json-jwt 1.2.1 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jwk.rb +59 -29
- data/lib/json/jwk/jwkizable.rb +11 -14
- data/lib/json/jws.rb +15 -10
- data/spec/json/jwk_spec.rb +9 -9
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4956348cf3828c6139ccc4d07759b219e57bb251
|
|
4
|
+
data.tar.gz: 68f781f2de2c2503eda3abf3418f8f80f908d5dc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c3f0df77b65f72a920743330dd3fbc9338c73e6df493746abafdf4ca2b370090892eb6b6b7c636b4db569af03a6e0e288425ea0d0df56fee28b6ae7dbee90cf3
|
|
7
|
+
data.tar.gz: 66b3c28180bd8573f1813e1db5922de6b7253ac4965cf30c9b307ffb6820520b4e76fdd1ba9d0d467bee2533a8eb6ba7a5b510d2e5ca480b5ab9e0d31abd966d
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.2.
|
|
1
|
+
1.2.2
|
data/lib/json/jwk.rb
CHANGED
|
@@ -32,29 +32,17 @@ module JSON
|
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
def to_key
|
|
35
|
-
case
|
|
36
|
-
when
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
OpenSSL::BN.new UrlSafeBase64.decode64(self[key]), 2
|
|
40
|
-
end
|
|
41
|
-
end
|
|
42
|
-
key = OpenSSL::PKey::RSA.new
|
|
43
|
-
key.e = e
|
|
44
|
-
key.n = n
|
|
45
|
-
key.d = d if d
|
|
46
|
-
key
|
|
47
|
-
when :EC
|
|
35
|
+
case
|
|
36
|
+
when rsa?
|
|
37
|
+
to_rsa_key
|
|
38
|
+
when ec?
|
|
48
39
|
if RUBY_VERSION >= '2.0.0'
|
|
49
|
-
|
|
50
|
-
x, y = [self[:x], self[:y]].collect do |decoded|
|
|
51
|
-
OpenSSL::BN.new UrlSafeBase64.decode64(decoded), 2
|
|
52
|
-
end
|
|
53
|
-
key.public_key = OpenSSL::PKey::EC::Point.new(key.group).mul(x, y)
|
|
54
|
-
key
|
|
40
|
+
to_ec_key
|
|
55
41
|
else
|
|
56
42
|
raise UnknownAlgorithm.new('This feature requires Ruby 2.0+')
|
|
57
43
|
end
|
|
44
|
+
when oct?
|
|
45
|
+
self[:k]
|
|
58
46
|
else
|
|
59
47
|
raise UnknownAlgorithm.new('Unknown Key Type')
|
|
60
48
|
end
|
|
@@ -62,28 +50,58 @@ module JSON
|
|
|
62
50
|
|
|
63
51
|
private
|
|
64
52
|
|
|
53
|
+
def rsa?
|
|
54
|
+
self[:kty].try(:to_sym) == :RSA
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def ec?
|
|
58
|
+
self[:kty].try(:to_sym) == :EC
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def oct?
|
|
62
|
+
self[:kty].try(:to_sym) == :oct
|
|
63
|
+
end
|
|
64
|
+
|
|
65
65
|
def normalize
|
|
66
|
-
case
|
|
67
|
-
when
|
|
66
|
+
case
|
|
67
|
+
when rsa?
|
|
68
68
|
{
|
|
69
|
-
e:
|
|
69
|
+
e: self[:e],
|
|
70
70
|
kty: self[:kty],
|
|
71
|
-
n:
|
|
71
|
+
n: self[:n]
|
|
72
72
|
}
|
|
73
|
-
when
|
|
73
|
+
when ec?
|
|
74
74
|
{
|
|
75
75
|
crv: self[:crv],
|
|
76
76
|
kty: self[:kty],
|
|
77
|
-
x:
|
|
78
|
-
y:
|
|
77
|
+
x: self[:x],
|
|
78
|
+
y: self[:y]
|
|
79
|
+
}
|
|
80
|
+
when oct?
