json_jws 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 75190e7f455b3a3e23b3cb46fda2b1fadc1c6022eb3f238e0450bb905802c150
4
- data.tar.gz: c6001ebf7c25dab46c957595cc9ccc6c7a068192a45a62b7002e51cce23cd046
3
+ metadata.gz: bc12dffab2d9d1b13cc1003dc0f6deb4549ffd511c86e36b63023f6d066382ca
4
+ data.tar.gz: b0644940940bc59f00e03fcf9d3169f2c6631bff3b9a093f0e43d7dfc6814295
5
5
  SHA512:
6
- metadata.gz: 1c17c3f02e45b08123c4b6adc2c6fec00922a411a2bf0f7cac76ba2e3f2cd6187185dc36d096346bc536b3ed630cf6c1b4feac7c6a084767f92b38753263d310
7
- data.tar.gz: 333f1d48315720b6c4a007925749fff90f431c08950d76613aa2b0fdb6575295fd28df64b7045d29bc5021f32327efa7fac87c3c8b20827371aecd1254230e45
6
+ metadata.gz: d3c50fceefebe59efdff9be6045f980dc0ab5a1669dfbab5641b00961f6dafb898ee2bf03b83c122ef87647ac3e5fb0fb71a07ef6de055ebbd82f8a11d911728
7
+ data.tar.gz: 9d0f89068775d96728680fd68829e37c43a950ade35ed05ab4480b306efab63fb7d696369980de9431e3dbb6538f0c2dbac58a6831e5a6fa7468540156a7bb5f
data/.gitignore CHANGED
@@ -7,4 +7,6 @@
7
7
  /spec/reports/
8
8
  /tmp/
9
9
 
10
- json_jws-*
10
+ json_jws-*
11
+ /bin/build
12
+ .byebug_history
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # JsonJws
2
2
 
3
- JsonJws is a gem that provides support for JWS (JSON Web Signature) with JSON serialization, specifically designed to handle multiple signatures.
3
+ JsonJws is a Ruby gem that provides support for JWS (JSON Web Signature) with JSON serialization, specifically designed to handle multiple signatures.
4
4
 
5
5
  ## Installation
6
6
 
@@ -23,6 +23,7 @@ Or install it yourself as:
23
23
  ```ruby
24
24
  require "jose"
25
25
  require "openssl"
26
+ require 'json_jws'
26
27
 
27
28
  # If you want to load key from private key string
28
29
  # rsa_key_01 = OpenSSL::PKey::RSA.new(rsa_priv_01_str)
@@ -53,8 +54,8 @@ verify_result = JSON_JWS.verify(json_jws, [jwk])
53
54
  print "verify_result: ", verify_result
54
55
 
55
56
  puts "\n\nAdd another signature"
56
- # json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, { "alg" => "RS256", "extra" => "field" }, payload)
57
- json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, header, payload)
57
+ json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, { "alg" => "RS256", "extra" => "field" })
58
+ # json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, header)
58
59
  puts "json_jws_2: \n", json_jws_2
59
60
 
60
61
  puts "\n\nVerify json jws 2"
data/bin/console CHANGED
@@ -46,8 +46,8 @@ verify_result = JSON_JWS.verify(json_jws, [jwk])
46
46
  print "verify_result: ", verify_result
47
47
 
48
48
  puts "\n\nAdd another signature"
49
- # json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, { "alg" => "RS256", "extra" => "field" }, payload)
50
- json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, header, payload)
49
+ json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, { "alg" => "RS256", "extra" => "field" })
50
+ # json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, header)
51
51
  puts "json_jws_2: \n", json_jws_2
52
52
 
53
53
  puts "\n\nVerify json jws 2"
@@ -8,12 +8,13 @@ module JsonJws::Encode
8
8
  protected_header = Base64.urlsafe_encode64(header.to_json)
9
9
  payload = payload.to_json unless payload.is_a?(String)
10
10
 
11
+ protected_header, signature = build_signature(jwk, header, payload)
11
12
  {
12
13
  "payload" => Base64.urlsafe_encode64(payload),
13
14
  "signatures" => [
14
15
  {
15
16
  "protected" => protected_header,
16
- "signature" => build_signature(jwk, header, payload),
17
+ "signature" => signature,
17
18
  },
18
19
  ],
19
20
  }
data/lib/json_jws/sign.rb CHANGED
@@ -7,19 +7,18 @@ module JsonJws::Sign
7
7
  payload = payload.to_json unless payload.is_a?(String)
8
8
  raise "header must be a Hash" unless header.is_a?(Hash)
9
9
 
10
- encoded_payload = Base64.urlsafe_encode64(payload)
11
- encoded_header = Base64.urlsafe_encode64(header.to_json)
12
-
13
- JOSE::JWS.sign(jwk, payload, header).to_hash["signature"]
10
+ jose_signed_map = JOSE::JWS.sign(jwk, payload, header)
11
+ jose_signed_map.to_hash.slice("protected", "signature").values
14
12
  end
15
13
 
16
- def add_signature(jws, jwk, header, payload)
17
- protected_header = Base64.urlsafe_encode64(header.to_json)
18
- payload = payload.to_json unless payload.is_a?(String)
14
+ def add_signature(jws, jwk, protected_header)
15
+ encoded_protected_header = Base64.urlsafe_encode64(protected_header.to_json)
16
+ raw_payload = Base64.decode64(jws["payload"])
17
+ protected_header, signature = build_signature(jwk, protected_header, raw_payload)
19
18
 
20
19
  jws["signatures"] << {
21
20
  "protected" => protected_header,
22
- "signature" => build_signature(jwk, header, payload),
21
+ "signature" => signature,
23
22
  }
24
23
 
25
24
  jws
@@ -14,18 +14,15 @@ module JsonJws::Verify
14
14
  end
15
15
 
16
16
  def verify(jws, jwks)
17
-
18
17
  # verify payload is base64 encoded
19
- begin
20
- Base64.urlsafe_decode64(jws["payload"])
21
- rescue
22
- return false
23
- end
18
+ Base64.urlsafe_decode64(jws["payload"])
24
19
 
25
20
  jws["signatures"].each_with_index do |signature, index|
26
21
  return false unless verify_signature(jwks[index], jws["payload"], signature)
27
22
  end
28
23
 
29
24
  true
25
+ rescue
26
+ return false
30
27
  end
31
28
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JsonJws
4
- VERSION = "0.1.0"
4
+ VERSION = "0.2.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json_jws
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thien Tran