json-jwt 1.8.2 → 1.8.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jose.rb +3 -3
- data/lib/json/jwe.rb +9 -5
- data/lib/json/jws.rb +8 -6
- data/lib/json/jwt.rb +18 -7
- data/spec/interop/with_jsrsasign_spec.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3abc4f60457c79cdc55e59cb46553722b816acbe
|
|
4
|
+
data.tar.gz: 5c305020b1dfcc15f0aff4ee7ea0ab2dee3a9009
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 83f3cc919f8336b259a1e8fd203692024ae6d5cd7d6402ce83713a28994dd896e0e9b1800b53f9bd1ff8cc98fddf1f18ba3d1241c1349482c56d2a23ba1ffc6b
|
|
7
|
+
data.tar.gz: f17db83dbd4751c3da5f4e3d37b1e231ae5bda78916677dd13e7fb854ce0706dc58221657542287dd5e55dc81101afe498baf199ec1ba9caa633ede5b3095e90
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.8.
|
|
1
|
+
1.8.3
|
data/lib/json/jose.rb
CHANGED
|
@@ -45,11 +45,11 @@ module JSON
|
|
|
45
45
|
end
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
-
def decode(input, key_or_secret = nil)
|
|
48
|
+
def decode(input, key_or_secret = nil, algorithms = nil, encryption_methods = nil)
|
|
49
49
|
if input.is_a? Hash
|
|
50
|
-
decode_json_serialized input, key_or_secret
|
|
50
|
+
decode_json_serialized input, key_or_secret, algorithms, encryption_methods
|
|
51
51
|
else
|
|
52
|
-
decode_compact_serialized input, key_or_secret
|
|
52
|
+
decode_compact_serialized input, key_or_secret, algorithms, encryption_methods
|
|
53
53
|
end
|
|
54
54
|
rescue JSON::ParserError
|
|
55
55
|
raise JWT::InvalidFormat.new("Invalid JSON Format")
|
data/lib/json/jwe.rb
CHANGED
|
@@ -37,7 +37,9 @@ module JSON
|
|
|
37
37
|
self
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
-
def decrypt!(private_key_or_secret)
|
|
40
|
+
def decrypt!(private_key_or_secret, algorithms = nil, encryption_methods = nil)
|
|
41
|
+
raise UnexpectedAlgorithm.new('Unexpected alg header') unless algorithms.blank? || Array(algorithms).include?(alg)
|
|
42
|
+
raise UnexpectedAlgorithm.new('Unexpected enc header') unless encryption_methods.blank? || Array(encryption_methods).include?(enc)
|
|
41
43
|
self.private_key_or_secret = with_jwk_support private_key_or_secret
|
|
42
44
|
cipher.decrypt
|
|
43
45
|
self.content_encryption_key = decrypt_content_encryption_key
|
|
@@ -247,7 +249,7 @@ module JSON
|
|
|
247
249
|
end
|
|
248
250
|
|
|
249
251
|
class << self
|
|
250
|
-
def decode_compact_serialized(input, private_key_or_secret)
|
|
252
|
+
def decode_compact_serialized(input, private_key_or_secret, algorithms = nil, encryption_methods = nil)
|
|
251
253
|
unless input.count('.') + 1 == NUM_OF_SEGMENTS
|
|
252
254
|
raise InvalidFormat.new("Invalid JWE Format. JWE should include #{NUM_OF_SEGMENTS} segments.")
|
|
253
255
|
end
|
|
@@ -257,11 +259,13 @@ module JSON
|
|
|
257
259
|
end
|
|
258
260
|
jwe.auth_data = input.split('.').first
|
|
259
261
|
jwe.header = JSON.parse(_header_json_).with_indifferent_access
|
|
260
|
-
|
|
262
|
+
unless private_key_or_secret == :skip_decryption
|
|
263
|
+
jwe.decrypt! private_key_or_secret, algorithms, encryption_methods
|
|
264
|
+
end
|
|
261
265
|
jwe
|
|
262
266
|
end
|
|
263
267
|
|
|
264
|
-
def decode_json_serialized(input, private_key_or_secret)
|
|
268
|
+
def decode_json_serialized(input, private_key_or_secret, algorithms = nil, encryption_methods = nil)
|
|
265
269
|
input = input.with_indifferent_access
|
|
266
270
|
jwe_encrypted_key = if input[:recipients].present?
