json-jwt 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +67 -0
- data/VERSION +1 -1
- data/lib/json/jwk.rb +54 -92
- data/lib/json/jwk/jwkizable.rb +73 -0
- data/lib/json/jwk/set.rb +15 -10
- data/lib/json/jws.rb +11 -10
- data/lib/json/jwt.rb +8 -6
- data/spec/helpers/sign_key_fixture_helper.rb +2 -2
- data/spec/interop/with_rfc_example_spec.rb +3 -4
- data/spec/json/jwk/jwkizable_spec.rb +47 -0
- data/spec/json/jwk/set_spec.rb +21 -1
- data/spec/json/jwk_spec.rb +5 -1
- metadata +6 -3
- data/README.rdoc +0 -61
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 08f7086ee05223bc1e784eec95ee4f8e15b7b35f
|
4
|
+
data.tar.gz: e98b321350efb0ab0215126f707b9574e3b46d56
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3a6eec2fa290220c9ca5310cfa32b52988223a88e6b10f6a7da6dbfe4f39a6a29b921fa10d9e1efd6116ee6a2872d93e267d810dd4b3dc8a1c6e45cae0882aa4
|
7
|
+
data.tar.gz: 717d4f00866ad143eeb2fecbd81cafb96c002fb86d3707563529de2484f8aa7b621f0b8946f43cb6a47f2d8cd7d066e0510c651b35ce9b6bd64a21e472681285
|
data/README.md
ADDED
@@ -0,0 +1,67 @@
|
|
1
|
+
# JSON::JWT
|
2
|
+
|
3
|
+
JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby
|
4
|
+
|
5
|
+
[![Build Status](https://secure.travis-ci.org/nov/json-jwt.png)](http://travis-ci.org/nov/json-jwt)
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
gem install json-jwt
|
10
|
+
|
11
|
+
## Resources
|
12
|
+
|
13
|
+
* View Source on GitHub (https://github.com/nov/json-jwt)
|
14
|
+
* Report Issues on GitHub (https://github.com/nov/json-jwt/issues)
|
15
|
+
|
16
|
+
## Examples
|
17
|
+
|
18
|
+
### Encoding
|
19
|
+
|
20
|
+
```ruby
|
21
|
+
require 'json/jwt'
|
22
|
+
|
23
|
+
claim = {
|
24
|
+
iss: 'nov',
|
25
|
+
exp: 1.week.from_now,
|
26
|
+
nbf: Time.now
|
27
|
+
}
|
28
|
+
|
29
|
+
# No signature, no encryption
|
30
|
+
jwt = JSON::JWT.new(claim).to_s
|
31
|
+
|
32
|
+
# With signiture, no encryption
|
33
|
+
jws = JSON::JWT.new(claim).sign(key, algorithm) # algorithm is optional. default HS256
|
34
|
+
jws.to_s # => header.payload.signature
|
35
|
+
jws.to_json(syntax: :general) # => General JWS JSON Serialization
|
36
|
+
jws.to_json(syntax: :flatten) # => Flattened JWS JSON Serialization
|
37
|
+
|
38
|
+
# With signature & encryption
|
39
|
+
jwe = jws.encrypt(key, algorithm, encryption_method) # algorithm & encryption_method are optional. default RSA1_5 & A128CBC-HS256
|
40
|
+
jwe.to_s # => header.encrypted_key.iv.cipher_text.authentication_tag
|
41
|
+
```
|
42
|
+
|
43
|
+
For details about `key` and `algorithm`, see
|
44
|
+
[JWS Spec](https://github.com/nov/json-jwt/blob/master/spec/json/jws_spec.rb) and
|
45
|
+
[Sign Key Fixture Generator](https://github.com/nov/json-jwt/blob/master/spec/helpers/sign_key_fixture_helper.rb).
|
46
|
+
|
47
|
+
### Decoding
|
48
|
+
|
49
|
+
```ruby
|
50
|
+
jwt_string = "jwt_header.jwt_claims.jwt_signature"
|
51
|
+
|
52
|
+
JSON::JWT.decode(jwt_string, key)
|
53
|
+
```
|
54
|
+
|
55
|
+
## Note on Patches/Pull Requests
|
56
|
+
|
57
|
+
* Fork the project.
|
58
|
+
* Make your feature addition or bug fix.
