json-jwt 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 38d7bcfdc304f1af38352cf21d65b9fc6b082305
-  data.tar.gz: e2a532a07f201fddc120246f1540f71df1152782
+  metadata.gz: 7af9360be317e0a5babb50f93e8c65a26c576fb5
+  data.tar.gz: c5d99e3238a5d827874e580e00f760430410e17e
 SHA512:
-  metadata.gz: e226c87a65a244f8047f52ccb3db7a910829452d6fa00452aadba271827e8895dd16987cd08978ff48c982a4081d682ac68b74b6e0dd74eb0149ffc110f7283a
-  data.tar.gz: d0445667ca947bfbb511955ebab57fa983223cacea956a38d7d91c09b54cb66f6178177d9c28786007a04652dd4b7f2d6c17f63502afca2390e66f45ba6e19cc
+  metadata.gz: cbd77d9ae8cb41b7a37d13a152ba42e6ca403ed8670cb16be507888c9c1c6836bac9de781335da2dcacea6ee0da823813fa74b3e9af3c3b81593d869a1d8e6c4
+  data.tar.gz: ceda13fa9dd760b5abdb3f96b7f6a19271476e4e624f6dfcd8784ca783091ca8a607c9e8549d2709d05e8bb1fba5d2ed019bfe1cf50cd2adf837e1b7239fa23f

data/VERSION

@@ -1 +1 @@
-1.0.0
+1.0.1

data/lib/json/jws.rb

@@ -59,7 +59,10 @@ module JSON
       when ecdsa?
         private_key = private_key_or_secret
         verify_ecdsa_group! private_key
-        private_key.dsa_sign_asn1 digest.digest(signature_base_string)
+        asn1_to_raw(
+          private_key.dsa_sign_asn1(digest.digest signature_base_string),
+          private_key
+        )
       else
         raise UnexpectedAlgorithm.new('Unknown Signature Algorithm')
       end
@@ -75,7 +78,10 @@ module JSON
       when ecdsa?
         public_key = public_key_or_secret
         verify_ecdsa_group! public_key
-        public_key.dsa_verify_asn1 digest.digest(signature_base_string), signature
+        public_key.dsa_verify_asn1(
+          digest.digest(signature_base_string),
+          raw_to_asn1(signature, public_key)
+        )
       else
         raise UnexpectedAlgorithm.new('Unknown Signature Algorithm')
       end
@@ -104,5 +110,17 @@ module JSON
       end
       self
     end
+
+    def raw_to_asn1(signature, public_key)
+      byte_size = (public_key.group.degree + 7) / 8
+      r = signature[0..(byte_size - 1)]
+      s = signature[byte_size..-1]
+      OpenSSL::ASN1::Sequence.new([r, s].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+    end
+
+    def asn1_to_raw(signature, private_key)
+      byte_size = (private_key.group.degree + 7) / 8
+      OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
+    end
   end
 end

data/spec/interop/with_jsrsasign_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe 'interop' do
+  describe 'with jsrsasign' do
+    context 'JWS' do
+      let(:public_key) do
+        pem = <<-PEM.strip_heredoc
+          -----BEGIN PUBLIC KEY-----
+          MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoBUyo8CQAFPeYPvv78ylh5MwFZjT
+          CLQeb042TjiMJxG+9DLFmRSMlBQ9T/RsLLc+PmpB1+7yPAR+oR5gZn3kJQ==
+          -----END PUBLIC KEY-----
+        PEM
+        OpenSSL::PKey::EC.new pem
+      end
+      let(:private_key) do
+        pem = <<-PEM.strip_heredoc
+          -----BEGIN PRIVATE KEY-----
+          MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEbVzfPnZPxfAyxqE
+          ZV05laAoJAl+/6Xt2O4mOB611sOhRANCAASgFTKjwJAAU95g++/vzKWHkzAVmNMI
+          tB5vTjZOOIwnEb70MsWZFIyUFD1P9Gwstz4+akHX7vI8BH6hHmBmfeQl
+          -----END PRIVATE KEY-----
+        PEM
+        OpenSSL::PKey::EC.new pem
+      end
+      let(:jws_string) do
+        'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2p3dC1pZHAuZXhhbXBsZS5jb20iLCJzdWIiOiJtYWlsdG86bWlrZUBleGFtcGxlLmNvbSIsIm5iZiI6MTQzNTA2MjUyMywiZXhwIjoxNDM1MDY2MTIzLCJpYXQiOjE0MzUwNjI1MjMsImp0aSI6ImlkMTIzNDU2IiwidHlwIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9yZWdpc3RlciJ9.HFmKrExGIFm5SwzTq_ayG80ELUIKnrR9psedV_6ZsuHl5ZLZ-1nV35o0yjKkN7qPQipQMK90xMvDYpi7e2XU9Q'
+      end
+      let(:payload) do
+        {
+          iss: 'https://jwt-idp.example.com',
+          sub: 'mailto:mike@example.com',
+          nbf: 1435062523,
+          exp: 1435066123,
+          iat: 1435062523,
+          jti: 'id123456',
+          typ: 'https://example.com/register'
+        }
+      end
+
+      describe 'verify' do
+        it 'should succeed' do
+          expect do
+            JSON::JWT.decode(jws_string, public_key)
+          end.not_to raise_error
+        end
+      end
+    end
+  end
+end

