json-jwt 1.9.3 → 1.9.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/VERSION +1 -1
- data/json-jwt.gemspec +0 -1
- data/lib/json/jose.rb +13 -2
- data/lib/json/jwe.rb +2 -0
- data/lib/json/jws.rb +1 -0
- data/spec/json/jwe_spec.rb +24 -0
- data/spec/json/jwt_spec.rb +27 -0
- metadata +3 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f808ae988b45e4c8e03f0afcee499e0d4c89295e
|
4
|
+
data.tar.gz: f0f2cd732d906a495cc247afc0fd7eaa18725be2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5c6e99521dd9ec520097930ab4a0094f43b3e263f56c701eebc7f1278f75a51b2abf12dee99729efcf51db8d7dd40645e9546e6ad1e2ea8600e8284d00cedbfd
|
7
|
+
data.tar.gz: 5b87068577c488f213de6a2fe2346d757ee01d1c92aca73e2a87dbd3af07f28b321d511afb4968cd228afb47a41822c3b0040320ef47760629699701a8d8c0cc
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.9.
|
1
|
+
1.9.4
|
data/json-jwt.gemspec
CHANGED
@@ -13,7 +13,6 @@ Gem::Specification.new do |gem|
|
|
13
13
|
gem.require_paths = ['lib']
|
14
14
|
gem.add_runtime_dependency 'activesupport'
|
15
15
|
gem.add_runtime_dependency 'bindata'
|
16
|
-
gem.add_runtime_dependency 'securecompare'
|
17
16
|
gem.add_runtime_dependency 'aes_key_wrap'
|
18
17
|
gem.add_development_dependency 'rake'
|
19
18
|
gem.add_development_dependency 'simplecov'
|
data/lib/json/jose.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
require '
|
1
|
+
require 'active_support/security_utils'
|
2
2
|
|
3
3
|
module JSON
|
4
4
|
module JOSE
|
@@ -6,7 +6,6 @@ module JSON
|
|
6
6
|
|
7
7
|
included do
|
8
8
|
extend ClassMethods
|
9
|
-
include SecureCompare
|
10
9
|
register_header_keys :alg, :jku, :jwk, :x5u, :x5t, :x5c, :kid, :typ, :cty, :crit
|
11
10
|
alias_method :algorithm, :alg
|
12
11
|
|
@@ -33,6 +32,18 @@ module JSON
|
|
33
32
|
end
|
34
33
|
end
|
35
34
|
|
35
|
+
def secure_compare(a, b)
|
36
|
+
if ActiveSupport::SecurityUtils.respond_to?(:fixed_length_secure_compare)
|
37
|
+
begin
|
38
|
+
ActiveSupport::SecurityUtils.fixed_length_secure_compare(a, b)
|
39
|
+
rescue ArgumentError
|
40
|
+
false
|
41
|
+
end
|
42
|
+
else
|
43
|
+
ActiveSupport::SecurityUtils.secure_compare(a, b)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
36
47
|
module ClassMethods
|
37
48
|
def register_header_keys(*keys)
|
38
49
|
keys.each do |header_key|
|
data/lib/json/jwe.rb
CHANGED
@@ -48,6 +48,8 @@ module JSON
|
|
48
48
|
cipher.key = encryption_key
|
49
49
|
cipher.iv = iv # NOTE: 'iv' has to be set after 'key' for GCM
|
50
50
|
if gcm?
|
51
|
+
# https://github.com/ruby/openssl/issues/63
|
52
|
+
raise DecryptionFailed.new('Invalid authentication tag') if authentication_tag.length < 16
|
51
53
|
cipher.auth_tag = authentication_tag
|
52
54
|
cipher.auth_data = auth_data
|
53
55
|
end
|
data/lib/json/jws.rb
CHANGED
data/spec/json/jwe_spec.rb
CHANGED
@@ -169,6 +169,24 @@ describe JSON::JWE do
|
|
169
169
|
end
|
170
170
|
end
|
171
171
|
|
172
|
+
shared_examples_for :verify_gcm_authentication_tag do
|
173
|
+
let(:jwe_string) do
|
174
|
+
_jwe_ = JSON::JWE.new plain_text
|
175
|
+
_jwe_.alg, _jwe_.enc = alg, enc
|
176
|
+
_jwe_.encrypt! key
|
177
|
+
header, key, iv, cipher_text, auth_tag = _jwe_.to_s.split('.')
|
178
|
+
truncated_auth_tag = Base64.urlsafe_decode64(auth_tag).slice(0..-2)
|
179
|
+
truncated_auth_tag = Base64.urlsafe_encode64(truncated_auth_tag, padding: false)
|
180
|
+
[header, key, iv, cipher_text, truncated_auth_tag].join('.')
|
181
|
+
end
|
182
|
+
|
183
|
+
it do
|
184
|
+
expect do
|
185
|
+
jwe.decrypt! key
|
186
|
+
end.to raise_error JSON::JWE::DecryptionFailed
|
187
|
+
end
|
188
|
+
end
|
189
|
+
|
172
190
|
shared_examples_for :unexpected_algorithm_for_decryption do
|
173
191
|
it do
|
174
192
|
expect do
|
@@ -193,6 +211,7 @@ describe JSON::JWE do
|
|
193
211
|
let(:enc) { :A128GCM }
|
194
212
|
if gcm_supported?