|
59
|
+
* Add tests for it. This is important so I don't break it in a
|
60
|
+
future version unintentionally.
|
61
|
+
* Commit, do not mess with rakefile, version, or history.
|
62
|
+
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
|
63
|
+
* Send me a pull request. Bonus points for topic branches.
|
64
|
+
|
65
|
+
## Copyright
|
66
|
+
|
67
|
+
Copyright (c) 2011 nov matake. See LICENSE for details.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.2.0
|
data/lib/json/jwk.rb
CHANGED
@@ -2,8 +2,17 @@ module JSON
|
|
2
2
|
class JWK < ActiveSupport::HashWithIndifferentAccess
|
3
3
|
class UnknownAlgorithm < JWT::Exception; end
|
4
4
|
|
5
|
-
def initialize(
|
6
|
-
|
5
|
+
def initialize(constructor = {}, ex_params = {})
|
6
|
+
if constructor.is_a? OpenSSL::PKey::PKey
|
7
|
+
if constructor.respond_to? :to_jwk
|
8
|
+
super constructor.to_jwk(ex_params)
|
9
|
+
else
|
10
|
+
raise UnknownAlgorithm.new('Unknown Key Type')
|
11
|
+
end
|
12
|
+
else
|
13
|
+
super constructor
|
14
|
+
merge! ex_params
|
15
|
+
end
|
7
16
|
end
|
8
17
|
|
9
18
|
def content_type
|
@@ -22,44 +31,37 @@ module JSON
|
|
22
31
|
UrlSafeBase64.encode64 digest.digest(normalize.to_json)
|
23
32
|
end
|
24
33
|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
}
|
50
|
-
when OpenSSL::PKey::EC
|
51
|
-
{
|
52
|
-
kty: :EC,
|
53
|
-
crv: self.class.ecdsa_curve_identifier_for(public_key.group.curve_name),
|
54
|
-
x: UrlSafeBase64.encode64(ecdsa_coodinates(public_key)[:x].to_s),
|
55
|
-
y: UrlSafeBase64.encode64(ecdsa_coodinates(public_key)[:y].to_s),
|
56
|
-
}
|
34
|
+
def to_key
|
35
|
+
case self[:kty].try(:to_sym)
|
36
|
+
when :RSA
|
37
|
+
e, n, d = [:e, :n, :d].collect do |key|
|
38
|
+
if self[key]
|
39
|
+
OpenSSL::BN.new UrlSafeBase64.decode64(self[key]), 2
|
40
|
+
end
|
41
|
+
end
|
42
|
+
key = OpenSSL::PKey::RSA.new
|
43
|
+
key.e = e
|
44
|
+
key.n = n
|
45
|
+
key.d = d if d
|
46
|
+
key
|
47
|
+
when :EC
|
48
|
+
if RUBY_VERSION >= '2.0.0'
|
49
|
+
key = OpenSSL::PKey::EC.new full_curve_name
|
50
|
+
x, y = [self[:x], self[:y]].collect do |decoded|
|
51
|
+
OpenSSL::BN.new UrlSafeBase64.decode64(decoded), 2
|
52
|
+
end
|
53
|
+
key.public_key = OpenSSL::PKey::EC::Point.new(key.group).mul(x, y)
|
54
|
+
key
|
55
|
+
else
|
56
|
+
raise UnknownAlgorithm.new('This feature requires Ruby 2.0+')
|
57
|
+
end
|
57
58
|
else
|
58
59
|
raise UnknownAlgorithm.new('Unknown Key Type')
|
59
60
|
end
|
60
|
-
hash.merge(options)
|
61
61
|
end
|
62
62
|
|
63
|
+
private
|
64
|
+
|
63
65
|
def normalize
|
64
66
|
case self[:kty].try(:to_sym)
|
65
67
|
when :RSA
|
@@ -80,66 +82,26 @@ module JSON
|
|
80
82
|
end
|
81
83
|
end
|
82
84
|
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
raise UnknownAlgorithm.new('Unknown ECDSA Curve')
|
94
|
-
end
|
95
