json-jwt 1.0.2 → 1.0.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of json-jwt might be problematic. Click here for more details.

Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/json/jwe.rb +29 -29
  4. data/lib/json/jwk.rb +42 -10
  5. data/lib/json/jws.rb +3 -3
  6. data/lib/json/jwt.rb +1 -1
  7. data/spec/interop/with_rfc_example_spec.rb +20 -0
  8. data/spec/json/jwk_spec.rb +14 -2
  9. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1b179f22e49515e37f1fb1a7a76ae0e4259619ec
4
- data.tar.gz: 01bc05a740c8d7d9429f451061123108c9556188
3
+ metadata.gz: f114f8c73a49561c455f752c90361378e34691ff
4
+ data.tar.gz: 65e2c0a8b3f0054e81b28dd3d45bc3bd7d4354ba
5
5
  SHA512:
6
- metadata.gz: 507b4a7403d63f14eb41e4d0ca4a9d7a043cefc6b8b82c8dc080666f9a793fa57e545cbc9c160fce7dffb48b530ad0feda54b54407f98829bb3176ded8be0490
7
- data.tar.gz: becb5f896d13528a28a74d8d38bffa3eda0c6cf10a7c0e1e62ac00f37415637482eaa38a052ef75def9736498ff9c7bb4561664368fb13f0c8000cb0b1245907
6
+ metadata.gz: 47bda5992fac3eebb1403df68ed0f4914ba0ecd61a0c0b4d3d100cef9856a485c0e18f82ebded2774111e2e50ca3fddbe61eb54f198d1ce50fcbd84a1fea9281
7
+ data.tar.gz: da1a37510a59a5910e9e5a39fd0961c72d062dfa4fe57a6b37e4f07339aa86cd2859b0c0065b4ed5dcad56ddc4cdcaa2827b29d19939854e5492fcfae3bd36f6
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.0.2
1
+ 1.0.3
data/lib/json/jwe.rb CHANGED
@@ -72,15 +72,15 @@ module JSON
72
72
  end
73
73
 
74
74
  def gcm?
75
- [:A128GCM, :A256GCM].collect(&:to_s).include? encryption_method.to_s
75
+ [:A128GCM, :A256GCM].include? encryption_method.try(:to_sym)
76
76
  end
77
77
 
78
78
  def cbc?
79
- [:'A128CBC-HS256', :'A256CBC-HS512'].collect(&:to_s).include? encryption_method.to_s
79
+ [:'A128CBC-HS256', :'A256CBC-HS512'].include? encryption_method.try(:to_sym)
80
80
  end
81
81
 
82
82
  def dir?
83
- :dir.to_s == algorithm.to_s
83
+ :dir == algorithm.try(:to_sym)
84
84
  end
85
85
 
86
86
  def cipher
@@ -92,14 +92,14 @@ module JSON
92
92
  end
93
93
 
94
94
  def cipher_name
95
- case encryption_method.to_s
96
- when :A128GCM.to_s
95
+ case encryption_method.try(:to_sym)
96
+ when :A128GCM
97
97
  'aes-128-gcm'
98
- when :A256GCM.to_s
98
+ when :A256GCM
99
99
  'aes-256-gcm'
100
- when :'A128CBC-HS256'.to_s
100
+ when :'A128CBC-HS256'
101
101
  'aes-128-cbc'
102
- when :'A256CBC-HS512'.to_s
102
+ when :'A256CBC-HS512'
103
103
  'aes-256-cbc'
104
104
  else
105
105
  raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
@@ -107,10 +107,10 @@ module JSON
107
107
  end
108
108
 
109
109
  def sha_size
110
- case encryption_method.to_s
111
- when :'A128CBC-HS256'.to_s
110
+ case encryption_method.try(:to_sym)
111
+ when :'A128CBC-HS256'
112
112
  256
113
- when :'A256CBC-HS512'.to_s
113
+ when :'A256CBC-HS512'
114
114
  512
115
115
  else
116
116
  raise UnexpectedAlgorithm.new('Unknown Hash Size')
@@ -135,22 +135,22 @@ module JSON
135
135
  # encryption
136
136
 