|
|
81
|
+
{
|
|
82
|
+
k: self[:k],
|
|
83
|
+
kty: self[:kty]
|
|
79
84
|
}
|
|
80
85
|
else
|
|
81
86
|
raise UnknownAlgorithm.new('Unknown Key Type')
|
|
82
87
|
end
|
|
83
88
|
end
|
|
84
89
|
|
|
85
|
-
def
|
|
86
|
-
|
|
90
|
+
def to_rsa_key
|
|
91
|
+
e, n, d = [:e, :n, :d].collect do |key|
|
|
92
|
+
if self[key]
|
|
93
|
+
OpenSSL::BN.new UrlSafeBase64.decode64(self[key]), 2
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
key = OpenSSL::PKey::RSA.new
|
|
97
|
+
key.e = e
|
|
98
|
+
key.n = n
|
|
99
|
+
key.d = d if d
|
|
100
|
+
key
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
def to_ec_key
|
|
104
|
+
curve_name = case self[:crv].try(:to_sym)
|
|
87
105
|
when :'P-256'
|
|
88
106
|
'prime256v1'
|
|
89
107
|
when :'P-384'
|
|
@@ -91,8 +109,20 @@ module JSON
|
|
|
91
109
|
when :'P-521'
|
|
92
110
|
'secp521r1'
|
|
93
111
|
else
|
|
94
|
-
raise UnknownAlgorithm.new('Unknown
|
|
112
|
+
raise UnknownAlgorithm.new('Unknown EC Curve')
|
|
113
|
+
end
|
|
114
|
+
x, y, d = [:x, :y, :d].collect do |key|
|
|
115
|
+
if self[key]
|
|
116
|
+
OpenSSL::BN.new UrlSafeBase64.decode64(self[key]), 2
|
|
117
|
+
end
|
|
95
118
|
end
|
|
119
|
+
key = OpenSSL::PKey::EC.new curve_name
|
|
120
|
+
key.private_key = d if d
|
|
121
|
+
key.public_key = OpenSSL::PKey::EC::Point.new(
|
|
122
|
+
OpenSSL::PKey::EC::Group.new(curve_name),
|
|
123
|
+
OpenSSL::BN.new(['04' + x.to_s(16) + y.to_s(16)].pack('H*'), 2)
|
|
124
|
+
)
|
|
125
|
+
key
|
|
96
126
|
end
|
|
97
127
|
|
|
98
128
|
class << self
|
data/lib/json/jwk/jwkizable.rb
CHANGED
|
@@ -8,11 +8,7 @@ module JSON
|
|
|
8
8
|
e: UrlSafeBase64.encode64(e.to_s(2)),
|
|
9
9
|
n: UrlSafeBase64.encode64(n.to_s(2))
|
|
10
10
|
}.merge ex_params
|
|
11
|
-
if private?
|
|
12
|
-
params.merge!(
|
|
13
|
-
d: UrlSafeBase64.encode64(d.to_s(2))
|
|
14
|
-
)
|
|
15
|
-
end
|
|
11
|
+
params[:d] = UrlSafeBase64.encode64(d.to_s(2)) if private?
|
|
16
12
|
JWK.new params
|
|
17
13
|
end
|
|
18
14
|
end
|
|
@@ -29,9 +25,10 @@ module JSON
|
|
|
29
25
|
params = {
|
|
30
26
|
kty: :EC,
|
|
31
27
|
crv: curve_name,
|
|
32
|
-
x: UrlSafeBase64.encode64(
|
|
33
|
-
y: UrlSafeBase64.encode64(
|
|
28
|
+
x: UrlSafeBase64.encode64(coordinates[:x].to_s(2)),
|
|
29
|
+
y: UrlSafeBase64.encode64(coordinates[:y].to_s(2))
|
|
34
30
|
}.merge ex_params
|
|
31
|
+
params[:d] = UrlSafeBase64.encode64(coordinates[:d].to_s(2)) if private_key?
|
|
35
32
|
JWK.new params
|
|
36
33
|
end
|
|
37
34
|
|
|
@@ -50,19 +47,19 @@ module JSON
|
|
|
50
47
|
end
|
|
51
48
|
end
|
|
52
49
|
|
|
53
|
-
def
|
|
54
|
-
unless @
|
|
50
|
+
def coordinates
|
|
51
|
+
unless @coordinates
|
|
55
52
|
hex = public_key.to_bn.to_s(16)
|
|
56
53
|
data_len = hex.length - 2
|
|
57
|
-
type = hex[0, 2]
|
|
58
54
|
hex_x = hex[2, data_len / 2]
|
|
59
55
|
hex_y = hex[2 + data_len / 2, data_len / 2]
|
|
60
|
-
@
|
|
61
|
-
x: [hex_x].pack(
|
|
62
|
-
y: [hex_y].pack(
|
|
56
|
+
@coordinates = {
|
|
57
|
+
x: OpenSSL::BN.new([hex_x].pack('H*'), 2),
|
|
58
|
+
y: OpenSSL::BN.new([hex_y].pack('H*'), 2)
|
|
63
59
|
}
|
|
60
|
+
@coordinates[:d] = private_key if private_key?
|
|
64
61
|
end
|
|
65
|
-
@
|
|
62
|
+
@coordinates
|
|
66
63
|
end
|
|
67
64
|
end
|
|
68
65
|
end
|
data/lib/json/jws.rb
CHANGED
|
@@ -80,6 +80,7 @@ module JSON
|
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
def sign(signature_base_string, private_key_or_secret)
|
|
83
|
+
private_key_or_secret = with_jwk_support private_key_or_secret
|
|
83
84
|
case
|
|
84
85
|
when hmac?