|
-
end
|
96
|
-
|
97
|
-
def ecdsa_curve_identifier_for(curve_name)
|
98
|
-
case curve_name
|
99
|
-
when 'prime256v1'
|
100
|
-
:'P-256'
|
101
|
-
when 'secp384r1'
|
102
|
-
:'P-384'
|
103
|
-
when 'secp521r1'
|
104
|
-
:'P-521'
|
105
|
-
else
|
106
|
-
raise UnknownAlgorithm.new('Unknown ECDSA Curve')
|
107
|
-
end
|
85
|
+
def full_curve_name
|
86
|
+
case self[:crv].try(:to_sym)
|
87
|
+
when :'P-256'
|
88
|
+
'prime256v1'
|
89
|
+
when :'P-384'
|
90
|
+
'secp384r1'
|
91
|
+
when :'P-521'
|
92
|
+
'secp521r1'
|
93
|
+
else
|
94
|
+
raise UnknownAlgorithm.new('Unknown ECDSA Curve')
|
108
95
|
end
|
96
|
+
end
|
109
97
|
|
98
|
+
class << self
|
110
99
|
def decode(jwk)
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
n = OpenSSL::BN.new UrlSafeBase64.decode64(jwk[:n]), 2
|
116
|
-
key = OpenSSL::PKey::RSA.new
|
117
|
-
key.e = e
|
118
|
-
key.n = n
|
119
|
-
key
|
120
|
-
when :EC
|
121
|
-
if RUBY_VERSION >= '2.0.0'
|
122
|
-
key = OpenSSL::PKey::EC.new ecdsa_curve_name_for(jwk[:crv])
|
123
|
-
x, y = [jwk[:x], jwk[:y]].collect do |decoded|
|
124
|
-
OpenSSL::BN.new UrlSafeBase64.decode64(decoded), 2
|
125
|
-
end
|
126
|
-
key.public_key = OpenSSL::PKey::EC::Point.new(key.group).mul(x, y)
|
127
|
-
key
|
128
|
-
else
|
129
|
-
raise UnknownAlgorithm.new('ECDSA JWK Decoding requires Ruby 2.0+')
|
130
|
-
end
|
131
|
-
else
|
132
|
-
raise UnknownAlgorithm.new('Unknown Key Type')
|
133
|
-
end
|
134
|
-
end
|
135
|
-
|
136
|
-
# NOTE: Ugly hack to avoid this ActiveSupport 4.0 bug.
|
137
|
-
# https://github.com/rails/rails/issues/11087
|
138
|
-
def new_from_hash_copying_default(hash)
|
139
|
-
superclass.new_from_hash_copying_default hash
|
100
|
+
# NOTE:
|
101
|
+
# returning OpenSSL::PKey::RSA/EC instance for backward compatibility.
|
102
|
+
# use `new` if you want JSON::JWK instance.
|
103
|
+
new(jwk).to_key
|
140
104
|
end
|
141
105
|
end
|
142
106
|
end
|
143
|
-
end
|
144
|
-
|
145
|
-
require 'json/jwk/set'
|
107
|
+
end
|
@@ -0,0 +1,73 @@
|
|
1
|
+
module JSON
|
2
|
+
class JWK
|
3
|
+
module JWKizable
|
4
|
+
module RSA
|
5
|
+
def to_jwk(ex_params = {})
|
6
|
+
params = {
|
7
|
+
kty: :RSA,
|
8
|
+
e: UrlSafeBase64.encode64(e.to_s(2)),
|
9
|
+
n: UrlSafeBase64.encode64(n.to_s(2))
|
10
|
+
}.merge ex_params
|
11
|
+
if private?
|
12
|
+
params.merge!(
|
13
|
+
d: UrlSafeBase64.encode64(d.to_s(2))
|
14
|
+
)
|
15
|
+
end
|
16
|
+
JWK.new params
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
module EC
|
21
|
+
def to_jwk(ex_params = {})
|
22
|
+
# NOTE:
|
23
|
+
# OpenSSL::PKey::EC instance can be both public & private key at the same time.
|
24
|
+
# In such case, is it handled as public key or private key?
|
25
|
+
# For now, this gem handles any OpenSSL::PKey::EC instances as public key.
|
26
|
+
unless public_key?