|
195
213
|
it_behaves_like :decryptable
|
214
|
+
it_behaves_like :verify_gcm_authentication_tag
|
196
215
|
else
|
197
216
|
it_behaves_like :gcm_decryption_unsupported
|
198
217
|
end
|
@@ -202,6 +221,7 @@ describe JSON::JWE do
|
|
202
221
|
let(:enc) { :A256GCM }
|
203
222
|
if gcm_supported?
|
204
223
|
it_behaves_like :decryptable
|
224
|
+
it_behaves_like :verify_gcm_authentication_tag
|
205
225
|
else
|
206
226
|
it_behaves_like :gcm_decryption_unsupported
|
207
227
|
end
|
@@ -226,6 +246,7 @@ describe JSON::JWE do
|
|
226
246
|
let(:enc) { :A128GCM }
|
227
247
|
if gcm_supported?
|
228
248
|
it_behaves_like :decryptable
|
249
|
+
it_behaves_like :verify_gcm_authentication_tag
|
229
250
|
else
|
230
251
|
it_behaves_like :gcm_decryption_unsupported
|
231
252
|
end
|
@@ -235,6 +256,7 @@ describe JSON::JWE do
|
|
235
256
|
let(:enc) { :A256GCM }
|
236
257
|
if gcm_supported?
|
237
258
|
it_behaves_like :decryptable
|
259
|
+
it_behaves_like :verify_gcm_authentication_tag
|
238
260
|
else
|
239
261
|
it_behaves_like :gcm_decryption_unsupported
|
240
262
|
end
|
@@ -262,6 +284,7 @@ describe JSON::JWE do
|
|
262
284
|
let(:key_size) { 16 }
|
263
285
|
if gcm_supported?
|
264
286
|
it_behaves_like :decryptable
|
287
|
+
it_behaves_like :verify_gcm_authentication_tag
|
265
288
|
else
|
266
289
|
it_behaves_like :gcm_decryption_unsupported
|
267
290
|
end
|
@@ -272,6 +295,7 @@ describe JSON::JWE do
|
|
272
295
|
let(:key_size) { 32 }
|
273
296
|
if gcm_supported?
|
274
297
|
it_behaves_like :decryptable
|
298
|
+
it_behaves_like :verify_gcm_authentication_tag
|
275
299
|
else
|
276
300
|
it_behaves_like :gcm_decryption_unsupported
|
277
301
|
end
|
data/spec/json/jwt_spec.rb
CHANGED
@@ -77,6 +77,33 @@ describe JSON::JWT do
|
|
77
77
|
its(:alg) { should == :ES512 }
|
78
78
|
end
|
79
79
|
end
|
80
|
+
|
81
|
+
context 'when key is JWK with kty=okt' do
|
82
|
+
let(:key) { JSON::JWK.new shared_secret }
|
83
|
+
its(:alg) { should == :HS256 }
|
84
|
+
end
|
85
|
+
|
86
|
+
context 'when key is JWK with kty=RSA' do
|
87
|
+
let(:key) { JSON::JWK.new private_key }
|
88
|
+
its(:alg) { should == :RS256 }
|
89
|
+
end
|
90
|
+
|
91
|
+
context 'when key is JWK with kty=EC' do
|
92
|
+
context 'when prime256v1' do
|
93
|
+
let(:key) { JSON::JWK.new private_key(:ecdsa) }
|
94
|
+
its(:alg) { should == :ES256 }
|
95
|
+
end
|
96
|
+
|
97
|
+
context 'when secp384r1' do
|
98
|
+
let(:key) { JSON::JWK.new private_key(:ecdsa, digest_length: 384) }
|
99
|
+
its(:alg) { should == :ES384 }
|
100
|
+
end
|
101
|
+
|
102
|
+
context 'when secp521r1' do
|
103
|
+
let(:key) { JSON::JWK.new private_key(:ecdsa, digest_length: 512) }
|
104
|
+
its(:alg) { should == :ES512 }
|
105
|
+
end
|
106
|
+
end
|
80
107
|
end
|
81
108
|
|
82
109
|
context 'when non-JWK key is given' do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.9.
|
4
|
+
version: 1.9.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-05-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -38,20 +38,6 @@ dependencies:
|
|
38
38
|
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: securecompare
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - ">="
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: '0'
|
48
|
-
type: :runtime
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - ">="
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: '0'
|
55
41
|
- !ruby/object:Gem::Dependency
|
56
42
|
name: aes_key_wrap
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -188,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
188
174
|
version: '0'
|
189
175
|
requirements: []
|
190
176
|
rubyforge_project:
|
191
|
-
rubygems_version: 2.
|
177
|
+
rubygems_version: 2.6.11
|
192
178
|
signing_key:
|
193
179
|
specification_version: 4
|
194
180
|
summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
|