgFTKjwJAAU95g++/vzKWHkzAVmNMI
|
20
|
+
tB5vTjZOOIwnEb70MsWZFIyUFD1P9Gwstz4+akHX7vI8BH6hHmBmfeQl
|
21
|
+
-----END PRIVATE KEY-----
|
22
|
+
PEM
|
23
|
+
OpenSSL::PKey::EC.new pem
|
24
|
+
end
|
25
|
+
let(:jws_string) do
|
26
|
+
'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2p3dC1pZHAuZXhhbXBsZS5jb20iLCJzdWIiOiJtYWlsdG86bWlrZUBleGFtcGxlLmNvbSIsIm5iZiI6MTQzNTA2MjUyMywiZXhwIjoxNDM1MDY2MTIzLCJpYXQiOjE0MzUwNjI1MjMsImp0aSI6ImlkMTIzNDU2IiwidHlwIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9yZWdpc3RlciJ9.HFmKrExGIFm5SwzTq_ayG80ELUIKnrR9psedV_6ZsuHl5ZLZ-1nV35o0yjKkN7qPQipQMK90xMvDYpi7e2XU9Q'
|
27
|
+
end
|
28
|
+
let(:payload) do
|
29
|
+
{
|
30
|
+
iss: 'https://jwt-idp.example.com',
|
31
|
+
sub: 'mailto:mike@example.com',
|
32
|
+
nbf: 1435062523,
|
33
|
+
exp: 1435066123,
|
34
|
+
iat: 1435062523,
|
35
|
+
jti: 'id123456',
|
36
|
+
typ: 'https://example.com/register'
|
37
|
+
}
|
38
|
+
end
|
39
|
+
|
40
|
+
describe 'verify' do
|
41
|
+
it 'should succeed' do
|
42
|
+
expect do
|
43
|
+
JSON::JWT.decode(jws_string, public_key)
|
44
|
+
end.not_to raise_error
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,99 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'interop' do
|
4
|
+
describe 'with Nimbus JOSE' do
|
5
|
+
if !NimbusSpecHelper.nimbus_available?
|
6
|
+
context 'JWE' do
|
7
|
+
let(:shared_key) { SecureRandom.hex 16 } # default shared key is too short
|
8
|
+
let(:private_key_path) { der_file_path 'rsa/private_key' }
|
9
|
+
|
10
|
+
describe 'encrypt!' do
|
11
|
+
shared_examples_for :gcm_encryption do
|
12
|
+
context 'when enc=A128GCM' do
|
13
|
+
before { jwe.enc = :A128GCM }
|
14
|
+
|
15
|
+
it 'should decryptable by Nimbus JOSE JWT' do
|
16
|
+
jwe.encrypt! key
|
17
|
+
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
context 'when enc=A256GCM' do
|
22
|
+
before { jwe.enc = :A256GCM }
|
23
|
+
|
24
|
+
it 'should decryptable by Nimbus JOSE JWT' do
|
25
|
+
jwe.encrypt! key
|
26
|
+
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
shared_examples_for :cbc_encryption do
|
32
|
+
context 'when enc=A128CBC-HS256' do
|
33
|
+
before { jwe.enc = :'A128CBC-HS256' }
|
34
|
+
|
35
|
+
it 'should decryptable by Nimbus JOSE JWT' do
|
36
|
+
jwe.encrypt! key
|
37
|
+
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
context 'when enc=A256CBC-HS512' do
|
42
|
+
before { jwe.enc = :'A256CBC-HS512' }
|
43
|
+
|
44
|
+
it 'should decryptable by Nimbus JOSE JWT' do
|
45
|
+
jwe.encrypt! key
|
46
|
+
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
context 'when plaintext given' do
|
52
|
+
let(:plain_text) { 'Hello World' }
|
53
|
+
let(:jwe) { JSON::JWE.new plain_text }
|
54
|
+
|
55
|
+
context 'when alg=RSA1_5' do
|
56
|
+
let(:key) { public_key }
|
57
|
+
before { jwe.alg = :'RSA1_5' }
|
58
|
+
|
59
|
+
it_behaves_like :gcm_encryption if gcm_supported?
|
60
|
+
it_behaves_like :cbc_encryption
|
61
|
+
end
|
62
|
+
|
63
|
+
context 'when alg=RSA-OAEP' do
|
64
|
+
let(:key) { public_key }
|
65
|
+
before { jwe.alg = :'RSA-OAEP' }
|
66
|
+
|
67
|
+
it_behaves_like :gcm_encryption if gcm_supported?