|
27
|
+
raise UnknownAlgorithm.new('EC private key is not supported yet')
|
28
|
+
end
|
29
|
+
params = {
|
30
|
+
kty: :EC,
|
31
|
+
crv: curve_name,
|
32
|
+
x: UrlSafeBase64.encode64(coodinates[:x].to_s),
|
33
|
+
y: UrlSafeBase64.encode64(coodinates[:y].to_s)
|
34
|
+
}.merge ex_params
|
35
|
+
JWK.new params
|
36
|
+
end
|
37
|
+
|
38
|
+
private
|
39
|
+
|
40
|
+
def curve_name
|
41
|
+
case group.curve_name
|
42
|
+
when 'prime256v1'
|
43
|
+
:'P-256'
|
44
|
+
when 'secp384r1'
|
45
|
+
:'P-384'
|
46
|
+
when 'secp521r1'
|
47
|
+
:'P-521'
|
48
|
+
else
|
49
|
+
raise UnknownAlgorithm.new('Unknown EC Curve')
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def coodinates
|
54
|
+
unless @coodinates
|
55
|
+
hex = public_key.to_bn.to_s(16)
|
56
|
+
data_len = hex.length - 2
|
57
|
+
type = hex[0, 2]
|
58
|
+
hex_x = hex[2, data_len / 2]
|
59
|
+
hex_y = hex[2 + data_len / 2, data_len / 2]
|
60
|
+
@coodinates = {
|
61
|
+
x: [hex_x].pack("H*"),
|
62
|
+
y: [hex_y].pack("H*")
|
63
|
+
}
|
64
|
+
end
|
65
|
+
@coodinates
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
OpenSSL::PKey::RSA.send :include, JSON::JWK::JWKizable::RSA
|
73
|
+
OpenSSL::PKey::EC.send :include, JSON::JWK::JWKizable::EC
|
data/lib/json/jwk/set.rb
CHANGED
@@ -1,16 +1,21 @@
|
|
1
1
|
module JSON
|
2
|
-
class JWK
|
3
|
-
|
4
|
-
|
5
|
-
|
2
|
+
class JWK
|
3
|
+
class Set < Array
|
4
|
+
def initialize(*jwks)
|
5
|
+
jwks = Array(jwks).flatten.collect do |jwk|
|
6
|
+
JWK.new jwk
|
7
|
+
end
|
8
|
+
replace jwks
|
9
|
+
end
|
6
10
|
|
7
|
-
|
8
|
-
|
9
|
-
|
11
|
+
def content_type
|
12
|
+
'application/jwk-set+json'
|
13
|
+
end
|
10
14
|
|
11
|
-
|
12
|
-
|
13
|
-
|
15
|
+
def as_json(options = {})
|
16
|
+
# NOTE: Array.new wrapper is requied to avoid CircularReferenceError
|
17
|
+
{keys: Array.new(self)}
|
18
|
+
end
|
14
19
|
end
|
15
20
|
end
|
16
21
|
end
|
data/lib/json/jws.rb
CHANGED
@@ -7,7 +7,7 @@ module JSON
|
|
7
7
|
NUM_OF_SEGMENTS = 3
|
8
8
|
|
9
9
|
def initialize(jwt)
|
10
|
-
|
10
|
+
update jwt
|
11
11
|
raise InvalidFormat.new('Signature Algorithm Required') unless algorithm
|
12
12
|
end
|
13
13
|
|
@@ -42,6 +42,16 @@ module JSON
|
|
42
42
|
end
|
43
43
|
end
|
44
44
|
|
45
|
+
def update_with_jose_attributes(hash_or_jwt)
|
46
|
+
update_without_jose_attributes hash_or_jwt
|
47
|
+
if hash_or_jwt.is_a? JSON::JWT
|
48
|
+
self.header = hash_or_jwt.header
|
49
|
+
self.signature = hash_or_jwt.signature
|
50
|
+
end
|
51
|
+
self
|
52
|
+
end
|
53
|
+
alias_method_chain :update, :jose_attributes
|
54
|
+
|
45
55
|
private
|
46
56
|
|
47
57
|
def digest
|
@@ -123,15 +133,6 @@ module JSON
|
|
123
133
|
key.check_key
|
124
134
|
end
|
125
135
|
|
126
|
-
def replace(hash_or_jwt)
|
127
|
-
super
|
128
|
-
if hash_or_jwt.is_a? JSON::JWT
|
129
|
-
self.header = hash_or_jwt.header
|
130
|
-
self.signature = hash_or_jwt.signature
|
131
|
-
end
|
132
|
-
self
|
133
|
-
end
|
134
|
-
|
135
136
|
def raw_to_asn1(signature, public_key)
|
136
137
|
byte_size = (public_key.group.degree + 7) / 8
|
137
138
|
r = signature[0..(byte_size - 1)]
|
data/lib/json/jwt.rb
CHANGED
@@ -34,7 +34,7 @@ module JSON
|
|
34
34
|
[:exp, :nbf, :iat].each do |key|
|
35
35
|
claims[key] = claims[key].to_i if claims[key]
|
36
36
|
end
|
37
|
-
|
37
|
+
update claims
|
38
38
|
end
|
39
39
|
|
40
40
|
def content_type
|
@@ -115,11 +115,11 @@ module JSON
|
|
115
115
|
raise InvalidFormat.new("Invalid JSON Format")
