json-jwt 1.6.3 → 1.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +4 -1
- data/VERSION +1 -1
- data/lib/json/jwe.rb +30 -57
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c9eaaadc2d5b284f093def37ce0cd9011c9fa77f
|
4
|
+
data.tar.gz: b86f15824f4bd1c6bc7fd96b4dc8eb045f0b8e28
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f1a22bf9ba1a68f2d07abfb522b175ebb7d135a6e839484d50018c07f6bba4a69d7be7d3606314acb327a4cfc696f81d95ed35ab6aa7df7e351c975bf39eb71b
|
7
|
+
data.tar.gz: 9a56462a3090504d2fd4ad5f5b567f8d0ad2691438a419171b12e0f3d503e5a62fb526aeacce12cb8b561abdcfefbce84475d727faee095cff2054cd4cec8411
|
data/.travis.yml
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.6.
|
1
|
+
1.6.4
|
data/lib/json/jwe.rb
CHANGED
@@ -27,7 +27,12 @@ module JSON
|
|
27
27
|
def encrypt!(public_key_or_secret)
|
28
28
|
self.public_key_or_secret = with_jwk_support public_key_or_secret
|
29
29
|
cipher.encrypt
|
30
|
-
|
30
|
+
self.content_encryption_key = generate_content_encryption_key
|
31
|
+
self.mac_key, self.encryption_key = derive_encryption_and_mac_keys
|
32
|
+
cipher.key = encryption_key
|
33
|
+
self.iv = cipher.random_iv
|
34
|
+
self.auth_data = UrlSafeBase64.encode64 header.to_json
|
35
|
+
cipher.auth_data = auth_data if gcm?
|
31
36
|
self.cipher_text = cipher.update(plain_text) + cipher.final
|
32
37
|
self
|
33
38
|
end
|
@@ -35,7 +40,14 @@ module JSON
|
|
35
40
|
def decrypt!(private_key_or_secret)
|
36
41
|
self.private_key_or_secret = with_jwk_support private_key_or_secret
|
37
42
|
cipher.decrypt
|
38
|
-
|
43
|
+
self.content_encryption_key = decrypt_content_encryption_key
|
44
|
+
self.mac_key, self.encryption_key = derive_encryption_and_mac_keys
|
45
|
+
cipher.key = encryption_key
|
46
|
+
cipher.iv = iv # NOTE: 'iv' has to be set after 'key' for GCM
|
47
|
+
if gcm?
|
48
|
+
cipher.auth_tag = authentication_tag
|
49
|
+
cipher.auth_data = auth_data
|
50
|
+
end
|
39
51
|
self.plain_text = cipher.update(cipher_text) + cipher.final
|
40
52
|
verify_cbc_authentication_tag! if cbc?
|
41
53
|
self
|
@@ -98,7 +110,7 @@ module JSON
|
|
98
110
|
|
99
111
|
def cipher
|
100
112
|
@cipher ||= if gcm? && !gcm_supported?
|
101
|
-
raise UnexpectedAlgorithm.new('AEC GCM requires Ruby 2.0+ and OpenSSL 1.0.1c+')
|
113
|
+
raise UnexpectedAlgorithm.new('AEC GCM requires Ruby 2.0+ and OpenSSL 1.0.1c+')
|
102
114
|
else
|
103
115
|
OpenSSL::Cipher.new cipher_name
|
104
116
|
end
|
@@ -134,15 +146,15 @@ module JSON
|
|
134
146
|
OpenSSL::Digest.new "SHA#{sha_size}"
|
135
147
|
end
|
136
148
|
|
137
|
-
def
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
149
|
+
def derive_encryption_and_mac_keys
|
150
|
+
case
|
151
|
+
when gcm?
|
152
|
+
[:wont_be_used, content_encryption_key]
|
153
|
+
when cbc?
|
154
|
+
content_encryption_key.unpack(
|
155
|
+
"a#{content_encryption_key.length / 2}" * 2
|
156
|
+
)
|
157
|
+
end
|
146
158
|
end
|
147
159
|
|
148
160
|
# encryption
|
@@ -170,40 +182,15 @@ module JSON
|
|
170
182
|
end
|
171
183
|
end
|
172
184
|
|
173
|
-
def
|
185
|
+
def generate_content_encryption_key
|
174
186
|
case
|
175
|
-
when
|
176
|
-
generate_gcm_keys!
|
177
|
-
when cbc?
|
178
|
-
generate_cbc_keys!
|
179
|
-
end
|
180
|
-
cipher.key = encryption_key
|
181
|
-
self.iv = cipher.random_iv
|
182
|
-
self.auth_data = UrlSafeBase64.encode64 header.to_json
|
183
|
-
if gcm?
|
184
|
-
cipher.auth_data = self.auth_data
|
185
|
-
end
|
186
|
-
self
|
187
|
-
end
|
188
|
-
|
189
|
-
def generate_gcm_keys!
|
190
|
-
self.content_encryption_key ||= if dir?
|
187
|
+
when dir?
|
191
188
|
public_key_or_secret
|
192
|
-
|
189
|
+
when gcm?
|
193
190
|
cipher.random_key
|
194
|
-
|
195
|
-
derive_encryption_and_mac_keys_gcm!
|
196
|
-
self
|
197
|
-
end
|
198
|
-
|
199
|
-
def generate_cbc_keys!
|
200
|
-
self.content_encryption_key ||= if dir?
|
201
|
-
public_key_or_secret
|
202
|
-
else
|
191
|
+
when cbc?
|
203
192
|
SecureRandom.random_bytes sha_size / 8
|
204
193
|
end
|
205
|
-
derive_encryption_and_mac_keys_cbc!
|
206
|
-
self
|
207
194
|
end
|
208
195
|
|
209
196
|
def authentication_tag
|
@@ -246,22 +233,8 @@ module JSON
|
|
246
233
|
else
|
247
234
|
raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
|
248
235
|
end
|
249
|
-
|
250
|
-
|
251
|
-
def restore_cipher_keys!
|
252
|
-
self.content_encryption_key = decrypt_content_encryption_key
|
253
|
-
case
|
254
|
-
when gcm?
|
255
|
-
derive_encryption_and_mac_keys_gcm!
|
256
|
-
when cbc?
|
257
|
-
derive_encryption_and_mac_keys_cbc!
|
258
|
-
end
|
259
|
-
cipher.key = encryption_key
|
260
|
-
cipher.iv = iv # NOTE: 'iv' has to be set after 'key' for GCM
|
261
|
-
if gcm?
|
262
|
-
cipher.auth_tag = authentication_tag
|
263
|
-
cipher.auth_data = auth_data
|
264
|
-
end
|
236
|
+
rescue OpenSSL::PKey::PKeyError
|
237
|
+
generate_content_encryption_key
|
265
238
|
end
|
266
239
|
|
267
240
|
def verify_cbc_authentication_tag!
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.6.
|
4
|
+
version: 1.6.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-08-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: multi_json
|