|
68
|
+
it_behaves_like :cbc_encryption
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
context 'when jwt given' do
|
73
|
+
let(:plain_text) { jwt.to_s }
|
74
|
+
let(:jwt) { JSON::JWT.new(foo: :bar) }
|
75
|
+
let(:jwe) { JSON::JWE.new jwt }
|
76
|
+
|
77
|
+
context 'when alg=RSA-OAEP' do
|
78
|
+
let(:key) { public_key }
|
79
|
+
before { jwe.alg = :'RSA1_5' }
|
80
|
+
|
81
|
+
it_behaves_like :gcm_encryption if gcm_supported?
|
82
|
+
it_behaves_like :cbc_encryption
|
83
|
+
end
|
84
|
+
|
85
|
+
context 'when alg=RSA-OAEP' do
|
86
|
+
let(:key) { public_key }
|
87
|
+
before { jwe.alg = :'RSA-OAEP' }
|
88
|
+
|
89
|
+
it_behaves_like :gcm_encryption if gcm_supported?
|
90
|
+
it_behaves_like :cbc_encryption
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
else
|
96
|
+
skip 'Nimbus JOSE unavailable'
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
data/spec/json/jwe_spec.rb
CHANGED
@@ -1,9 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
def gcm_supported?
|
4
|
-
RUBY_VERSION >= '2.0.0' && OpenSSL::OPENSSL_VERSION >= 'OpenSSL 1.0.1c'
|
5
|
-
end
|
6
|
-
|
7
3
|
describe JSON::JWE do
|
8
4
|
let(:shared_key) { SecureRandom.hex 16 } # default shared key is too short
|
9
5
|
let(:private_key_path) { der_file_path 'rsa/private_key' }
|
@@ -16,64 +12,28 @@ describe JSON::JWE do
|
|
16
12
|
end
|
17
13
|
|
18
14
|
describe 'encrypt!' do
|
19
|
-
shared_examples_for :gcm_encryption do
|
20
|
-
context 'when enc=A128GCM' do
|
21
|
-
before { jwe.enc = :A128GCM }
|
22
|
-
|
23
|
-
it 'should decryptable by Nimbus JOSE JWT' do
|
24
|
-
jwe.encrypt! key
|
25
|
-
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
context 'when enc=A256GCM' do
|
30
|
-
before { jwe.enc = :A256GCM }
|
31
|
-
|
32
|
-
it 'should decryptable by Nimbus JOSE JWT' do
|
33
|
-
jwe.encrypt! key
|
34
|
-
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
15
|
shared_examples_for :gcm_encryption_unsupported do
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
before { jwe.enc = :A256GCM }
|
52
|
-
|
53
|
-
it do
|
54
|
-
expect do
|
55
|
-
jwe.encrypt! key
|
56
|
-
end.to raise_error JSON::JWE::UnexpectedAlgorithm
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
shared_examples_for :cbc_encryption do
|
62
|
-
context 'when enc=A128CBC-HS256' do
|
63
|
-
before { jwe.enc = :'A128CBC-HS256' }
|
64
|
-
|
65
|
-
it 'should decryptable by Nimbus JOSE JWT' do
|
66
|
-
jwe.encrypt! key
|
67
|
-
NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
|
16
|
+
if gcm_supported?
|
17
|
+
skip 'GSM supported'
|
18
|
+
else
|
19
|
+
context 'when enc=A128GCM' do
|
20
|
+
before { jwe.enc = :A128GCM }
|
21
|
+
|
22
|
+
it do
|
23
|
+
expect do
|
24
|
+
jwe.encrypt! key
|
25
|
+
end.to raise_error JSON::JWE::UnexpectedAlgorithm
|
26
|
+
end
|
68
27
|
end
|
69
|
-
end
|
70
28
|
|
71
|
-
|
72
|
-
|
29
|
+
context 'when enc=A256GCM' do
|
30
|
+
before { jwe.enc = :A256GCM }
|
73
31
|
|
74
|
-
|
75
|
-
|
76
|
-
|
32
|
+
it do
|
33
|
+
expect do
|
34
|
+
jwe.encrypt! key
|
35
|
+
end.to raise_error JSON::JWE::UnexpectedAlgorithm
|
36
|
+
end
|
77
37
|
end
|
78
38
|
end
|
79
39
|
end
|
@@ -99,35 +59,15 @@ describe JSON::JWE do
|
|
99
59
|
let(:jwe) { JSON::JWE.new plain_text }
|
100
60
|
|
101
61
|
context 'when alg=RSA1_5' do
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
if gcm_supported?
