json-jwt 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a67d827d688275c320f167da344b09c410389ae9
-  data.tar.gz: 86de0fee6cdab321509cb679c977c5c3654517c9
+  metadata.gz: 08f7086ee05223bc1e784eec95ee4f8e15b7b35f
+  data.tar.gz: e98b321350efb0ab0215126f707b9574e3b46d56
 SHA512:
-  metadata.gz: 0fd02d0b56b9fe92afc6300d8a7074a71fdf346264af52488b389b685100342fac4eea8485c5d4e0be68b8752049f6089a8b5ba05509d9f33d4116663705c8ed
-  data.tar.gz: ed5ee926666db5e52ca85ed60973321cf5042366c9484aa12e4c8cd37a6d3503a2c514b7699f99e6d1828e10202c2e1ff02f5d529dd9b3be880a6c24b3487bad
+  metadata.gz: 3a6eec2fa290220c9ca5310cfa32b52988223a88e6b10f6a7da6dbfe4f39a6a29b921fa10d9e1efd6116ee6a2872d93e267d810dd4b3dc8a1c6e45cae0882aa4
+  data.tar.gz: 717d4f00866ad143eeb2fecbd81cafb96c002fb86d3707563529de2484f8aa7b621f0b8946f43cb6a47f2d8cd7d066e0510c651b35ce9b6bd64a21e472681285

data/README.md

@@ -0,0 +1,67 @@
+# JSON::JWT
+
+JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby
+
+[![Build Status](https://secure.travis-ci.org/nov/json-jwt.png)](http://travis-ci.org/nov/json-jwt)
+
+## Installation
+
+  gem install json-jwt
+
+## Resources
+
+* View Source on GitHub (https://github.com/nov/json-jwt)
+* Report Issues on GitHub (https://github.com/nov/json-jwt/issues)
+
+## Examples
+
+### Encoding
+
+```ruby
+require 'json/jwt'
+
+claim = {
+  iss: 'nov',
+  exp: 1.week.from_now,
+  nbf: Time.now
+}
+
+# No signature, no encryption
+jwt = JSON::JWT.new(claim).to_s
+
+# With signiture, no encryption
+jws = JSON::JWT.new(claim).sign(key, algorithm) # algorithm is optional. default HS256
+jws.to_s # => header.payload.signature
+jws.to_json(syntax: :general) # => General JWS JSON Serialization
+jws.to_json(syntax: :flatten) # => Flattened JWS JSON Serialization
+
+# With signature & encryption
+jwe = jws.encrypt(key, algorithm, encryption_method) # algorithm & encryption_method are optional. default RSA1_5 & A128CBC-HS256
+jwe.to_s # => header.encrypted_key.iv.cipher_text.authentication_tag
+```
+
+For details about `key` and `algorithm`, see
+[JWS Spec](https://github.com/nov/json-jwt/blob/master/spec/json/jws_spec.rb) and
+[Sign Key Fixture Generator](https://github.com/nov/json-jwt/blob/master/spec/helpers/sign_key_fixture_helper.rb).
+
+### Decoding
+
+```ruby
+jwt_string = "jwt_header.jwt_claims.jwt_signature"
+
+JSON::JWT.decode(jwt_string, key)
+```
+
+## Note on Patches/Pull Requests
+
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+## Copyright
+
+Copyright (c) 2011 nov matake. See LICENSE for details.

data/VERSION

@@ -1 +1 @@
-1.1.0
+1.2.0

data/lib/json/jwk.rb

@@ -2,8 +2,17 @@ module JSON
   class JWK < ActiveSupport::HashWithIndifferentAccess
     class UnknownAlgorithm < JWT::Exception; end
 
-    def initialize(public_key, options = {})
-      replace encode(public_key, options)
+    def initialize(constructor = {}, ex_params = {})
+      if constructor.is_a? OpenSSL::PKey::PKey
+        if constructor.respond_to? :to_jwk
+          super constructor.to_jwk(ex_params)
+        else
+          raise UnknownAlgorithm.new('Unknown Key Type')
+        end
+      else
+        super constructor
+        merge! ex_params
+      end
     end
 
     def content_type
@@ -22,44 +31,37 @@ module JSON
       UrlSafeBase64.encode64 digest.digest(normalize.to_json)
     end
 