data/spec/interop/with_nimbus_jose_spec.rb

@@ -0,0 +1,99 @@
+require 'spec_helper'
+
+describe 'interop' do
+  describe 'with Nimbus JOSE' do
+    if !NimbusSpecHelper.nimbus_available?
+      context 'JWE' do
+        let(:shared_key) { SecureRandom.hex 16 } # default shared key is too short
+        let(:private_key_path) { der_file_path 'rsa/private_key' }
+
+        describe 'encrypt!' do
+          shared_examples_for :gcm_encryption do
+            context 'when enc=A128GCM' do
+              before { jwe.enc = :A128GCM }
+
+              it 'should decryptable by Nimbus JOSE JWT' do
+                jwe.encrypt! key
+                NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
+              end
+            end
+
+            context 'when enc=A256GCM' do
+              before { jwe.enc = :A256GCM }
+
+              it 'should decryptable by Nimbus JOSE JWT' do
+                jwe.encrypt! key
+                NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
+              end
+            end
+          end
+
+          shared_examples_for :cbc_encryption do
+            context 'when enc=A128CBC-HS256' do
+              before { jwe.enc = :'A128CBC-HS256' }
+
+              it 'should decryptable by Nimbus JOSE JWT' do
+                jwe.encrypt! key
+                NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
+              end
+            end
+
+            context 'when enc=A256CBC-HS512' do
+              before { jwe.enc = :'A256CBC-HS512' }
+
+              it 'should decryptable by Nimbus JOSE JWT' do
+                jwe.encrypt! key
+                NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
+              end
+            end
+          end
+
+          context 'when plaintext given' do
+            let(:plain_text) { 'Hello World' }
+            let(:jwe) { JSON::JWE.new plain_text }
+
+            context 'when alg=RSA1_5' do
+              let(:key) { public_key }
+              before { jwe.alg = :'RSA1_5' }
+
+              it_behaves_like :gcm_encryption if gcm_supported?
+              it_behaves_like :cbc_encryption
+            end
+
+            context 'when alg=RSA-OAEP' do
+              let(:key) { public_key }
+              before { jwe.alg = :'RSA-OAEP' }
+
+              it_behaves_like :gcm_encryption if gcm_supported?
+              it_behaves_like :cbc_encryption
+            end
+          end
+
+          context 'when jwt given' do
+            let(:plain_text) { jwt.to_s }
+            let(:jwt) { JSON::JWT.new(foo: :bar) }
+            let(:jwe) { JSON::JWE.new jwt }
+
+            context 'when alg=RSA-OAEP' do
+              let(:key) { public_key }
+              before { jwe.alg = :'RSA1_5' }
+
+              it_behaves_like :gcm_encryption if gcm_supported?
+              it_behaves_like :cbc_encryption
+            end
+
+            context 'when alg=RSA-OAEP' do
+              let(:key) { public_key }
+              before { jwe.alg = :'RSA-OAEP' }
+
+              it_behaves_like :gcm_encryption if gcm_supported?
+              it_behaves_like :cbc_encryption
+            end
+          end
+        end
+      end
+    else
+      skip 'Nimbus JOSE unavailable'
+    end
+  end
+end

data/spec/json/jwe_spec.rb

@@ -1,9 +1,5 @@
 require 'spec_helper'
 
-def gcm_supported?
-  RUBY_VERSION >= '2.0.0' && OpenSSL::OPENSSL_VERSION >= 'OpenSSL 1.0.1c'
-end
-
 describe JSON::JWE do
   let(:shared_key) { SecureRandom.hex 16 } # default shared key is too short
   let(:private_key_path) { der_file_path 'rsa/private_key' }
@@ -16,64 +12,28 @@ describe JSON::JWE do
   end
 
