json-jwt 1.0.2 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jwe.rb +29 -29
- data/lib/json/jwk.rb +42 -10
- data/lib/json/jws.rb +3 -3
- data/lib/json/jwt.rb +1 -1
- data/spec/interop/with_rfc_example_spec.rb +20 -0
- data/spec/json/jwk_spec.rb +14 -2
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f114f8c73a49561c455f752c90361378e34691ff
|
4
|
+
data.tar.gz: 65e2c0a8b3f0054e81b28dd3d45bc3bd7d4354ba
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 47bda5992fac3eebb1403df68ed0f4914ba0ecd61a0c0b4d3d100cef9856a485c0e18f82ebded2774111e2e50ca3fddbe61eb54f198d1ce50fcbd84a1fea9281
|
7
|
+
data.tar.gz: da1a37510a59a5910e9e5a39fd0961c72d062dfa4fe57a6b37e4f07339aa86cd2859b0c0065b4ed5dcad56ddc4cdcaa2827b29d19939854e5492fcfae3bd36f6
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.3
|
data/lib/json/jwe.rb
CHANGED
@@ -72,15 +72,15 @@ module JSON
|
|
72
72
|
end
|
73
73
|
|
74
74
|
def gcm?
|
75
|
-
[:A128GCM, :A256GCM].
|
75
|
+
[:A128GCM, :A256GCM].include? encryption_method.try(:to_sym)
|
76
76
|
end
|
77
77
|
|
78
78
|
def cbc?
|
79
|
-
[:'A128CBC-HS256', :'A256CBC-HS512'].
|
79
|
+
[:'A128CBC-HS256', :'A256CBC-HS512'].include? encryption_method.try(:to_sym)
|
80
80
|
end
|
81
81
|
|
82
82
|
def dir?
|
83
|
-
:dir
|
83
|
+
:dir == algorithm.try(:to_sym)
|
84
84
|
end
|
85
85
|
|
86
86
|
def cipher
|
@@ -92,14 +92,14 @@ module JSON
|
|
92
92
|
end
|
93
93
|
|
94
94
|
def cipher_name
|
95
|
-
case encryption_method.
|
96
|
-
when :A128GCM
|
95
|
+
case encryption_method.try(:to_sym)
|
96
|
+
when :A128GCM
|
97
97
|
'aes-128-gcm'
|
98
|
-
when :A256GCM
|
98
|
+
when :A256GCM
|
99
99
|
'aes-256-gcm'
|
100
|
-
when :'A128CBC-HS256'
|
100
|
+
when :'A128CBC-HS256'
|
101
101
|
'aes-128-cbc'
|
102
|
-
when :'A256CBC-HS512'
|
102
|
+
when :'A256CBC-HS512'
|
103
103
|
'aes-256-cbc'
|
104
104
|
else
|
105
105
|
raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
|
@@ -107,10 +107,10 @@ module JSON
|
|
107
107
|
end
|
108
108
|
|
109
109
|
def sha_size
|
110
|
-
case encryption_method.
|
111
|
-
when :'A128CBC-HS256'
|
110
|
+
case encryption_method.try(:to_sym)
|
111
|
+
when :'A128CBC-HS256'
|
112
112
|
256
|
113
|
-
when :'A256CBC-HS512'
|
113
|
+
when :'A256CBC-HS512'
|
114
114
|
512
|
115
115
|
else
|
116
116
|
raise UnexpectedAlgorithm.new('Unknown Hash Size')
|
@@ -135,22 +135,22 @@ module JSON
|
|
135
135
|
# encryption
|
136
136
|
|
137
137
|
def jwe_encrypted_key
|
138
|
-
@jwe_encrypted_key ||= case algorithm.