137
137
  def jwe_encrypted_key
138
- @jwe_encrypted_key ||= case algorithm.to_s
139
- when :RSA1_5.to_s
138
+ @jwe_encrypted_key ||= case algorithm.try(:to_sym)
139
+ when :RSA1_5
140
140
  public_key_or_secret.public_encrypt content_encryption_key
141
- when :'RSA-OAEP'.to_s
141
+ when :'RSA-OAEP'
142
142
  public_key_or_secret.public_encrypt content_encryption_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
143
- when :A128KW.to_s
143
+ when :A128KW
144
144
  raise NotImplementedError.new('A128KW not supported yet')
145
- when :A256KW.to_s
145
+ when :A256KW
146
146
  raise NotImplementedError.new('A256KW not supported yet')
147
- when :dir.to_s
147
+ when :dir
148
148
  ''
149
- when :'ECDH-ES'.to_s
149
+ when :'ECDH-ES'
150
150
  raise NotImplementedError.new('ECDH-ES not supported yet')
151
- when :'ECDH-ES+A128KW'.to_s
151
+ when :'ECDH-ES+A128KW'
152
152
  raise NotImplementedError.new('ECDH-ES+A128KW not supported yet')
153
- when :'ECDH-ES+A256KW'.to_s
153
+ when :'ECDH-ES+A256KW'
154
154
  raise NotImplementedError.new('ECDH-ES+A256KW not supported yet')
155
155
  else
156
156
  raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
@@ -223,22 +223,22 @@ module JSON
223
223
  end
224
224
 
225
225
  def decrypt_content_encryption_key
226
- case algorithm.to_s
227
- when :RSA1_5.to_s
226
+ case algorithm.try(:to_sym)
227
+ when :RSA1_5
228
228
  private_key_or_secret.private_decrypt jwe_encrypted_key
229
- when :'RSA-OAEP'.to_s
229
+ when :'RSA-OAEP'
230
230
  private_key_or_secret.private_decrypt jwe_encrypted_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
231
- when :A128KW.to_s
231
+ when :A128KW
232
232
  raise NotImplementedError.new('A128KW not supported yet')
233
- when :A256KW.to_s
233
+ when :A256KW
234
234
  raise NotImplementedError.new('A256KW not supported yet')
235
- when :dir.to_s
235
+ when :dir
236
236
  private_key_or_secret
237
- when :'ECDH-ES'.to_s
237
+ when :'ECDH-ES'
238
238
  raise NotImplementedError.new('ECDH-ES not supported yet')
239
- when :'ECDH-ES+A128KW'.to_s
239
+ when :'ECDH-ES+A128KW'
240
240
  raise NotImplementedError.new('ECDH-ES+A128KW not supported yet')
241
- when :'ECDH-ES+A256KW'.to_s
241
+ when :'ECDH-ES+A256KW'
242
242
  raise NotImplementedError.new('ECDH-ES+A256KW not supported yet')
243
243
  else
244
244
  raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
data/lib/json/jwk.rb CHANGED
@@ -10,6 +10,18 @@ module JSON
10
10
  'application/jwk+json'
11
11
  end
12
12
 
13
+ def thumbprint(digest = OpenSSL::Digest::SHA256.new)
14
+ digest = case digest
15
+ when OpenSSL::Digest
16
+ digest
17
+ when String, Symbol
18
+ OpenSSL::Digest.new digest.to_s
19
+ else
20
+ raise UnknownAlgorithm.new('Unknown Digest Algorithm')
21
+ end
22
+ UrlSafeBase64.encode64 digest.digest(normalize.to_json)
23
+ end
24
+
13
25
  private
14
26
 