-    private
-
-    def ecdsa_coodinates(ecdsa_key)
-      unless @ecdsa_coodinates
-        hex = ecdsa_key.public_key.to_bn.to_s(16)
-        data_len = hex.length - 2
-        type = hex[0,2]
-        hex_x = hex[2, data_len/2]
-        hex_y = hex[2+data_len/2, data_len/2]
-        @ecdsa_coodinates = {
-          x: [hex_x].pack("H*"),
-          y: [hex_y].pack("H*")
-        }
-      end
-      @ecdsa_coodinates
-    end
-
-    def encode(public_key, options = {})
-      hash = case public_key
-      when OpenSSL::PKey::RSA
-        {
-          kty: :RSA,
-          e: UrlSafeBase64.encode64(public_key.e.to_s(2)),
-          n: UrlSafeBase64.encode64(public_key.n.to_s(2)),
-        }
-      when OpenSSL::PKey::EC
-        {
-          kty: :EC,
-          crv: self.class.ecdsa_curve_identifier_for(public_key.group.curve_name),
-          x: UrlSafeBase64.encode64(ecdsa_coodinates(public_key)[:x].to_s),
-          y: UrlSafeBase64.encode64(ecdsa_coodinates(public_key)[:y].to_s),
-        }
+    def to_key
+      case self[:kty].try(:to_sym)
+      when :RSA
+        e, n, d = [:e, :n, :d].collect do |key|
+          if self[key]
+            OpenSSL::BN.new UrlSafeBase64.decode64(self[key]), 2
+          end
+        end
+        key = OpenSSL::PKey::RSA.new
+        key.e = e
+        key.n = n
+        key.d = d if d
+        key
+      when :EC
+        if RUBY_VERSION >= '2.0.0'
+          key = OpenSSL::PKey::EC.new full_curve_name
+          x, y = [self[:x], self[:y]].collect do |decoded|
+            OpenSSL::BN.new UrlSafeBase64.decode64(decoded), 2
+          end
+          key.public_key = OpenSSL::PKey::EC::Point.new(key.group).mul(x, y)
+          key
+        else
+          raise UnknownAlgorithm.new('This feature requires Ruby 2.0+')
+        end
       else
         raise UnknownAlgorithm.new('Unknown Key Type')
       end
-      hash.merge(options)
     end
 
+    private
+
     def normalize
       case self[:kty].try(:to_sym)
       when :RSA
@@ -80,66 +82,26 @@ module JSON
       end
     end
 
-    class << self
-      def ecdsa_curve_name_for(curve_identifier)
-        case curve_identifier.try(:to_sym)
-        when :'P-256'
-          'prime256v1'
-        when :'P-384'
-          'secp384r1'
-        when :'P-521'
-          'secp521r1'
-        else
-          raise UnknownAlgorithm.new('Unknown ECDSA Curve')
-        end
-      end
-
-      def ecdsa_curve_identifier_for(curve_name)
-        case curve_name
-        when 'prime256v1'
-          :'P-256'
-        when 'secp384r1'
-          :'P-384'
-        when 'secp521r1'
-          :'P-521'
-        else
-          raise UnknownAlgorithm.new('Unknown ECDSA Curve')
-        end
+    def full_curve_name
+      case self[:crv].try(:to_sym)
+      when :'P-256'
+        'prime256v1'
+      when :'P-384'
+        'secp384r1'
+      when :'P-521'
+        'secp521r1'
+      else
+        raise UnknownAlgorithm.new('Unknown ECDSA Curve')
       end
+    end
 
+    class << self
       def decode(jwk)
-        jwk = jwk.with_indifferent_access
-        case jwk[:kty].try(:to_sym)
-        when :RSA
-          e = OpenSSL::BN.new UrlSafeBase64.decode64(jwk[:e]), 2
-          n = OpenSSL::BN.new UrlSafeBase64.decode64(jwk[:n]), 2
-          key = OpenSSL::PKey::RSA.new
-          key.e = e
-          key.n = n
-          key
-        when :EC
-          if RUBY_VERSION >= '2.0.0'
-            key = OpenSSL::PKey::EC.new ecdsa_curve_name_for(jwk[:crv])
-            x, y = [jwk[:x], jwk[:y]].collect do |decoded|
-              OpenSSL::BN.new UrlSafeBase64.decode64(decoded), 2
-            end
-            key.public_key = OpenSSL::PKey::EC::Point.new(key.group).mul(x, y)
-            key
-          else
-            raise UnknownAlgorithm.new('ECDSA JWK Decoding requires Ruby 2.0+')
-          end
-        else
-          raise UnknownAlgorithm.new('Unknown Key Type')
-        end
-      end
-
-      # NOTE: Ugly hack to avoid this ActiveSupport 4.0 bug.
-      #  https://github.com/rails/rails/issues/11087
-      def new_from_hash_copying_default(hash)
-        superclass.new_from_hash_copying_default hash
+        # NOTE:
+        #  returning OpenSSL::PKey::RSA/EC instance for backward compatibility.
+        #  use `new` if you want JSON::JWK instance.
+        new(jwk).to_key
       end
     end
   end
-end
-
-require 'json/jwk/set'
+end