   describe 'encrypt!' do
-    shared_examples_for :gcm_encryption do
-      context 'when enc=A128GCM' do
-        before { jwe.enc = :A128GCM }
-
-        it 'should decryptable by Nimbus JOSE JWT' do
-          jwe.encrypt! key
-          NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
-        end
-      end
-
-      context 'when enc=A256GCM' do
-        before { jwe.enc = :A256GCM }
-
-        it 'should decryptable by Nimbus JOSE JWT' do
-          jwe.encrypt! key
-          NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
-        end
-      end
-    end
-
     shared_examples_for :gcm_encryption_unsupported do
-      context 'when enc=A128GCM' do
-        before { jwe.enc = :A128GCM }
-
-        it do
-          expect do
-            jwe.encrypt! key
-          end.to raise_error JSON::JWE::UnexpectedAlgorithm
-        end
-      end
-
-      context 'when enc=A256GCM' do
-        before { jwe.enc = :A256GCM }
-
-        it do
-          expect do
-            jwe.encrypt! key
-          end.to raise_error JSON::JWE::UnexpectedAlgorithm
-        end
-      end
-    end
-
-    shared_examples_for :cbc_encryption do
-      context 'when enc=A128CBC-HS256' do
-        before { jwe.enc = :'A128CBC-HS256' }
-
-        it 'should decryptable by Nimbus JOSE JWT' do
-          jwe.encrypt! key
-          NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
+      if gcm_supported?
+        skip 'GSM supported'
+      else
+        context 'when enc=A128GCM' do
+          before { jwe.enc = :A128GCM }
+
+          it do
+            expect do
+              jwe.encrypt! key
+            end.to raise_error JSON::JWE::UnexpectedAlgorithm
+          end
         end
-      end
 
-      context 'when enc=A256CBC-HS512' do
-        before { jwe.enc = :'A256CBC-HS512' }
+        context 'when enc=A256GCM' do
+          before { jwe.enc = :A256GCM }
 
-        it 'should decryptable by Nimbus JOSE JWT' do
-          jwe.encrypt! key
-          NimbusJWE.decrypt(jwe, private_key_path).should == plain_text
+          it do
+            expect do
+              jwe.encrypt! key
+            end.to raise_error JSON::JWE::UnexpectedAlgorithm
+          end
         end
       end
     end
@@ -99,35 +59,15 @@ describe JSON::JWE do
       let(:jwe) { JSON::JWE.new plain_text }
 
       context 'when alg=RSA1_5' do
-        if NimbusSpecHelper.nimbus_available?
-          let(:key) { public_key }
-          before { jwe.alg = :'RSA1_5' }
-
-          if gcm_supported?
-            it_behaves_like :gcm_encryption
-          else
-            it_behaves_like :gcm_encryption_unsupported
-          end
-          it_behaves_like :cbc_encryption
-        else
-          it :TODO
-        end
+        let(:key) { public_key }
+        before { jwe.alg = :'RSA1_5' }
+        it_behaves_like :gcm_encryption_unsupported
       end
 
       context 'when alg=RSA-OAEP' do
-        if NimbusSpecHelper.nimbus_available?
-          let(:key) { public_key }
-          before { jwe.alg = :'RSA-OAEP' }
-
-          if gcm_supported?
-            it_behaves_like :gcm_encryption
-          else
-            it_behaves_like :gcm_encryption_unsupported
-          end
-          it_behaves_like :cbc_encryption
-        else
-          it :TODO
-        end
+        let(:key) { public_key }
+        before { jwe.alg = :'RSA-OAEP' }
+        it_behaves_like :gcm_encryption_unsupported
       end
 
       context 'when alg=dir' do
@@ -165,35 +105,15 @@ describe JSON::JWE do
       let(:jwe) { JSON::JWE.new jwt }
 
       context 'when alg=RSA-OAEP' do
-        if NimbusSpecHelper.nimbus_available?
-          let(:key) { public_key }
-          before { jwe.alg = :'RSA1_5' }
-
-          if gcm_supported?
-            it_behaves_like :gcm_encryption
-          else
-            it_behaves_like :gcm_encryption_unsupported
-          end
-          it_behaves_like :cbc_encryption
-        else
-          it :TODO
-        end
+        let(:key) { public_key }
+        before { jwe.alg = :'RSA1_5' }
+        it_behaves_like :gcm_encryption_unsupported
       end
 
       context 'when alg=RSA-OAEP' do
-        if NimbusSpecHelper.nimbus_available?
-          let(:key) { public_key }
-          before { jwe.alg = :'RSA-OAEP' }
-
-          if gcm_supported?
-            it_behaves_like :gcm_encryption
-          else
-            it_behaves_like :gcm_encryption_unsupported
-          end
-          it_behaves_like :cbc_encryption
-        else
-          it :TODO
-        end
+        let(:key) { public_key }
+        before { jwe.alg = :'RSA-OAEP' }
+        it_behaves_like :gcm_encryption_unsupported
       end
     end
   end