15
27
  def ecdsa_coodinates(ecdsa_key)
@@ -17,7 +29,7 @@ module JSON
17
29
  hex = ecdsa_key.public_key.to_bn.to_s(16)
18
30
  data_len = hex.length - 2
19
31
  type = hex[0,2]
20
- hex_x = hex[2, data_len/2]
32
+ hex_x = hex[2, data_len/2]
21
33
  hex_y = hex[2+data_len/2, data_len/2]
22
34
  @ecdsa_coodinates = {
23
35
  x: [hex_x].pack("H*"),
@@ -43,19 +55,39 @@ module JSON
43
55
  y: UrlSafeBase64.encode64(ecdsa_coodinates(public_key)[:y].to_s),
44
56
  }
45
57
  else
46
- raise UnknownAlgorithm.new('Unknown Algorithm')
58
+ raise UnknownAlgorithm.new('Unknown Key Type')
47
59
  end
48
60
  hash.merge(options)
49
61
  end
50
62
 
63
+ def normalize
64
+ case self[:kty].try(:to_sym)
65
+ when :RSA
66
+ {
67
+ e: self[:e],
68
+ kty: self[:kty],
69
+ n: self[:n]
70
+ }
71
+ when :EC
72
+ {
73
+ crv: self[:crv],
74
+ kty: self[:kty],
75
+ x: self[:x],
76
+ y: self[:y]
77
+ }
78
+ else
79
+ raise UnknownAlgorithm.new('Unknown Key Type')
80
+ end
81
+ end
82
+
51
83
  class << self
52
84
  def ecdsa_curve_name_for(curve_identifier)
53
- case curve_identifier.to_s
54
- when 'P-256'
85
+ case curve_identifier.try(:to_sym)
86
+ when :'P-256'
55
87
  'prime256v1'
56
- when 'P-384'
88
+ when :'P-384'
57
89
  'secp384r1'
58
- when 'P-521'
90
+ when :'P-521'
59
91
  'secp521r1'
60
92
  else
61
93
  raise UnknownAlgorithm.new('Unknown ECDSA Curve')
@@ -77,15 +109,15 @@ module JSON
77
109
 
78
110
  def decode(jwk)
79
111
  jwk = jwk.with_indifferent_access
80
- case jwk[:kty].to_s
81
- when 'RSA'
112
+ case jwk[:kty].try(:to_sym)
113
+ when :RSA
82
114
  e = OpenSSL::BN.new UrlSafeBase64.decode64(jwk[:e]), 2
83
115
  n = OpenSSL::BN.new UrlSafeBase64.decode64(jwk[:n]), 2
84
116
  key = OpenSSL::PKey::RSA.new
85
117
  key.e = e
86
118
  key.n = n
87
119
  key
88
- when 'EC'
120
+ when :EC
89
121
  if RUBY_VERSION >= '2.0.0'
90
122
  key = OpenSSL::PKey::EC.new ecdsa_curve_name_for(jwk[:crv])
91
123
  x, y = [jwk[:x], jwk[:y]].collect do |decoded|
@@ -97,7 +129,7 @@ module JSON
97
129
  raise UnknownAlgorithm.new('ECDSA JWK Decoding requires Ruby 2.0+')
98
130
  end
99
131
  else
100
- raise UnknownAlgorithm.new('Unknown Algorithm')
132
+ raise UnknownAlgorithm.new('Unknown Key Type')
101
133
  end
102
134
  end
103
135
 
data/lib/json/jws.rb CHANGED
@@ -28,15 +28,15 @@ module JSON
28
28
  end
29
29
 
30
30
  def hmac?
31
- [:HS256, :HS384, :HS512].collect(&:to_s).include? algorithm.to_s
31
+ [:HS256, :HS384, :HS512].include? algorithm.try(:to_sym)
32
32
  end
33
33
 
34
34
  def rsa?
35
- [:RS256, :RS384, :RS512].collect(&:to_s).include? algorithm.to_s
35
+ [:RS256, :RS384, :RS512].include? algorithm.try(:to_sym)
36
36
  end
37
37
 