|
|
267
271
|
input[:recipients].first[:encrypted_key]
|
|
@@ -275,7 +279,7 @@ module JSON
|
|
|
275
279
|
input[:ciphertext],
|
|
276
280
|
input[:tag]
|
|
277
281
|
].join('.')
|
|
278
|
-
decode_compact_serialized compact_serialized, private_key_or_secret
|
|
282
|
+
decode_compact_serialized compact_serialized, private_key_or_secret, algorithms, encryption_methods
|
|
279
283
|
end
|
|
280
284
|
end
|
|
281
285
|
end
|
data/lib/json/jws.rb
CHANGED
|
@@ -17,13 +17,15 @@ module JSON
|
|
|
17
17
|
self
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
def verify!(public_key_or_secret)
|
|
20
|
+
def verify!(public_key_or_secret, algorithms = nil)
|
|
21
21
|
if alg.try(:to_sym) == :none
|
|
22
22
|
raise UnexpectedAlgorithm if public_key_or_secret
|
|
23
23
|
signature == '' or raise VerificationFailed
|
|
24
|
-
|
|
24
|
+
elsif algorithms.blank? || Array(algorithms).include?(alg.try(:to_sym))
|
|
25
25
|
public_key_or_secret && valid?(public_key_or_secret) or
|
|
26
26
|
raise VerificationFailed
|
|
27
|
+
else
|
|
28
|
+
raise UnexpectedAlgorithm.new('Unexpected alg header')
|
|
27
29
|
end
|
|
28
30
|
end
|
|
29
31
|
|
|
@@ -150,7 +152,7 @@ module JSON
|
|
|
150
152
|
end
|
|
151
153
|
|
|
152
154
|
class << self
|
|
153
|
-
def decode_compact_serialized(input, public_key_or_secret)
|
|
155
|
+
def decode_compact_serialized(input, public_key_or_secret, algorithms = nil)
|
|
154
156
|
unless input.count('.') + 1 == NUM_OF_SEGMENTS
|
|
155
157
|
raise InvalidFormat.new("Invalid JWS Format. JWS should include #{NUM_OF_SEGMENTS} segments.")
|
|
156
158
|
end
|
|
@@ -164,11 +166,11 @@ module JSON
|
|
|
164
166
|
jws.header = header
|
|
165
167
|
jws.signature = signature
|
|
166
168
|
jws.signature_base_string = input.split('.')[0, JWS::NUM_OF_SEGMENTS - 1].join('.')
|
|
167
|
-
jws.verify! public_key_or_secret unless public_key_or_secret == :skip_verification
|
|
169
|
+
jws.verify! public_key_or_secret, algorithms unless public_key_or_secret == :skip_verification
|
|
168
170
|
jws
|
|
169
171
|
end
|
|
170
172
|
|
|
171
|
-
def decode_json_serialized(input, public_key_or_secret)
|
|
173
|
+
def decode_json_serialized(input, public_key_or_secret, algorithms = nil)
|
|
172
174
|
input = input.with_indifferent_access
|
|
173
175
|
header, payload, signature = if input[:signatures].present?
|
|
174
176
|
[
|
|
@@ -184,7 +186,7 @@ module JSON
|
|
|
184
186
|
end
|
|
185
187
|
end
|
|
186
188
|
compact_serialized = [header, payload, signature].join('.')