|
139
|
-
when :RSA1_5
|
138
|
+
@jwe_encrypted_key ||= case algorithm.try(:to_sym)
|
139
|
+
when :RSA1_5
|
140
140
|
public_key_or_secret.public_encrypt content_encryption_key
|
141
|
-
when :'RSA-OAEP'
|
141
|
+
when :'RSA-OAEP'
|
142
142
|
public_key_or_secret.public_encrypt content_encryption_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
|
143
|
-
when :A128KW
|
143
|
+
when :A128KW
|
144
144
|
raise NotImplementedError.new('A128KW not supported yet')
|
145
|
-
when :A256KW
|
145
|
+
when :A256KW
|
146
146
|
raise NotImplementedError.new('A256KW not supported yet')
|
147
|
-
when :dir
|
147
|
+
when :dir
|
148
148
|
''
|
149
|
-
when :'ECDH-ES'
|
149
|
+
when :'ECDH-ES'
|
150
150
|
raise NotImplementedError.new('ECDH-ES not supported yet')
|
151
|
-
when :'ECDH-ES+A128KW'
|
151
|
+
when :'ECDH-ES+A128KW'
|
152
152
|
raise NotImplementedError.new('ECDH-ES+A128KW not supported yet')
|
153
|
-
when :'ECDH-ES+A256KW'
|
153
|
+
when :'ECDH-ES+A256KW'
|
154
154
|
raise NotImplementedError.new('ECDH-ES+A256KW not supported yet')
|
155
155
|
else
|
156
156
|
raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
|
@@ -223,22 +223,22 @@ module JSON
|
|
223
223
|
end
|
224
224
|
|
225
225
|
def decrypt_content_encryption_key
|
226
|
-
case algorithm.
|
227
|
-
when :RSA1_5
|
226
|
+
case algorithm.try(:to_sym)
|
227
|
+
when :RSA1_5
|
228
228
|
private_key_or_secret.private_decrypt jwe_encrypted_key
|
229
|
-
when :'RSA-OAEP'
|
229
|
+
when :'RSA-OAEP'
|
230
230
|
private_key_or_secret.private_decrypt jwe_encrypted_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
|
231
|
-
when :A128KW
|
231
|
+
when :A128KW
|
232
232
|
raise NotImplementedError.new('A128KW not supported yet')
|
233
|
-
when :A256KW
|
233
|
+
when :A256KW
|
234
234
|
raise NotImplementedError.new('A256KW not supported yet')
|
235
|
-
when :dir
|
235
|
+
when :dir
|
236
236
|
private_key_or_secret
|
237
|
-
when :'ECDH-ES'
|
237
|
+
when :'ECDH-ES'
|
238
238
|
raise NotImplementedError.new('ECDH-ES not supported yet')
|
239
|
-
when :'ECDH-ES+A128KW'
|
239
|
+
when :'ECDH-ES+A128KW'
|
240
240
|
raise NotImplementedError.new('ECDH-ES+A128KW not supported yet')
|
241
|
-
when :'ECDH-ES+A256KW'
|
241
|
+
when :'ECDH-ES+A256KW'
|
242
242
|
raise NotImplementedError.new('ECDH-ES+A256KW not supported yet')
|
243
243
|
else
|
244
244
|
raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
|
data/lib/json/jwk.rb
CHANGED
@@ -10,6 +10,18 @@ module JSON
|
|
10
10
|
'application/jwk+json'
|
11
11
|
end
|
12
12
|
|
13
|
+
def thumbprint(digest = OpenSSL::Digest::SHA256.new)
|
14
|
+
digest = case digest
|
15
|
+
when OpenSSL::Digest
|
16
|
+
digest
|
17
|
+
when String, Symbol
|
18
|
+
OpenSSL::Digest.new digest.to_s
|
19
|
+
else
|
20
|
+
raise UnknownAlgorithm.new('Unknown Digest Algorithm')
|
21
|
+
end
|
22
|
+