38
38
  def ecdsa?
39
- [:ES256, :ES384, :ES512].collect(&:to_s).include? algorithm.to_s
39
+ [:ES256, :ES384, :ES512].include? algorithm.try(:to_sym)
40
40
  end
41
41
 
42
42
  def signature_base_string
data/lib/json/jwt.rb CHANGED
@@ -52,7 +52,7 @@ module JSON
52
52
  end
53
53
 
54
54
  def verify(signature_base_string, public_key_or_secret = nil)
55
- if alg.to_s == 'none'
55
+ if alg.try(:to_sym) == :none
56
56
  raise UnexpectedAlgorithm if public_key_or_secret
57
57
  signature == '' or raise VerificationFailed
58
58
  else
data/spec/interop/with_rfc_example_spec.rb ADDED
@@ -0,0 +1,20 @@
1
+ require 'spec_helper'
2
+
3
+ describe 'interop' do
4
+ describe 'with RFC Example' do
5
+ describe 'JWK Thubmprint' do
6
+ subject { JSON::JWK.new public_key }
7
+
8
+ let(:public_key) do
9
+ JSON::JWK.decode(
10
+ kty: :RSA,
11
+ n: '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw',
12
+ e: 'AQAB',
13
+ alg: :RSA256,
14
+ kid: '2011-04-29'
15
+ )
16
+ end
17
+ its(:thumbprint) { should == 'NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs' }
18
+ end
19
+ end
20
+ end
data/spec/json/jwk_spec.rb CHANGED
@@ -21,6 +21,18 @@ describe JSON::JWK do
21
21
  its(:kid) { jwk[:kid].should == '12345' }
22
22
  its(:use) { jwk[:use].should == :sig }
23
23
  end
24
+
25
+ describe '#thumbprint' do
26
+ context 'using default hash function' do
27
+ subject { jwk.thumbprint }
28
+ it { should == 'nuBTimkcSt_AuEsD8Yv3l8CoGV31bu_3gsRDGN1iVKA' }
29
+ end
30
+
31
+ context 'using SHA512 hash function' do
32
+ subject { jwk.thumbprint :SHA512 }
33
+ it { should == '6v7pXTnQLMiQgvJlPJUdhAUSuGLzgF8C1r3ABAMFet6bc53ea-Pq4ZGbGu3RoAFsNRT1-RhTzDqtqXuLU6NOtw' }
34
+ end
35
+ end
24
36
  end
25
37
 
26
38
  context 'when ECDSA public key given' do
@@ -60,12 +72,12 @@ describe JSON::JWK do
60
72
  end
61
73
  end
62
74
 
63
- describe 'unknown algorithm' do
75
+ describe 'unknown key type' do
64
76
  it do
65
77
  key = OpenSSL::PKey::DSA.generate 256
66
78
  expect do
67
79
  JSON::JWK.new key
68
- end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Algorithm'
80
+ end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Key Type'
69
81
  end
70
82
  end
71
83
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-07-07 00:00:00.000000000 Z
11
+ date: 2015-07-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: multi_json
@@ -173,6 +173,7 @@ files:
173
173
  - spec/helpers/sign_key_fixture_helper.rb
174
174
  - spec/interop/with_jsrsasign_spec.rb
175
175
  - spec/interop/with_nimbus_jose_spec.rb
176
+ - spec/interop/with_rfc_example_spec.rb
176
177
  - spec/json/jwe_spec.rb
177
178
  - spec/json/jwk/set_spec.rb
178
179
  - spec/json/jwk_spec.rb
@@ -218,6 +219,7 @@ test_files:
218
219
  - spec/helpers/sign_key_fixture_helper.rb
219
220
  - spec/interop/with_jsrsasign_spec.rb
220
221
  - spec/interop/with_nimbus_jose_spec.rb
222
+ - spec/interop/with_rfc_example_spec.rb
221
223
  - spec/json/jwe_spec.rb
222
224
  - spec/json/jwk/set_spec.rb
223
225
  - spec/json/jwk_spec.rb