data/lib/json/jwk/jwkizable.rb

@@ -0,0 +1,73 @@
+module JSON
+  class JWK
+    module JWKizable
+      module RSA
+        def to_jwk(ex_params = {})
+          params = {
+            kty: :RSA,
+            e: UrlSafeBase64.encode64(e.to_s(2)),
+            n: UrlSafeBase64.encode64(n.to_s(2))
+          }.merge ex_params
+          if private?
+            params.merge!(
+              d: UrlSafeBase64.encode64(d.to_s(2))
+            )
+          end
+          JWK.new params
+        end
+      end
+
+      module EC
+        def to_jwk(ex_params = {})
+          # NOTE:
+          #  OpenSSL::PKey::EC instance can be both public & private key at the same time.
+          #  In such case, is it handled as public key or private key?
+          #  For now, this gem handles any OpenSSL::PKey::EC instances as public key.
+          unless public_key?
+            raise UnknownAlgorithm.new('EC private key is not supported yet')
+          end
+          params = {
+            kty: :EC,
+            crv: curve_name,
+            x: UrlSafeBase64.encode64(coodinates[:x].to_s),
+            y: UrlSafeBase64.encode64(coodinates[:y].to_s)
+          }.merge ex_params
+          JWK.new params
+        end
+
+        private
+
+        def curve_name
+          case group.curve_name
+          when 'prime256v1'
+            :'P-256'
+          when 'secp384r1'
+            :'P-384'
+          when 'secp521r1'
+            :'P-521'
+          else
+            raise UnknownAlgorithm.new('Unknown EC Curve')
+          end
+        end
+
+        def coodinates
+          unless @coodinates
+            hex = public_key.to_bn.to_s(16)
+            data_len = hex.length - 2
+            type = hex[0, 2]
+            hex_x = hex[2, data_len / 2]
+            hex_y = hex[2 + data_len / 2, data_len / 2]
+            @coodinates = {
+              x: [hex_x].pack("H*"),
+              y: [hex_y].pack("H*")
+            }
+          end
+          @coodinates
+        end
+      end
+    end
+  end
+end
+
+OpenSSL::PKey::RSA.send :include, JSON::JWK::JWKizable::RSA
+OpenSSL::PKey::EC.send :include, JSON::JWK::JWKizable::EC

data/lib/json/jwk/set.rb

@@ -1,16 +1,21 @@
 module JSON
-  class JWK::Set < Array
-    def initialize(*jwks)
-      replace Array(jwks).flatten
-    end
+  class JWK
+    class Set < Array
+      def initialize(*jwks)
+        jwks = Array(jwks).flatten.collect do |jwk|
+          JWK.new jwk
+        end
+        replace jwks
+      end
 
-    def content_type
-      'application/jwk-set+json'
-    end
+      def content_type
+        'application/jwk-set+json'
+      end
 
-    def as_json(options = {})
-      # NOTE: Array.new wrapper is requied to avoid CircularReferenceError
-      {keys: Array.new(self)}
+      def as_json(options = {})
+        # NOTE: Array.new wrapper is requied to avoid CircularReferenceError
+        {keys: Array.new(self)}
+      end
     end
   end
 end

data/lib/json/jws.rb

@@ -7,7 +7,7 @@ module JSON
     NUM_OF_SEGMENTS = 3
 
     def initialize(jwt)
-      replace jwt
+      update jwt
       raise InvalidFormat.new('Signature Algorithm Required') unless algorithm
     end
 
@@ -42,6 +42,16 @@ module JSON
       end
     end
 
+    def update_with_jose_attributes(hash_or_jwt)
+      update_without_jose_attributes hash_or_jwt
+      if hash_or_jwt.is_a? JSON::JWT
+        self.header = hash_or_jwt.header
+        self.signature = hash_or_jwt.signature
+      end
+      self
+    end
+    alias_method_chain :update, :jose_attributes
+
     private
 
     def digest
@@ -123,15 +133,6 @@ module JSON
       key.check_key
     end
 
-    def replace(hash_or_jwt)
-      super
-      if hash_or_jwt.is_a? JSON::JWT
-        self.header = hash_or_jwt.header
-        self.signature = hash_or_jwt.signature
-      end
-      self
-    end
-
     def raw_to_asn1(signature, public_key)
       byte_size = (public_key.group.degree + 7) / 8
       r = signature[0..(byte_size - 1)]

data/lib/json/jwt.rb

@@ -34,7 +34,7 @@ module JSON
       [:exp, :nbf, :iat].each do |key|
         claims[key] = claims[key].to_i if claims[key]
       end
-      replace claims
+      update claims
     end
 
     def content_type
@@ -115,11 +115,11 @@ module JSON
         raise InvalidFormat.new("Invalid JSON Format")
       end
 