UrlSafeBase64.encode64 digest.digest(normalize.to_json)
|
23
|
+
end
|
24
|
+
|
13
25
|
private
|
14
26
|
|
15
27
|
def ecdsa_coodinates(ecdsa_key)
|
@@ -17,7 +29,7 @@ module JSON
|
|
17
29
|
hex = ecdsa_key.public_key.to_bn.to_s(16)
|
18
30
|
data_len = hex.length - 2
|
19
31
|
type = hex[0,2]
|
20
|
-
hex_x =
|
32
|
+
hex_x = hex[2, data_len/2]
|
21
33
|
hex_y = hex[2+data_len/2, data_len/2]
|
22
34
|
@ecdsa_coodinates = {
|
23
35
|
x: [hex_x].pack("H*"),
|
@@ -43,19 +55,39 @@ module JSON
|
|
43
55
|
y: UrlSafeBase64.encode64(ecdsa_coodinates(public_key)[:y].to_s),
|
44
56
|
}
|
45
57
|
else
|
46
|
-
raise UnknownAlgorithm.new('Unknown
|
58
|
+
raise UnknownAlgorithm.new('Unknown Key Type')
|
47
59
|
end
|
48
60
|
hash.merge(options)
|
49
61
|
end
|
50
62
|
|
63
|
+
def normalize
|
64
|
+
case self[:kty].try(:to_sym)
|
65
|
+
when :RSA
|
66
|
+
{
|
67
|
+
e: self[:e],
|
68
|
+
kty: self[:kty],
|
69
|
+
n: self[:n]
|
70
|
+
}
|
71
|
+
when :EC
|
72
|
+
{
|
73
|
+
crv: self[:crv],
|
74
|
+
kty: self[:kty],
|
75
|
+
x: self[:x],
|
76
|
+
y: self[:y]
|
77
|
+
}
|
78
|
+
else
|
79
|
+
raise UnknownAlgorithm.new('Unknown Key Type')
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
51
83
|
class << self
|
52
84
|
def ecdsa_curve_name_for(curve_identifier)
|
53
|
-
case curve_identifier.
|
54
|
-
when 'P-256'
|
85
|
+
case curve_identifier.try(:to_sym)
|
86
|
+
when :'P-256'
|
55
87
|
'prime256v1'
|
56
|
-
when 'P-384'
|
88
|
+
when :'P-384'
|
57
89
|
'secp384r1'
|
58
|
-
when 'P-521'
|
90
|
+
when :'P-521'
|
59
91
|
'secp521r1'
|
60
92
|
else
|
61
93
|
raise UnknownAlgorithm.new('Unknown ECDSA Curve')
|
@@ -77,15 +109,15 @@ module JSON
|
|
77
109
|
|
78
110
|
def decode(jwk)
|
79
111
|
jwk = jwk.with_indifferent_access
|
80
|
-
case jwk[:kty].
|
81
|
-
when
|
112
|
+
case jwk[:kty].try(:to_sym)
|
113
|
+
when :RSA
|
82
114
|
e = OpenSSL::BN.new UrlSafeBase64.decode64(jwk[:e]), 2
|
83
115
|
n = OpenSSL::BN.new UrlSafeBase64.decode64(jwk[:n]), 2
|
84
116
|
key = OpenSSL::PKey::RSA.new
|
85
117
|
key.e = e
|
86
118
|
key.n = n
|
87
119
|
key
|
88
|
-
when
|
120
|
+
when :EC
|
89
121
|
if RUBY_VERSION >= '2.0.0'
|
90
122
|
key = OpenSSL::PKey::EC.new ecdsa_curve_name_for(jwk[:crv])
|
91
123
|
x, y = [jwk[:x], jwk[:y]].collect do |decoded|
|
@@ -97,7 +129,7 @@ module JSON
|
|
97
129
|
raise UnknownAlgorithm.new('ECDSA JWK Decoding requires Ruby 2.0+')
|
98
130
|
end
|
99
131
|
else
|
100
|
-
raise UnknownAlgorithm.new('Unknown
|
132
|
+
raise UnknownAlgorithm.new('Unknown Key Type')
|
101
133
|
end
|
102
134
|
end
|
103
135
|
|
data/lib/json/jws.rb
CHANGED
@@ -28,15 +28,15 @@ module JSON
|
|
28
28
|
end
|
29
29
|
|
30
30
|
def hmac?
|
31
|
-
[:HS256, :HS384, :HS512].
|
31
|
+
[:HS256, :HS384, :HS512].include? algorithm.try(:to_sym)
|
32
32
|
end
|
33
33
|
|
34
34
|
def rsa?
|
35
|
-
[:RS256, :RS384, :RS512].