|
116
116
|
end
|
117
117
|
|
118
|
-
# NOTE: Ugly hack to avoid this ActiveSupport 4.0 bug.
|
119
|
-
# https://github.com/rails/rails/issues/11087
|
120
|
-
def new_from_hash_copying_default(hash)
|
121
|
-
|
122
|
-
end
|
118
|
+
# # NOTE: Ugly hack to avoid this ActiveSupport 4.0 bug.
|
119
|
+
# # https://github.com/rails/rails/issues/11087
|
120
|
+
# def new_from_hash_copying_default(hash)
|
121
|
+
# superclass.new_from_hash_copying_default hash
|
122
|
+
# end
|
123
123
|
end
|
124
124
|
end
|
125
125
|
end
|
@@ -128,3 +128,5 @@ require 'json/jose'
|
|
128
128
|
require 'json/jws'
|
129
129
|
require 'json/jwe'
|
130
130
|
require 'json/jwk'
|
131
|
+
require 'json/jwk/jwkizable'
|
132
|
+
require 'json/jwk/set'
|
@@ -30,7 +30,7 @@ module SignKeyFixtureHelper
|
|
30
30
|
)
|
31
31
|
when :ecdsa
|
32
32
|
OpenSSL::PKey::EC.new(
|
33
|
-
pem_file("#{algorithm}/#{options[:digest_length]}/private_key")
|
33
|
+
pem_file("#{algorithm}/#{options[:digest_length] || 256}/private_key")
|
34
34
|
)
|
35
35
|
end
|
36
36
|
end
|
@@ -43,7 +43,7 @@ module SignKeyFixtureHelper
|
|
43
43
|
)
|
44
44
|
when :ecdsa
|
45
45
|
OpenSSL::PKey::EC.new(
|
46
|
-
pem_file("#{algorithm}/#{options[:digest_length]}/public_key")
|
46
|
+
pem_file("#{algorithm}/#{options[:digest_length] || 256}/public_key")
|
47
47
|
)
|
48
48
|
end
|
49
49
|
end
|
@@ -3,10 +3,8 @@ require 'spec_helper'
|
|
3
3
|
describe 'interop' do
|
4
4
|
describe 'with RFC Example' do
|
5
5
|
describe 'JWK Thubmprint' do
|
6
|
-
subject
|
7
|
-
|
8
|
-
let(:public_key) do
|
9
|
-
JSON::JWK.decode(
|
6
|
+
subject do
|
7
|
+
JSON::JWK.new(
|
10
8
|
kty: :RSA,
|
11
9
|
n: '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw',
|
12
10
|
e: 'AQAB',
|
@@ -14,6 +12,7 @@ describe 'interop' do
|
|
14
12
|
kid: '2011-04-29'
|
15
13
|
)
|
16
14
|
end
|
15
|
+
|
17
16
|
its(:thumbprint) { should == 'NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs' }
|
18
17
|
end
|
19
18
|
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe JSON::JWK::JWKizable do
|
4
|
+
shared_examples_for :jwkizable do
|
5
|
+
describe '#to_jwk' do
|
6
|
+
it { key.to_jwk.should be_instance_of JSON::JWK }
|
7
|
+
it { key.to_jwk.should include *expected_attributes.collect(&:to_s) }
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
describe OpenSSL::PKey::RSA do
|
12
|
+
describe :public_key do
|
13
|
+
let(:key) { public_key :rsa }
|
14
|
+
let(:expected_attributes) { [:kty, :n, :e] }
|
15
|
+
it_behaves_like :jwkizable
|
16
|
+
end
|
17
|
+
|
18
|
+
describe :private_key do
|
19
|
+
let(:key) { private_key :rsa }
|
20
|
+
let(:expected_attributes) { [:kty, :n, :e, :d] }
|
21
|
+
it_behaves_like :jwkizable