-      # NOTE: Ugly hack to avoid this ActiveSupport 4.0 bug.
-      #  https://github.com/rails/rails/issues/11087
-      def new_from_hash_copying_default(hash)
-        superclass.new_from_hash_copying_default hash
-      end
+      # # NOTE: Ugly hack to avoid this ActiveSupport 4.0 bug.
+      # #  https://github.com/rails/rails/issues/11087
+      # def new_from_hash_copying_default(hash)
+      #   superclass.new_from_hash_copying_default hash
+      # end
     end
   end
 end
@@ -128,3 +128,5 @@ require 'json/jose'
 require 'json/jws'
 require 'json/jwe'
 require 'json/jwk'
+require 'json/jwk/jwkizable'
+require 'json/jwk/set'

data/spec/helpers/sign_key_fixture_helper.rb

@@ -30,7 +30,7 @@ module SignKeyFixtureHelper
       )
     when :ecdsa
       OpenSSL::PKey::EC.new(
-        pem_file("#{algorithm}/#{options[:digest_length]}/private_key")
+        pem_file("#{algorithm}/#{options[:digest_length] || 256}/private_key")
       )
     end
   end
@@ -43,7 +43,7 @@ module SignKeyFixtureHelper
       )
     when :ecdsa
       OpenSSL::PKey::EC.new(
-        pem_file("#{algorithm}/#{options[:digest_length]}/public_key")
+        pem_file("#{algorithm}/#{options[:digest_length] || 256}/public_key")
       )
     end
   end

data/spec/interop/with_rfc_example_spec.rb

@@ -3,10 +3,8 @@ require 'spec_helper'
 describe 'interop' do
   describe 'with RFC Example' do
     describe 'JWK Thubmprint' do
-      subject { JSON::JWK.new public_key }
-
-      let(:public_key) do
-        JSON::JWK.decode(
+      subject do
+        JSON::JWK.new(
           kty: :RSA,
           n: '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw',
           e: 'AQAB',
@@ -14,6 +12,7 @@ describe 'interop' do
           kid: '2011-04-29'
         )
       end
+
       its(:thumbprint) { should == 'NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs' }
     end
   end

data/spec/json/jwk/jwkizable_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+describe JSON::JWK::JWKizable do
+  shared_examples_for :jwkizable do
+    describe '#to_jwk' do
+      it { key.to_jwk.should be_instance_of JSON::JWK }
+      it { key.to_jwk.should include *expected_attributes.collect(&:to_s) }
+    end
+  end
+
+  describe OpenSSL::PKey::RSA do
+    describe :public_key do
+      let(:key) { public_key :rsa }
+      let(:expected_attributes) { [:kty, :n, :e] }
+      it_behaves_like :jwkizable
+    end
+
+    describe :private_key do
+      let(:key) { private_key :rsa }
+      let(:expected_attributes) { [:kty, :n, :e, :d] }
+      it_behaves_like :jwkizable
+    end
+  end
+
+  describe OpenSSL::PKey::EC do
+    describe :public_key do
+      let(:key) { public_key :ecdsa }
+      let(:expected_attributes) { [:kty, :crv, :x, :y] }
+      it_behaves_like :jwkizable
+    end
+
+    describe :private_key do
+      let(:key) { private_key :ecdsa }
+      let(:expected_attributes) { [:kty, :crv, :x, :y] } # NOTE: handled as public key
+      it_behaves_like :jwkizable
+
+      context 'when public key is not contained' do
+        before { key.public_key = nil }
+        it do
+          expect do
+            key.to_jwk
+          end.to raise_error JSON::JWK::UnknownAlgorithm, 'EC private key is not supported yet'
+        end
+      end
+    end
+  end
+end

data/spec/json/jwk/set_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe JSON::JWK::Set do
-  let(:jwk) { JSON::JWK.new public_key }
+  let(:jwk) { public_key.to_jwk }
   let(:set) { JSON::JWK::Set.new jwk }
 
   describe '#content_type' do
@@ -25,6 +25,26 @@ describe JSON::JWK::Set do
     it { should == [jwk, jwk] }
   end
 
