json-jwt 1.16.0 → 1.16.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/VERSION +1 -1
- data/lib/json/jwe.rb +14 -4
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0593ae4268dde10889b1e4272e01d7c95f2fdb2c69b365b81b67837b66d30531'
|
|
4
|
+
data.tar.gz: 27badbcb85bf47a663eed76b859cf0c7d502a0bb683a8f10ce9d8e3539a9149c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa6a607b44857bddb3f1f489c60cea213eaef6c4ab3481ffb3b665b21c4088bc7e12724bda2ca6c66d55cc2032cc392f85d08cabc6e774f5e8cb13bd62ec695d
|
|
7
|
+
data.tar.gz: c75bd449bb1e6d746e456ea2c58582cfff85a4d285f30d53e4b724f7904d13f626f84899034dffccdf4e9c41db0721b1573d968c45d2c123b1fb1e42e1379f8b
|
data/CHANGELOG.md
ADDED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.16.
|
|
1
|
+
1.16.1
|
data/lib/json/jwe.rb
CHANGED
|
@@ -43,9 +43,12 @@ module JSON
|
|
|
43
43
|
raise UnexpectedAlgorithm.new('Unexpected alg header') unless algorithms.blank? || Array(algorithms).include?(alg)
|
|
44
44
|
raise UnexpectedAlgorithm.new('Unexpected enc header') unless encryption_methods.blank? || Array(encryption_methods).include?(enc)
|
|
45
45
|
self.private_key_or_secret = with_jwk_support private_key_or_secret
|
|
46
|
-
cipher.decrypt
|
|
47
46
|
self.content_encryption_key = decrypt_content_encryption_key
|
|
48
47
|
self.mac_key, self.encryption_key = derive_encryption_and_mac_keys
|
|
48
|
+
|
|
49
|
+
verify_cbc_authentication_tag! if cbc?
|
|
50
|
+
|
|
51
|
+
cipher.decrypt
|
|
49
52
|
cipher.key = encryption_key
|
|
50
53
|
cipher.iv = iv # NOTE: 'iv' has to be set after 'key' for GCM
|
|
51
54
|
if gcm?
|
|
@@ -54,8 +57,15 @@ module JSON
|
|
|
54
57
|
cipher.auth_tag = authentication_tag
|
|
55
58
|
cipher.auth_data = auth_data
|
|
56
59
|
end
|
|
57
|
-
|
|
58
|
-
|
|
60
|
+
|
|
61
|
+
begin
|
|
62
|
+
self.plain_text = cipher.update(cipher_text) + cipher.final
|
|
63
|
+
rescue OpenSSL::OpenSSLError
|
|
64
|
+
# Ensure that the same error is raised for invalid PKCS7 padding
|
|
65
|
+
# as for invalid signatures. This prevents padding-oracle attacks.
|
|
66
|
+
raise DecryptionFailed
|
|
67
|
+
end
|
|
68
|
+
|
|
59
69
|
self
|
|
60
70
|
end
|
|
61
71
|
|
|
@@ -244,7 +254,7 @@ module JSON
|
|
|
244
254
|
sha_digest, mac_key, secured_input
|
|
245
255
|
)[0, sha_size / 2 / 8]
|
|
246
256
|
unless secure_compare(authentication_tag, expected_authentication_tag)
|
|
247
|
-
raise DecryptionFailed
|
|
257
|
+
raise DecryptionFailed
|
|
248
258
|
end
|
|
249
259
|
end
|
|
250
260
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.16.
|
|
4
|
+
version: 1.16.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-10-
|
|
11
|
+
date: 2022-10-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -163,6 +163,7 @@ files:
|
|
|
163
163
|
- ".gitignore"
|
|
164
164
|
- ".gitmodules"
|
|
165
165
|
- ".rspec"
|
|
166
|
+
- CHANGELOG.md
|
|
166
167
|
- Gemfile
|
|
167
168
|
- LICENSE
|
|
168
169
|
- README.md
|
|
@@ -181,7 +182,7 @@ homepage: https://github.com/nov/json-jwt
|
|
|
181
182
|
licenses:
|
|
182
183
|
- MIT
|
|
183
184
|
metadata: {}
|
|
184
|
-
post_install_message:
|
|
185
|
+
post_install_message:
|
|
185
186
|
rdoc_options: []
|
|
186
187
|
require_paths:
|
|
187
188
|
- lib
|
|
@@ -196,8 +197,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
196
197
|
- !ruby/object:Gem::Version
|
|
197
198
|
version: '0'
|
|
198
199
|
requirements: []
|
|
199
|
-
rubygems_version: 3.
|
|
200
|
-
signing_key:
|
|
200
|
+
rubygems_version: 3.3.7
|
|
201
|
+
signing_key:
|
|
201
202
|
specification_version: 4
|
|
202
203
|
summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
|
|
203
204
|
JSON Web Key) in Ruby
|