|
|
187
|
-
decode_compact_serialized compact_serialized, public_key_or_secret
|
|
189
|
+
decode_compact_serialized compact_serialized, public_key_or_secret, algorithms
|
|
188
190
|
end
|
|
189
191
|
end
|
|
190
192
|
end
|
data/lib/json/jwt.rb
CHANGED
|
@@ -78,28 +78,39 @@ module JSON
|
|
|
78
78
|
end
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
def pretty_generate
|
|
82
|
+
[
|
|
83
|
+
JSON.pretty_generate(header),
|
|
84
|
+
JSON.pretty_generate(self)
|
|
85
|
+
]
|
|
86
|
+
end
|
|
87
|
+
|
|
81
88
|
class << self
|
|
82
|
-
def decode_compact_serialized(jwt_string, key_or_secret)
|
|
89
|
+
def decode_compact_serialized(jwt_string, key_or_secret, algorithms = nil, encryption_methods = nil)
|
|
83
90
|
case jwt_string.count('.') + 1
|
|
84
91
|
when JWS::NUM_OF_SEGMENTS
|
|
85
|
-
JWS.decode_compact_serialized jwt_string, key_or_secret
|
|
92
|
+
JWS.decode_compact_serialized jwt_string, key_or_secret, algorithms
|
|
86
93
|
when JWE::NUM_OF_SEGMENTS
|
|
87
|
-
JWE.decode_compact_serialized jwt_string, key_or_secret
|
|
94
|
+
JWE.decode_compact_serialized jwt_string, key_or_secret, algorithms, encryption_methods
|
|
88
95
|
else
|
|
89
96
|
raise InvalidFormat.new("Invalid JWT Format. JWT should include #{JWS::NUM_OF_SEGMENTS} or #{JWE::NUM_OF_SEGMENTS} segments.")
|
|
90
97
|
end
|
|
91
98
|
end
|
|
92
99
|
|
|
93
|
-
def decode_json_serialized(input, key_or_secret)
|
|
100
|
+
def decode_json_serialized(input, key_or_secret, algorithms = nil, encryption_methods = nil)
|
|
94
101
|
input = input.with_indifferent_access
|
|
95
102
|
if (input[:signatures] || input[:signature]).present?
|
|
96
|
-
JWS.decode_json_serialized input, key_or_secret
|
|
103
|
+
JWS.decode_json_serialized input, key_or_secret, algorithms
|
|
97
104
|
elsif input[:ciphertext].present?
|
|
98
|
-
JWE.decode_json_serialized input, key_or_secret
|
|
105
|
+
JWE.decode_json_serialized input, key_or_secret, algorithms, encryption_methods
|
|
99
106
|
else
|
|
100
107
|
raise InvalidFormat.new("Unexpected JOSE JSON Serialization Format.")
|
|
101
108
|
end
|
|
102
109
|
end
|
|
110
|
+
|
|
111
|
+
def pretty_generate(jwt_string)
|
|
112
|
+
decode(jwt_string, :skip_verification).pretty_generate
|
|
113
|
+
end
|
|
103
114
|
end
|
|
104
115
|
end
|
|
105
116
|
end
|
|
@@ -108,4 +119,4 @@ require 'json/jws'
|
|
|
108
119
|
require 'json/jwe'
|
|
109
120
|
require 'json/jwk'
|
|
110
121
|
require 'json/jwk/jwkizable'
|
|
111
|
-
require 'json/jwk/set'
|
|
122
|
+
require 'json/jwk/set'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.8.
|
|
4
|
+
version: 1.8.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-12-
|
|
11
|
+
date: 2017-12-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: url_safe_base64
|
|
@@ -188,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
188
188
|
version: '0'
|
|
189
189
|
requirements: []
|
|
190
190
|
rubyforge_project:
|
|
191
|
-
rubygems_version: 2.6.
|
|
191
|
+
rubygems_version: 2.6.13
|
|
192
192
|
signing_key:
|
|
193
193
|
specification_version: 4
|
|
194
194
|
summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
|