|
|
85
86
|
secret = private_key_or_secret
|
|
@@ -100,16 +101,7 @@ module JSON
|
|
|
100
101
|
end
|
|
101
102
|
|
|
102
103
|
def valid?(signature_base_string, public_key_or_secret)
|
|
103
|
-
public_key_or_secret =
|
|
104
|
-
when JSON::JWK
|
|
105
|
-
public_key_or_secret.to_key
|
|
106
|
-
when JSON::JWK::Set
|
|
107
|
-
public_key_or_secret.detect do |jwk|
|
|
108
|
-
jwk[:kid] && jwk[:kid] == header[:kid]
|
|
109
|
-
end.try(:to_key)
|
|
110
|
-
else
|
|
111
|
-
public_key_or_secret
|
|
112
|
-
end
|
|
104
|
+
public_key_or_secret = with_jwk_support public_key_or_secret
|
|
113
105
|
case
|
|
114
106
|
when hmac?
|
|
115
107
|
secure_compare sign(signature_base_string, public_key_or_secret), signature
|
|
@@ -130,6 +122,19 @@ module JSON
|
|
|
130
122
|
raise UnexpectedAlgorithm.new(e.message)
|
|
131
123
|
end
|
|
132
124
|
|
|
125
|
+
def with_jwk_support(key)
|
|
126
|
+
case key
|
|
127
|
+
when JSON::JWK
|
|
128
|
+
key.to_key
|
|
129
|
+
when JSON::JWK::Set
|
|
130
|
+
key.detect do |jwk|
|
|
131
|
+
jwk[:kid] && jwk[:kid] == header[:kid]
|
|
132
|
+
end.try(:to_key)
|
|
133
|
+
else
|
|
134
|
+
key
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
|
|
133
138
|
def verify_ecdsa_group!(key)
|
|
134
139
|
group_name = case digest.digest_length * 8
|
|
135
140
|
when 256
|
data/spec/json/jwk_spec.rb
CHANGED
|
@@ -40,7 +40,7 @@ describe JSON::JWK do
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
context 'when ECDSA public key given' do
|
|
43
|
-
let(:
|
|
43
|
+
let(:expected_coordinates) do
|
|
44
44
|
{
|
|
45
45
|
256 => {
|
|
46
46
|
x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
|
|
@@ -61,8 +61,8 @@ describe JSON::JWK do
|
|
|
61
61
|
let(:jwk) { JSON::JWK.new public_key(:ecdsa, digest_length: digest_length) }
|
|
62
62
|
it { jwk.keys.collect(&:to_sym).should include :kty, :crv, :x, :y }
|
|
63
63
|
its(:kty) { jwk[:kty].should == :EC }
|
|
64
|
-
its(:x) { jwk[:x].should ==
|
|
65
|
-
its(:y) { jwk[:y].should ==
|
|
64
|
+
its(:x) { jwk[:x].should == expected_coordinates[digest_length][:x] }
|
|
65
|
+
its(:y) { jwk[:y].should == expected_coordinates[digest_length][:y] }
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
68
|
|
|
@@ -141,20 +141,20 @@ describe JSON::JWK do
|
|
|
141
141
|
alg: 'EC',
|
|
142
142
|
crv: 'P-256',
|
|
143
143
|
kty: 'EC',
|
|
144
|
-
x: '
|
|
145
|
-
y: '
|
|
144
|
+
x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
|
|
145
|
+
y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
|
|
146
146
|
}, {
|
|
147
147
|
alg: 'EC',
|
|
148
148
|
crv: 'P-384',
|
|
149
149
|
kty: 'EC',
|
|
150
|
-
x: '
|
|
151
|
-
y: '
|
|
150
|
+
x: 'plzApyFnK7qzhg5XnIZbFj2hZoH2Vdl4-RFm7DnsNMG9tyqrpfq2RyjfKABbcFRt',
|
|
151
|
+
y: 'ixBzffhk3fcbmeipGLkvQBNCzeNm6QL3hOUTH6IFBzOL0Y7HsGTopNTTspLjlivb'
|
|
152
152
|
}, {
|
|
153
153
|
alg: 'EC',
|
|
154
154
|
crv: 'P-521',
|
|
155
155
|
kty: 'EC',
|
|
156
|
-
x: '
|
|
157
|
-
y: '
|
|
156
|
+
x: 'AcMCD-a0a6rnE9TvC0mOqF_DGXRg5Y3iTb4eHNwTm2kD6iujx9M_f8d_FGHr0OhpqzEn4rYPYZouGsbIPEgL0q__',
|
|
157
|
+
y: 'AULYEd8l-bV_BI289aezhSLZ1RDF2ltgDPEy9Y7YtqYa4cJcpiyzVDMpXWwBp6cjg6TXINkoVrVXZhN404ihu4I2'
|
|
158
158
|
}].each do |jwk|
|
|
159
159
|
describe jwk['crv'] do
|
|
160
160
|
it do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-08-
|
|
11
|
+
date: 2015-08-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: multi_json
|