|
107
|
-
it_behaves_like :gcm_encryption
|
108
|
-
else
|
109
|
-
it_behaves_like :gcm_encryption_unsupported
|
110
|
-
end
|
111
|
-
it_behaves_like :cbc_encryption
|
112
|
-
else
|
113
|
-
it :TODO
|
114
|
-
end
|
62
|
+
let(:key) { public_key }
|
63
|
+
before { jwe.alg = :'RSA1_5' }
|
64
|
+
it_behaves_like :gcm_encryption_unsupported
|
115
65
|
end
|
116
66
|
|
117
67
|
context 'when alg=RSA-OAEP' do
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
if gcm_supported?
|
123
|
-
it_behaves_like :gcm_encryption
|
124
|
-
else
|
125
|
-
it_behaves_like :gcm_encryption_unsupported
|
126
|
-
end
|
127
|
-
it_behaves_like :cbc_encryption
|
128
|
-
else
|
129
|
-
it :TODO
|
130
|
-
end
|
68
|
+
let(:key) { public_key }
|
69
|
+
before { jwe.alg = :'RSA-OAEP' }
|
70
|
+
it_behaves_like :gcm_encryption_unsupported
|
131
71
|
end
|
132
72
|
|
133
73
|
context 'when alg=dir' do
|
@@ -165,35 +105,15 @@ describe JSON::JWE do
|
|
165
105
|
let(:jwe) { JSON::JWE.new jwt }
|
166
106
|
|
167
107
|
context 'when alg=RSA-OAEP' do
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
if gcm_supported?
|
173
|
-
it_behaves_like :gcm_encryption
|
174
|
-
else
|
175
|
-
it_behaves_like :gcm_encryption_unsupported
|
176
|
-
end
|
177
|
-
it_behaves_like :cbc_encryption
|
178
|
-
else
|
179
|
-
it :TODO
|
180
|
-
end
|
108
|
+
let(:key) { public_key }
|
109
|
+
before { jwe.alg = :'RSA1_5' }
|
110
|
+
it_behaves_like :gcm_encryption_unsupported
|
181
111
|
end
|
182
112
|
|
183
113
|
context 'when alg=RSA-OAEP' do
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
if gcm_supported?
|
189
|
-
it_behaves_like :gcm_encryption
|
190
|
-
else
|
191
|
-
it_behaves_like :gcm_encryption_unsupported
|
192
|
-
end
|
193
|
-
it_behaves_like :cbc_encryption
|
194
|
-
else
|
195
|
-
it :TODO
|
196
|
-
end
|
114
|
+
let(:key) { public_key }
|
115
|
+
before { jwe.alg = :'RSA-OAEP' }
|
116
|
+
it_behaves_like :gcm_encryption_unsupported
|
197
117
|
end
|
198
118
|
end
|
199
119
|
end
|
data/spec/json/jwk_spec.rb
CHANGED
@@ -82,27 +82,27 @@ describe JSON::JWK do
|
|
82
82
|
let(:n) { 'AK8ppaAGn6N3jDic2DhDN5mI5mWzvhfL1AFZOS9q2EBM8L5sjZbYiaHeNoKillZGmEF9a9g6Z20bDnoHTuHPsx93HYkZqPumFZ8K9lLCbqKAMWw2Qgk10RgrZ-kblJotTBCeer9-tZSWO-OWFzP4gp8MpSuQOQbwTJwDgEkFIQLUK2YgzWbn1PoW8xcfbVyWhZD880ELGRW6GhRgYAl0DN_EQS8kyUa0CusYCzOOg2W3-7qjYeojyP6jiOEr-eyjC7hcUvTVoTfz84BiZv72KS3i5JS8ZNNuRp5Ce51wjoDDUoNxDLWv6Da6qMaGpKz6NTSNbvhE_KFhpp4wf5yRQD8=' }
|
83
83
|
let(:pem) do
|
84
84
|
if RUBY_VERSION >= '1.9.3'
|
85
|
-
<<-PEM
|
86
|
-
-----BEGIN PUBLIC KEY-----
|
87
|
-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
|
88
|
-
mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
|
89
|
-
H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
|
90
|
-
nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
|
91
|
-
38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
|
92
|
-
LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
|
93
|
-
PwIDAQAB
|
94
|
-
-----END PUBLIC KEY-----
|
85
|
+
<<-PEM.strip_heredoc
|
86
|
+
-----BEGIN PUBLIC KEY-----
|
87
|
+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
|
88
|
+
mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
|
89
|
+
H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
|
90
|
+
nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
|
91
|
+
38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
|
92
|
+
LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