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
describe OpenSSL::PKey::EC do
|
26
|
+
describe :public_key do
|
27
|
+
let(:key) { public_key :ecdsa }
|
28
|
+
let(:expected_attributes) { [:kty, :crv, :x, :y] }
|
29
|
+
it_behaves_like :jwkizable
|
30
|
+
end
|
31
|
+
|
32
|
+
describe :private_key do
|
33
|
+
let(:key) { private_key :ecdsa }
|
34
|
+
let(:expected_attributes) { [:kty, :crv, :x, :y] } # NOTE: handled as public key
|
35
|
+
it_behaves_like :jwkizable
|
36
|
+
|
37
|
+
context 'when public key is not contained' do
|
38
|
+
before { key.public_key = nil }
|
39
|
+
it do
|
40
|
+
expect do
|
41
|
+
key.to_jwk
|
42
|
+
end.to raise_error JSON::JWK::UnknownAlgorithm, 'EC private key is not supported yet'
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
data/spec/json/jwk/set_spec.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe JSON::JWK::Set do
|
4
|
-
let(:jwk) {
|
4
|
+
let(:jwk) { public_key.to_jwk }
|
5
5
|
let(:set) { JSON::JWK::Set.new jwk }
|
6
6
|
|
7
7
|
describe '#content_type' do
|
@@ -25,6 +25,26 @@ describe JSON::JWK::Set do
|
|
25
25
|
it { should == [jwk, jwk] }
|
26
26
|
end
|
27
27
|
|
28
|
+
context 'when JSON::JWK given' do
|
29
|
+
subject { JSON::JWK::Set.new jwk }
|
30
|
+
|
31
|
+
it 'should keep JSON::JWK' do
|
32
|
+
subject.each do |jwk|
|
33
|
+
jwk.should be_instance_of JSON::JWK
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
context 'when pure Hash given' do
|
39
|
+
subject { JSON::JWK::Set.new jwk.as_json }
|
40
|
+
|
41
|
+
it 'should convert into JSON::JWK' do
|
42
|
+
subject.each do |jwk|
|
43
|
+
jwk.should be_instance_of JSON::JWK
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
28
48
|
describe '#as_json' do
|
29
49
|
it 'should become proper JWK set format' do
|
30
50
|
json = set.as_json
|
data/spec/json/jwk_spec.rb
CHANGED
@@ -1,6 +1,10 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe JSON::JWK do
|
4
|
+
describe '#initialize' do
|
5
|
+
it :TODO
|
6
|
+
end
|
7
|
+
|
4
8
|
describe '#content_type' do
|
5
9
|
let(:jwk) { JSON::JWK.new public_key }
|
6
10
|
it do
|
@@ -67,7 +71,7 @@ describe JSON::JWK do
|
|
67
71
|
key = OpenSSL::PKey::EC.new('secp112r2').generate_key
|
68
72
|
expect do
|
69
73
|
JSON::JWK.new key
|
70
|
-
end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown
|
74
|
+
end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown EC Curve'
|
71
75
|
end
|
72
76
|
end
|
73
77
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-08-
|
11
|
+
date: 2015-08-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: multi_json
|
@@ -150,13 +150,14 @@ files:
|
|
150
150
|
- ".travis.yml"
|
151
151
|
- Gemfile
|
152
152
|
- LICENSE
|
153
|
-
- README.
