json-jwt 1.9.0 → 1.9.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jws.rb +23 -0
- data/lib/json/jwt.rb +0 -16
- data/spec/json/jwt_spec.rb +18 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 366867063d5d6443dc46c34adadd1a3fd4a7b574
|
4
|
+
data.tar.gz: 8295a9c7c3620e1cb32d47e4b27f2e6fbf947790
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5ce3939943d51965ca03d2dd34c6c40623b2d337ca6b8206dcc90ae29cf0e450c205bd66191ad6bc29f70edcf3567d92ad30cc96ee20dec3b737bbae134960b4
|
7
|
+
data.tar.gz: 7fdd1b34b2535b3fd905e46badd0d2cee536a071eb434bc145179c07772019823bff4fc2fc22eefebb40479570439e430cab9ad1e26849775cbfc45de2952bbb
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.9.
|
1
|
+
1.9.1
|
data/lib/json/jws.rb
CHANGED
@@ -13,6 +13,7 @@ module JSON
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def sign!(private_key_or_secret)
|
16
|
+
self.alg = autodetected_algorithm_from(private_key_or_secret) if algorithm == :autodetect
|
16
17
|
self.signature = sign signature_base_string, private_key_or_secret
|
17
18
|
self
|
18
19
|
end
|
@@ -68,6 +69,28 @@ module JSON
|
|
68
69
|
[:ES256, :ES384, :ES512].include? algorithm.try(:to_sym)
|
69
70
|
end
|
70
71
|
|
72
|
+
def autodetected_algorithm_from(private_key_or_secret)
|
73
|
+
case private_key_or_secret
|
74
|
+
when String
|
75
|
+
:HS256
|
76
|
+
when OpenSSL::PKey::RSA
|
77
|
+
:RS256
|
78
|
+
when OpenSSL::PKey::EC
|
79
|
+
case private_key_or_secret.group.curve_name
|
80
|
+
when 'prime256v1'
|
81
|
+
:ES256
|
82
|
+
when 'secp384r1'
|
83
|
+
:ES384
|
84
|
+
when 'secp521r1'
|
85
|
+
:ES512
|
86
|
+
else
|
87
|
+
raise UnknownAlgorithm.new('Unknown EC Curve')
|
88
|
+
end
|
89
|
+
else
|
90
|
+
raise UnexpectedAlgorithm.new('Signature algorithm auto-detection failed')
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
71
94
|
def signature_base_string
|
72
95
|
@signature_base_string ||= [
|
73
96
|
header.to_json,
|
data/lib/json/jwt.rb
CHANGED
@@ -26,22 +26,6 @@ module JSON
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def sign(private_key_or_secret, algorithm = :autodetect)
|
29
|
-
if algorithm == :autodetect
|
30
|
-
# NOTE:
|
31
|
-
# I'd like to make :RS256 default.
|
32
|
-
# However, by histrical reasons, :HS256 was default.
|
33
|
-
# This code is needed to keep legacy behavior.
|
34
|
-
algorithm = case private_key_or_secret
|
35
|
-
when String
|
36
|
-
:HS256
|
37
|
-
when OpenSSL::PKey::RSA
|
38
|
-
:RS256
|
39
|
-
when OpenSSL::PKey::EC
|
40
|
-
:ES256
|
41
|
-
else
|
42
|
-
raise UnexpectedAlgorithm.new('Signature algorithm auto-detection failed')
|
43
|
-
end
|
44
|
-
end
|
45
29
|
jws = JWS.new self
|
46
30
|
jws.kid ||= private_key_or_secret[:kid] if private_key_or_secret.is_a? JSON::JWK
|
47
31
|
jws.alg = algorithm
|
data/spec/json/jwt_spec.rb
CHANGED
@@ -56,10 +56,27 @@ describe JSON::JWT do
|
|
56
56
|
its(:alg) { should == :HS256 }
|
57
57
|
end
|
58
58
|
|
59
|
-
context '
|
59
|
+
context 'when key is RSA key' do
|
60
60
|
let(:key) { private_key }
|
61
61
|
its(:alg) { should == :RS256 }
|
62
62
|
end
|
63
|
+
|
64
|
+
context 'when key is EC key' do
|
65
|
+
context 'when prime256v1' do
|
66
|
+
let(:key) { private_key(:ecdsa) }
|
67
|
+
its(:alg) { should == :ES256 }
|
68
|
+
end
|
69
|
+
|
70
|
+
context 'when secp384r1' do
|
71
|
+
let(:key) { private_key(:ecdsa, digest_length: 384) }
|
72
|
+
its(:alg) { should == :ES384 }
|
73
|
+
end
|
74
|
+
|
75
|
+
context 'when secp521r1' do
|
76
|
+
let(:key) { private_key(:ecdsa, digest_length: 512) }
|
77
|
+
its(:alg) { should == :ES512 }
|
78
|
+
end
|
79
|
+
end
|
63
80
|
end
|
64
81
|
|
65
82
|
context 'when non-JWK key is given' do
|