json-jwt 1.9.1 → 1.9.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/json-jwt.gemspec +1 -0
- data/lib/json/jwe.rb +5 -8
- data/spec/json/jwe_spec.rb +18 -2
- metadata +17 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 02a8f8276126a037916b981d30fc38e200f9e378
|
4
|
+
data.tar.gz: de0acf0db5b5f400b2c8ba49d0e549d718b74568
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 18b298765ff484588a80e5fefbe9c349e4df237f5d3548f0359884a2b252a67b60116e476df67427655c74d8c0ae160049007df360b6597337c91995af366b65
|
7
|
+
data.tar.gz: 0e25eebdad2529441d1fb90a93482f354b79533715b191fb812f5d019d6e8d3b41abb59c103c8563df93441d5336f591a0ff724d69fb31a5ed6bfc16aecae5a2
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.9.
|
1
|
+
1.9.2
|
data/json-jwt.gemspec
CHANGED
@@ -15,6 +15,7 @@ Gem::Specification.new do |gem|
|
|
15
15
|
gem.add_runtime_dependency 'activesupport'
|
16
16
|
gem.add_runtime_dependency 'bindata'
|
17
17
|
gem.add_runtime_dependency 'securecompare'
|
18
|
+
gem.add_runtime_dependency 'aes_key_wrap'
|
18
19
|
gem.add_development_dependency 'rake'
|
19
20
|
gem.add_development_dependency 'simplecov'
|
20
21
|
gem.add_development_dependency 'rspec'
|
data/lib/json/jwe.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'securerandom'
|
2
2
|
require 'bindata'
|
3
|
+
require 'aes_key_wrap'
|
3
4
|
|
4
5
|
module JSON
|
5
6
|
class JWE
|
@@ -160,10 +161,8 @@ module JSON
|
|
160
161
|
public_key_or_secret.public_encrypt content_encryption_key
|
161
162
|
when :'RSA-OAEP'
|
162
163
|
public_key_or_secret.public_encrypt content_encryption_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
|
163
|
-
when :A128KW
|
164
|
-
|
165
|
-
when :A256KW
|
166
|
-
raise NotImplementedError.new('A256KW not supported yet')
|
164
|
+
when :A128KW, :A256KW
|
165
|
+
AESKeyWrap.wrap content_encryption_key, public_key_or_secret
|
167
166
|
when :dir
|
168
167
|
''
|
169
168
|
when :'ECDH-ES'
|
@@ -214,10 +213,8 @@ module JSON
|
|
214
213
|
private_key_or_secret.private_decrypt jwe_encrypted_key
|
215
214
|
when :'RSA-OAEP'
|
216
215
|
private_key_or_secret.private_decrypt jwe_encrypted_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
|
217
|
-
when :A128KW
|
218
|
-
|
219
|
-
when :A256KW
|
220
|
-
raise NotImplementedError.new('A256KW not supported yet')
|
216
|
+
when :A128KW, :A256KW
|
217
|
+
AESKeyWrap.unwrap jwe_encrypted_key, private_key_or_secret
|
221
218
|
when :dir
|
222
219
|
private_key_or_secret
|
223
220
|
when :'ECDH-ES'
|
data/spec/json/jwe_spec.rb
CHANGED
@@ -73,6 +73,14 @@ describe JSON::JWE do
|
|
73
73
|
it :TODO
|
74
74
|
end
|
75
75
|
|
76
|
+
context 'when alg=A128KW' do
|
77
|
+
it :TODO
|
78
|
+
end
|
79
|
+
|
80
|
+
context 'when alg=A256KW' do
|
81
|
+
it :TODO
|
82
|
+
end
|
83
|
+
|
76
84
|
context 'when unknonw/unsupported algorithm given' do
|
77
85
|
let(:key) { public_key }
|
78
86
|
let(:alg) { :RSA1_5 }
|
@@ -89,7 +97,7 @@ describe JSON::JWE do
|
|
89
97
|
it_behaves_like :unexpected_algorithm_for_encryption
|
90
98
|
end
|
91
99
|
|
92
|
-
[:
|
100
|
+
[:'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg|
|
93
101
|
context "when alg=#{alg}" do
|
94
102
|
let(:alg) { alg }
|
95
103
|
it_behaves_like :unsupported_algorithm_for_encryption
|
@@ -284,6 +292,14 @@ describe JSON::JWE do
|
|
284
292
|
end
|
285
293
|
end
|
286
294
|
|
295
|
+
context 'when alg=A128KW' do
|
296
|
+
it :TODO
|
297
|
+
end
|
298
|
+
|
299
|
+
context 'when alg=A256KW' do
|
300
|
+
it :TODO
|
301
|
+
end
|
302
|
+
|
287
303
|
context 'when unknonw/unsupported algorithm given' do
|
288
304
|
let(:input) { 'header.key.iv.cipher_text.auth_tag' }
|
289
305
|
let(:key) { public_key }
|
@@ -300,7 +316,7 @@ describe JSON::JWE do
|
|
300
316
|
it_behaves_like :unexpected_algorithm_for_decryption
|
301
317
|
end
|
302
318
|
|
303
|
-
[:
|
319
|
+
[:'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg|
|
304
320
|
context "when alg=#{alg}" do
|
305
321
|
let(:alg) { alg }
|
306
322
|
it_behaves_like :unsupported_algorithm_for_decryption
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.9.
|
4
|
+
version: 1.9.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-02-
|
11
|
+
date: 2018-02-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: url_safe_base64
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: aes_key_wrap
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
84
|
name: rake
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -188,7 +202,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
188
202
|
version: '0'
|
189
203
|
requirements: []
|
190
204
|
rubyforge_project:
|
191
|
-
rubygems_version: 2.6.
|
205
|
+
rubygems_version: 2.6.13
|
192
206
|
signing_key:
|
193
207
|
specification_version: 4
|
194
208
|
summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
|