json-jwt 1.16.0 → 1.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/VERSION +1 -1
- data/lib/json/jwe.rb +14 -4
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0593ae4268dde10889b1e4272e01d7c95f2fdb2c69b365b81b67837b66d30531'
|
|
4
|
+
data.tar.gz: 27badbcb85bf47a663eed76b859cf0c7d502a0bb683a8f10ce9d8e3539a9149c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa6a607b44857bddb3f1f489c60cea213eaef6c4ab3481ffb3b665b21c4088bc7e12724bda2ca6c66d55cc2032cc392f85d08cabc6e774f5e8cb13bd62ec695d
|
|
7
|
+
data.tar.gz: c75bd449bb1e6d746e456ea2c58582cfff85a4d285f30d53e4b724f7904d13f626f84899034dffccdf4e9c41db0721b1573d968c45d2c123b1fb1e42e1379f8b
|
data/CHANGELOG.md
ADDED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.16.
|
|
1
|
+
1.16.1
|
data/lib/json/jwe.rb
CHANGED
|
@@ -43,9 +43,12 @@ module JSON
|
|
|
43
43
|
raise UnexpectedAlgorithm.new('Unexpected alg header') unless algorithms.blank? || Array(algorithms).include?(alg)
|
|
44
44
|
raise UnexpectedAlgorithm.new('Unexpected enc header') unless encryption_methods.blank? || Array(encryption_methods).include?(enc)
|
|
45
45
|
self.private_key_or_secret = with_jwk_support private_key_or_secret
|
|
46
|
-
cipher.decrypt
|
|
47
46
|
self.content_encryption_key = decrypt_content_encryption_key
|
|
48
47
|
self.mac_key, self.encryption_key = derive_encryption_and_mac_keys
|
|
48
|
+
|
|
49
|
+
verify_cbc_authentication_tag! if cbc?
|
|
50
|
+
|
|
51
|
+
cipher.decrypt
|
|
49
52
|
cipher.key = encryption_key
|
|
50
53
|
cipher.iv = iv # NOTE: 'iv' has to be set after 'key' for GCM
|
|
51
54
|
if gcm?
|
|
@@ -54,8 +57,15 @@ module JSON
|
|
|
54
57
|
cipher.auth_tag = authentication_tag
|
|
55
58
|
cipher.auth_data = auth_data
|
|
56
59
|
end
|
|
57
|
-
|
|
58
|
-
|
|
60
|
+
|
|
61
|
+
begin
|
|
62
|
+
self.plain_text = cipher.update(cipher_text) + cipher.final
|
|
63
|
+
rescue OpenSSL::OpenSSLError
|
|
64
|
+
# Ensure that the same error is raised for invalid PKCS7 padding
|
|
65
|
+
# as for invalid signatures. This prevents padding-oracle attacks.
|
|
66
|
+
raise DecryptionFailed
|
|
67
|
+
end
|
|
68
|
+
|
|
59
69
|
self
|
|
60
70
|
end
|
|
61
71
|
|
|
@@ -244,7 +254,7 @@ module JSON
|
|
|
244
254
|
sha_digest, mac_key, secured_input
|
|
245
255
|
)[0, sha_size / 2 / 8]
|
|
246
256
|
unless secure_compare(authentication_tag, expected_authentication_tag)
|
|
247
|
-
raise DecryptionFailed
|
|
257
|
+
raise DecryptionFailed
|
|
248
258
|
end
|
|
249
259
|
end
|
|
250
260
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.16.
|
|
4
|
+
version: 1.16.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-10-
|
|
11
|
+
date: 2022-10-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -163,6 +163,7 @@ files:
|
|
|
163
163
|
- ".gitignore"
|
|
164
164
|
- ".gitmodules"
|
|
165
165
|
- ".rspec"
|
|
166
|
+
- CHANGELOG.md
|
|
166
167
|
- Gemfile
|
|
167
168
|
- LICENSE
|
|
168
169
|
- README.md
|
|
@@ -181,7 +182,7 @@ homepage: https://github.com/nov/json-jwt
|
|
|
181
182
|
licenses:
|
|
182
183
|
- MIT
|
|
183
184
|
metadata: {}
|
|
184
|
-
post_install_message:
|
|
185
|
+
post_install_message:
|
|
185
186
|
rdoc_options: []
|
|
186
187
|
require_paths:
|
|
187
188
|
- lib
|
|
@@ -196,8 +197,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
196
197
|
- !ruby/object:Gem::Version
|
|
197
198
|
version: '0'
|
|
198
199
|
requirements: []
|
|
199
|
-
rubygems_version: 3.
|
|
200
|
-
signing_key:
|
|
200
|
+
rubygems_version: 3.3.7
|
|
201
|
+
signing_key:
|
|
201
202
|
specification_version: 4
|
|
202
203
|
summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
|
|
203
204
|
JSON Web Key) in Ruby
|