|
93
|
+
PwIDAQAB
|
94
|
+
-----END PUBLIC KEY-----
|
95
95
|
PEM
|
96
96
|
else
|
97
|
-
<<-PEM
|
98
|
-
-----BEGIN RSA PUBLIC KEY-----
|
99
|
-
MIIBCgKCAQEArymloAafo3eMOJzYOEM3mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJ
|
100
|
-
od42gqKWVkaYQX1r2DpnbRsOegdO4c+zH3cdiRmo+6YVnwr2UsJuooAxbDZCCTXR
|
101
|
-
GCtn6RuUmi1MEJ56v361lJY745YXM/iCnwylK5A5BvBMnAOASQUhAtQrZiDNZufU
|
102
|
-
+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI
|
103
|
-
/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYpLeLklLxk025GnkJ7nXCOgMNSg3EMta/o
|
104
|
-
NrqoxoakrPo1NI1u+ET8oWGmnjB/nJFAPwIDAQAB
|
105
|
-
-----END RSA PUBLIC KEY-----
|
97
|
+
<<-PEM.strip_heredoc
|
98
|
+
-----BEGIN RSA PUBLIC KEY-----
|
99
|
+
MIIBCgKCAQEArymloAafo3eMOJzYOEM3mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJ
|
100
|
+
od42gqKWVkaYQX1r2DpnbRsOegdO4c+zH3cdiRmo+6YVnwr2UsJuooAxbDZCCTXR
|
101
|
+
GCtn6RuUmi1MEJ56v361lJY745YXM/iCnwylK5A5BvBMnAOASQUhAtQrZiDNZufU
|
102
|
+
+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI
|
103
|
+
/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYpLeLklLxk025GnkJ7nXCOgMNSg3EMta/o
|
104
|
+
NrqoxoakrPo1NI1u+ET8oWGmnjB/nJFAPwIDAQAB
|
105
|
+
-----END RSA PUBLIC KEY-----
|
106
106
|
PEM
|
107
107
|
end
|
108
108
|
end
|
data/spec/json/jws_spec.rb
CHANGED
@@ -69,6 +69,22 @@ describe JSON::JWS do
|
|
69
69
|
it_behaves_like :jwt_with_alg
|
70
70
|
it_behaves_like :generate_expected_signature
|
71
71
|
end
|
72
|
+
|
73
|
+
[:ES256, :ES384, :ES512].each do |algorithm|
|
74
|
+
describe algorithm do
|
75
|
+
let(:private_key_or_secret) { private_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
|
76
|
+
let(:public_key_or_secret) { public_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
|
77
|
+
it 'should be self-verifiable' do
|
78
|
+
expect do
|
79
|
+
JSON::JWT.decode(
|
80
|
+
JSON::JWT.new(claims).sign(
|
81
|
+
private_key_or_secret, algorithm
|
82
|
+
).to_s, public_key_or_secret
|
83
|
+
)
|
84
|
+
end.not_to raise_error
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
72
88
|
end
|
73
89
|
|
74
90
|
describe 'unknown algorithm' do
|
data/spec/spec_helper.rb
CHANGED
@@ -14,5 +14,9 @@ RSpec.configure do |config|
|
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
17
|
+
def gcm_supported?
|
18
|
+
RUBY_VERSION >= '2.0.0' && OpenSSL::OPENSSL_VERSION >= 'OpenSSL 1.0.1c'
|
19
|
+
end
|
20
|
+
|
17
21
|
require 'helpers/sign_key_fixture_helper'
|
18
|
-
require 'helpers/nimbus_spec_helper'
|
22
|
+
require 'helpers/nimbus_spec_helper'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-06-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: multi_json
|
@@ -171,6 +171,8 @@ files:
|
|
171
171
|
- spec/fixtures/rsa/public_key.pem
|
172
172
|
- spec/helpers/nimbus_spec_helper.rb
|
173
173
|
- spec/helpers/sign_key_fixture_helper.rb
|
174
|
+
- spec/interop/with_jsrsasign_spec.rb
|
175
|
+
- spec/interop/with_nimbus_jose_spec.rb
|
174
176
|
- spec/json/jwe_spec.rb
|
175
177
|
- spec/json/jwk/set_spec.rb
|
176
178
|
- spec/json/jwk_spec.rb
|
@@ -214,6 +216,8 @@ test_files:
|
|
214
216
|
- spec/fixtures/rsa/public_key.pem
|
215
217
|
- spec/helpers/nimbus_spec_helper.rb
|
216
218
|
- spec/helpers/sign_key_fixture_helper.rb
|
219
|
+
- spec/interop/with_jsrsasign_spec.rb
|
220
|
+
- spec/interop/with_nimbus_jose_spec.rb
|
217
221
|
- spec/json/jwe_spec.rb
|
218
222
|
- spec/json/jwk/set_spec.rb
|
219
223
|
- spec/json/jwk_spec.rb
|