|
153
|
+
- README.md
|
154
154
|
- Rakefile
|
155
155
|
- VERSION
|
156
156
|
- json-jwt.gemspec
|
157
157
|
- lib/json/jose.rb
|
158
158
|
- lib/json/jwe.rb
|
159
159
|
- lib/json/jwk.rb
|
160
|
+
- lib/json/jwk/jwkizable.rb
|
160
161
|
- lib/json/jwk/set.rb
|
161
162
|
- lib/json/jws.rb
|
162
163
|
- lib/json/jwt.rb
|
@@ -175,6 +176,7 @@ files:
|
|
175
176
|
- spec/interop/with_nimbus_jose_spec.rb
|
176
177
|
- spec/interop/with_rfc_example_spec.rb
|
177
178
|
- spec/json/jwe_spec.rb
|
179
|
+
- spec/json/jwk/jwkizable_spec.rb
|
178
180
|
- spec/json/jwk/set_spec.rb
|
179
181
|
- spec/json/jwk_spec.rb
|
180
182
|
- spec/json/jws_spec.rb
|
@@ -221,6 +223,7 @@ test_files:
|
|
221
223
|
- spec/interop/with_nimbus_jose_spec.rb
|
222
224
|
- spec/interop/with_rfc_example_spec.rb
|
223
225
|
- spec/json/jwe_spec.rb
|
226
|
+
- spec/json/jwk/jwkizable_spec.rb
|
224
227
|
- spec/json/jwk/set_spec.rb
|
225
228
|
- spec/json/jwk_spec.rb
|
226
229
|
- spec/json/jws_spec.rb
|
data/README.rdoc
DELETED
@@ -1,61 +0,0 @@
|
|
1
|
-
= JSON::JWT
|
2
|
-
|
3
|
-
JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby
|
4
|
-
|
5
|
-
{<img src="https://secure.travis-ci.org/nov/json-jwt.png" />}[http://travis-ci.org/nov/json-jwt]
|
6
|
-
|
7
|
-
== Installation
|
8
|
-
|
9
|
-
gem install json-jwt
|
10
|
-
|
11
|
-
== Resources
|
12
|
-
|
13
|
-
* View Source on GitHub (https://github.com/nov/json-jwt)
|
14
|
-
* Report Issues on GitHub (https://github.com/nov/json-jwt/issues)
|
15
|
-
|
16
|
-
== Examples
|
17
|
-
|
18
|
-
=== Encoding
|
19
|
-
|
20
|
-
require 'json/jwt'
|
21
|
-
|
22
|
-
claim = {
|
23
|
-
iss: 'nov',
|
24
|
-
exp: 1.week.from_now,
|
25
|
-
nbf: Time.now
|
26
|
-
}
|
27
|
-
|
28
|
-
# No signature, no encryption
|
29
|
-
jwt = JSON::JWT.new(claim).to_s
|
30
|
-
|
31
|
-
# With signiture, no encryption
|
32
|
-
jws = JSON::JWT.new(claim).sign(key, algorithm) # algorithm is optional. default HS256
|
33
|
-
jws.to_s # => header.payload.signature
|
34
|
-
|
35
|
-
# With signature & encryption
|
36
|
-
jwe = jws.encrypt(key, algorithm, encryption_method) # algorithm & encryption_method are optional. default RSA1_5 & A128CBC-HS256
|
37
|
-
jwe.to_s # => header.encrypted_key.iv.cipher_text.authentication_tag
|
38
|
-
|
39
|
-
For details about <code>key</code> and <code>algorithm</code>, see
|
40
|
-
{JWS Spec}[https://github.com/nov/json-jwt/blob/master/spec/json/jws_spec.rb] and
|
41
|
-
{Sign Key Fixture Generator}[https://github.com/nov/json-jwt/blob/master/spec/helpers/sign_key_fixture_helper.rb].
|
42
|
-
|
43
|
-
=== Decoding
|
44
|
-
|
45
|
-
jwt_string = "jwt_header.jwt_claims.jwt_signature"
|
46
|
-
|
47
|
-
JSON::JWT.decode(jwt_string, key)
|
48
|
-
|
49
|
-
== Note on Patches/Pull Requests
|
50
|
-
|
51
|
-
* Fork the project.
|
52
|
-
* Make your feature addition or bug fix.
|
53
|
-
* Add tests for it. This is important so I don't break it in a
|
54
|
-
future version unintentionally.
|
55
|
-
* Commit, do not mess with rakefile, version, or history.
|
56
|
-
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
|
57
|
-
* Send me a pull request. Bonus points for topic branches.
|
58
|
-
|
59
|
-
== Copyright
|
60
|
-
|
61
|
-
Copyright (c) 2011 nov matake. See LICENSE for details.
|