data/spec/json/jwk_spec.rb

@@ -82,27 +82,27 @@ describe JSON::JWK do
       let(:n) { 'AK8ppaAGn6N3jDic2DhDN5mI5mWzvhfL1AFZOS9q2EBM8L5sjZbYiaHeNoKillZGmEF9a9g6Z20bDnoHTuHPsx93HYkZqPumFZ8K9lLCbqKAMWw2Qgk10RgrZ-kblJotTBCeer9-tZSWO-OWFzP4gp8MpSuQOQbwTJwDgEkFIQLUK2YgzWbn1PoW8xcfbVyWhZD880ELGRW6GhRgYAl0DN_EQS8kyUa0CusYCzOOg2W3-7qjYeojyP6jiOEr-eyjC7hcUvTVoTfz84BiZv72KS3i5JS8ZNNuRp5Ce51wjoDDUoNxDLWv6Da6qMaGpKz6NTSNbvhE_KFhpp4wf5yRQD8=' }
       let(:pem) do
         if RUBY_VERSION >= '1.9.3'
-          <<-PEM
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
-mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
-H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
-nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
-38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
-LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
-PwIDAQAB
------END PUBLIC KEY-----
+          <<-PEM.strip_heredoc
+            -----BEGIN PUBLIC KEY-----
+            MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
+            mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
+            H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
+            nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
+            38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
+            LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
+            PwIDAQAB
+            -----END PUBLIC KEY-----
           PEM
         else
-          <<-PEM
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEArymloAafo3eMOJzYOEM3mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJ
-od42gqKWVkaYQX1r2DpnbRsOegdO4c+zH3cdiRmo+6YVnwr2UsJuooAxbDZCCTXR
-GCtn6RuUmi1MEJ56v361lJY745YXM/iCnwylK5A5BvBMnAOASQUhAtQrZiDNZufU
-+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI
-/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYpLeLklLxk025GnkJ7nXCOgMNSg3EMta/o
-NrqoxoakrPo1NI1u+ET8oWGmnjB/nJFAPwIDAQAB
------END RSA PUBLIC KEY-----
+          <<-PEM.strip_heredoc
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEArymloAafo3eMOJzYOEM3mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJ
+            od42gqKWVkaYQX1r2DpnbRsOegdO4c+zH3cdiRmo+6YVnwr2UsJuooAxbDZCCTXR
+            GCtn6RuUmi1MEJ56v361lJY745YXM/iCnwylK5A5BvBMnAOASQUhAtQrZiDNZufU
+            +hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI
+            /qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYpLeLklLxk025GnkJ7nXCOgMNSg3EMta/o
+            NrqoxoakrPo1NI1u+ET8oWGmnjB/nJFAPwIDAQAB
+            -----END RSA PUBLIC KEY-----
           PEM
         end
       end

data/spec/json/jws_spec.rb

@@ -69,6 +69,22 @@ describe JSON::JWS do
         it_behaves_like :jwt_with_alg
         it_behaves_like :generate_expected_signature
       end
+
+      [:ES256, :ES384, :ES512].each do |algorithm|
+        describe algorithm do
+          let(:private_key_or_secret) { private_key :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
+          let(:public_key_or_secret)  { public_key  :ecdsa, digest_length: algorithm.to_s[2,3].to_i }
+          it 'should be self-verifiable' do
+            expect do
+              JSON::JWT.decode(
+                JSON::JWT.new(claims).sign(
+                  private_key_or_secret, algorithm
+                ).to_s, public_key_or_secret
+              )
+            end.not_to raise_error
+          end
+        end
+      end
     end
 
     describe 'unknown algorithm' do

data/spec/spec_helper.rb

@@ -14,5 +14,9 @@ RSpec.configure do |config|
   end
 end
 
+def gcm_supported?
+  RUBY_VERSION >= '2.0.0' && OpenSSL::OPENSSL_VERSION >= 'OpenSSL 1.0.1c'
+end
+
 require 'helpers/sign_key_fixture_helper'
-require 'helpers/nimbus_spec_helper'
+require 'helpers/nimbus_spec_helper'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-20 00:00:00.000000000 Z
+date: 2015-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -171,6 +171,8 @@ files:
 - spec/fixtures/rsa/public_key.pem
 - spec/helpers/nimbus_spec_helper.rb
 - spec/helpers/sign_key_fixture_helper.rb
+- spec/interop/with_jsrsasign_spec.rb
+- spec/interop/with_nimbus_jose_spec.rb
 - spec/json/jwe_spec.rb
 - spec/json/jwk/set_spec.rb
 - spec/json/jwk_spec.rb
@@ -214,6 +216,8 @@ test_files:
 - spec/fixtures/rsa/public_key.pem
 - spec/helpers/nimbus_spec_helper.rb
 - spec/helpers/sign_key_fixture_helper.rb
+- spec/interop/with_jsrsasign_spec.rb
+- spec/interop/with_nimbus_jose_spec.rb
 - spec/json/jwe_spec.rb
 - spec/json/jwk/set_spec.rb
 - spec/json/jwk_spec.rb