+  context 'when JSON::JWK given' do
+    subject { JSON::JWK::Set.new jwk }
+
+    it 'should keep JSON::JWK' do
+      subject.each do |jwk|
+        jwk.should be_instance_of JSON::JWK
+      end
+    end
+  end
+
+  context 'when pure Hash given' do
+    subject { JSON::JWK::Set.new jwk.as_json }
+
+    it 'should convert into JSON::JWK' do
+      subject.each do |jwk|
+        jwk.should be_instance_of JSON::JWK
+      end
+    end
+  end
+
   describe '#as_json' do
     it 'should become proper JWK set format' do
       json = set.as_json

data/spec/json/jwk_spec.rb

@@ -1,6 +1,10 @@
 require 'spec_helper'
 
 describe JSON::JWK do
+  describe '#initialize' do
+    it :TODO
+  end
+
   describe '#content_type' do
     let(:jwk) { JSON::JWK.new public_key }
     it do
@@ -67,7 +71,7 @@ describe JSON::JWK do
         key = OpenSSL::PKey::EC.new('secp112r2').generate_key
         expect do
           JSON::JWK.new key
-        end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown ECDSA Curve'
+        end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown EC Curve'
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-08-10 00:00:00.000000000 Z
+date: 2015-08-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -150,13 +150,14 @@ files:
 - ".travis.yml"
 - Gemfile
 - LICENSE
-- README.rdoc
+- README.md
 - Rakefile
 - VERSION
 - json-jwt.gemspec
 - lib/json/jose.rb
 - lib/json/jwe.rb
 - lib/json/jwk.rb
+- lib/json/jwk/jwkizable.rb
 - lib/json/jwk/set.rb
 - lib/json/jws.rb
 - lib/json/jwt.rb
@@ -175,6 +176,7 @@ files:
 - spec/interop/with_nimbus_jose_spec.rb
 - spec/interop/with_rfc_example_spec.rb
 - spec/json/jwe_spec.rb
+- spec/json/jwk/jwkizable_spec.rb
 - spec/json/jwk/set_spec.rb
 - spec/json/jwk_spec.rb
 - spec/json/jws_spec.rb
@@ -221,6 +223,7 @@ test_files:
 - spec/interop/with_nimbus_jose_spec.rb
 - spec/interop/with_rfc_example_spec.rb
 - spec/json/jwe_spec.rb
+- spec/json/jwk/jwkizable_spec.rb
 - spec/json/jwk/set_spec.rb
 - spec/json/jwk_spec.rb
 - spec/json/jws_spec.rb

data/README.rdoc

@@ -1,61 +0,0 @@
-= JSON::JWT
-
-JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby
-
-{<img src="https://secure.travis-ci.org/nov/json-jwt.png" />}[http://travis-ci.org/nov/json-jwt]
-
-== Installation
-
-  gem install json-jwt
-
-== Resources
-
-* View Source on GitHub (https://github.com/nov/json-jwt)
-* Report Issues on GitHub (https://github.com/nov/json-jwt/issues)
-
-== Examples
-
-=== Encoding
-
-  require 'json/jwt'
-
-  claim = {
-    iss: 'nov',
-    exp: 1.week.from_now,
-    nbf: Time.now
-  }
-
-  # No signature, no encryption
-  jwt = JSON::JWT.new(claim).to_s
-
-  # With signiture, no encryption
-  jws = JSON::JWT.new(claim).sign(key, algorithm) # algorithm is optional. default HS256
-  jws.to_s # => header.payload.signature
-
-  # With signature & encryption
-  jwe = jws.encrypt(key, algorithm, encryption_method) # algorithm & encryption_method are optional. default RSA1_5 & A128CBC-HS256
-  jwe.to_s # => header.encrypted_key.iv.cipher_text.authentication_tag
-
-For details about <code>key</code> and <code>algorithm</code>, see
-{JWS Spec}[https://github.com/nov/json-jwt/blob/master/spec/json/jws_spec.rb] and
-{Sign Key Fixture Generator}[https://github.com/nov/json-jwt/blob/master/spec/helpers/sign_key_fixture_helper.rb].
-
-=== Decoding
-
-  jwt_string = "jwt_header.jwt_claims.jwt_signature"
-
-  JSON::JWT.decode(jwt_string, key)
-
-== Note on Patches/Pull Requests
-
-* Fork the project.
-* Make your feature addition or bug fix.
-* Add tests for it. This is important so I don't break it in a
-  future version unintentionally.
-* Commit, do not mess with rakefile, version, or history.
-  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
-* Send me a pull request. Bonus points for topic branches.
-
-== Copyright
-
-Copyright (c) 2011 nov matake. See LICENSE for details.