|
35
|
+
[:RS256, :RS384, :RS512].include? algorithm.try(:to_sym)
|
36
36
|
end
|
37
37
|
|
38
38
|
def ecdsa?
|
39
|
-
[:ES256, :ES384, :ES512].
|
39
|
+
[:ES256, :ES384, :ES512].include? algorithm.try(:to_sym)
|
40
40
|
end
|
41
41
|
|
42
42
|
def signature_base_string
|
data/lib/json/jwt.rb
CHANGED
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'interop' do
|
4
|
+
describe 'with RFC Example' do
|
5
|
+
describe 'JWK Thubmprint' do
|
6
|
+
subject { JSON::JWK.new public_key }
|
7
|
+
|
8
|
+
let(:public_key) do
|
9
|
+
JSON::JWK.decode(
|
10
|
+
kty: :RSA,
|
11
|
+
n: '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw',
|
12
|
+
e: 'AQAB',
|
13
|
+
alg: :RSA256,
|
14
|
+
kid: '2011-04-29'
|
15
|
+
)
|
16
|
+
end
|
17
|
+
its(:thumbprint) { should == 'NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs' }
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
data/spec/json/jwk_spec.rb
CHANGED
@@ -21,6 +21,18 @@ describe JSON::JWK do
|
|
21
21
|
its(:kid) { jwk[:kid].should == '12345' }
|
22
22
|
its(:use) { jwk[:use].should == :sig }
|
23
23
|
end
|
24
|
+
|
25
|
+
describe '#thumbprint' do
|
26
|
+
context 'using default hash function' do
|
27
|
+
subject { jwk.thumbprint }
|
28
|
+
it { should == 'nuBTimkcSt_AuEsD8Yv3l8CoGV31bu_3gsRDGN1iVKA' }
|
29
|
+
end
|
30
|
+
|
31
|
+
context 'using SHA512 hash function' do
|
32
|
+
subject { jwk.thumbprint :SHA512 }
|
33
|
+
it { should == '6v7pXTnQLMiQgvJlPJUdhAUSuGLzgF8C1r3ABAMFet6bc53ea-Pq4ZGbGu3RoAFsNRT1-RhTzDqtqXuLU6NOtw' }
|
34
|
+
end
|
35
|
+
end
|
24
36
|
end
|
25
37
|
|
26
38
|
context 'when ECDSA public key given' do
|
@@ -60,12 +72,12 @@ describe JSON::JWK do
|
|
60
72
|
end
|
61
73
|
end
|
62
74
|
|
63
|
-
describe 'unknown
|
75
|
+
describe 'unknown key type' do
|
64
76
|
it do
|
65
77
|
key = OpenSSL::PKey::DSA.generate 256
|
66
78
|
expect do
|
67
79
|
JSON::JWK.new key
|
68
|
-
end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown
|
80
|
+
end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Key Type'
|
69
81
|
end
|
70
82
|
end
|
71
83
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-07-
|
11
|
+
date: 2015-07-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: multi_json
|
@@ -173,6 +173,7 @@ files:
|
|
173
173
|
- spec/helpers/sign_key_fixture_helper.rb
|
174
174
|
- spec/interop/with_jsrsasign_spec.rb
|
175
175
|
- spec/interop/with_nimbus_jose_spec.rb
|
176
|
+
- spec/interop/with_rfc_example_spec.rb
|
176
177
|
- spec/json/jwe_spec.rb
|
177
178
|
- spec/json/jwk/set_spec.rb
|
178
179
|
- spec/json/jwk_spec.rb
|
@@ -218,6 +219,7 @@ test_files:
|
|
218
219
|
- spec/helpers/sign_key_fixture_helper.rb
|
219
220
|
- spec/interop/with_jsrsasign_spec.rb
|
220
221
|
- spec/interop/with_nimbus_jose_spec.rb
|
222
|
+
- spec/interop/with_rfc_example_spec.rb
|
221
223
|
- spec/json/jwe_spec.rb
|
222
224
|
- spec/json/jwk/set_spec.rb
|
223
225
|
- spec/json/jwk_spec.rb
|