json_web_token 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/json_web_token.gemspec +1 -1
- data/lib/json_web_token/algorithm/common.rb +2 -2
- data/lib/json_web_token/algorithm/ecdsa.rb +4 -5
- data/lib/json_web_token/algorithm/hmac.rb +10 -5
- data/lib/json_web_token/algorithm/rsa.rb +25 -5
- data/lib/json_web_token/version.rb +1 -1
- data/spec/json_web_token/algorithm/rsa_spec.rb +2 -1
- data/spec/json_web_token/jws_spec.rb +2 -2
- data/spec/json_web_token/jwt_spec.rb +7 -0
- data/spec/json_web_token_spec.rb +0 -6
- metadata +14 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 85fab1d0b61ff35a7c47e3411003750aea5ff5f0
|
|
4
|
+
data.tar.gz: b143541e7d1e7ce670862e3e5be132fef4dcc507
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3a7f1e6c56f7e8b8aefdf85888ba94680b6b4c6506d3e2309941ff61872fe6f4547028e30cac7f96a631397910609c29b85d48bd23c0c55960e357a391a02554
|
|
7
|
+
data.tar.gz: d483e04b29d45fbf7b84493df4b59e279f2f1b62ad5ae6bb16c8796bf6aa8aecd687de40159f4ea0b10cdbea7b7b05ccc9dfe20d966e7b688d96efbf23ecbbbd
|
data/README.md
CHANGED
|
@@ -66,7 +66,7 @@ jwt = JsonWebToken.sign({foo: 'bar'}, alg: 'none')
|
|
|
66
66
|
|
|
67
67
|
Returns either:
|
|
68
68
|
* a JWT claims set string or hash, if the Message Authentication Code (MAC), or signature, is verified
|
|
69
|
-
* a
|
|
69
|
+
* a hash, error: 'invalid', otherwise
|
|
70
70
|
|
|
71
71
|
`jwt` (required) is a JSON web token string
|
|
72
72
|
|
data/json_web_token.gemspec
CHANGED
|
@@ -9,7 +9,7 @@ Gem::Specification.new do |s|
|
|
|
9
9
|
s.homepage = 'https://github.com/garyf/json_web_token'
|
|
10
10
|
s.name = 'json_web_token'
|
|
11
11
|
s.platform = Gem::Platform::RUBY
|
|
12
|
-
s.summary = 'JSON Web Token for Ruby'
|
|
12
|
+
s.summary = 'JSON Web Token (JWT) for Ruby'
|
|
13
13
|
s.version = JsonWebToken::VERSION
|
|
14
14
|
# recommended
|
|
15
15
|
s.license = 'MIT'
|
|
@@ -10,9 +10,9 @@ module JsonWebToken
|
|
|
10
10
|
'512'
|
|
11
11
|
]
|
|
12
12
|
|
|
13
|
-
def validate_key(
|
|
13
|
+
def validate_key(sha_bits, key)
|
|
14
14
|
validate_sha_bits(sha_bits)
|
|
15
|
-
validate_key_size(
|
|
15
|
+
validate_key_size(sha_bits, key)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
def validate_sha_bits(sha_bits)
|
|
@@ -26,7 +26,7 @@ module JsonWebToken
|
|
|
26
26
|
# Ecdsa.sign('256', private_key, 'signing_input').bytes
|
|
27
27
|
# # => [90, 34, 44, 252, 147, 130, 167, 173, 86, 191, 247, 93, 94, 12, 200, 30, 173, 115, 248, 89, 246, 222, 4, 213, 119, 74, 70, 20, 231, 194, 104, 103]
|
|
28
28
|
def sign(sha_bits, private_key, signing_input)
|
|
29
|
-
validate_key(
|
|
29
|
+
validate_key(sha_bits, private_key)
|
|
30
30
|
der = private_key.dsa_sign_asn1(ssl_digest_hash sha_bits, signing_input)
|
|
31
31
|
der_to_signature(der, sha_bits)
|
|
32
32
|
end
|
|
@@ -40,21 +40,20 @@ module JsonWebToken
|
|
|
40
40
|
# Ecdsa.verify?(< binary_string >, '256', < public_key >, 'signing_input')
|
|
41
41
|
# # => true
|
|
42
42
|
def verify?(mac, sha_bits, public_key, signing_input)
|
|
43
|
-
validate_key(
|
|
43
|
+
validate_key(sha_bits, public_key)
|
|
44
44
|
validate_signature_size(mac, sha_bits)
|
|
45
45
|
der = signature_to_der(mac, sha_bits)
|
|
46
46
|
public_key.dsa_verify_asn1(ssl_digest_hash(sha_bits, signing_input), der)
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
def validate_key_size(
|
|
49
|
+
def validate_key_size(_sha_bits, _key); end
|
|
50
50
|
|
|
51
51
|
def ssl_digest_hash(sha_bits, signing_input)
|
|
52
52
|
digest_new(sha_bits).digest(signing_input)
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
def validate_signature_size(mac, sha_bits)
|
|
56
|
-
|
|
57
|
-
fail('Invalid signature') unless mac && mac.bytesize == n
|
|
56
|
+
fail('Invalid signature') unless mac && mac.bytesize == MAC_BYTE_COUNT[sha_bits]
|
|
58
57
|
end
|
|
59
58
|
|
|
60
59
|
private_class_method :validate_key_size,
|
|
@@ -20,7 +20,7 @@ module JsonWebToken
|
|
|
20
20
|
# Hmac.sign('256', shared_key, 'signing_input').bytes
|
|
21
21
|
# # => [90, 34, 44, 252, 147, 130, 167, 173, 86, 191, 247, 93, 94, 12, 200, 30, 173, 115, 248, 89, 246, 222, 4, 213, 119, 74, 70, 20, 231, 194, 104, 103]
|
|
22
22
|
def sign(sha_bits, shared_key, signing_input)
|
|
23
|
-
validate_key(
|
|
23
|
+
validate_key(sha_bits, shared_key)
|
|
24
24
|
OpenSSL::HMAC.digest(digest_new(sha_bits), shared_key, signing_input)
|
|
25
25
|
end
|
|
26
26
|
|
|
@@ -34,15 +34,20 @@ module JsonWebToken
|
|
|
34
34
|
# Hmac.verify?(< binary_string >, '256', shared_key, 'signing_input')
|
|
35
35
|
# # => true
|
|
36
36
|
def verify?(mac, sha_bits, shared_key, signing_input)
|
|
37
|
-
validate_key(
|
|
37
|
+
validate_key(sha_bits, shared_key)
|
|
38
38
|
Util.constant_time_compare?(mac, sign(sha_bits, shared_key, signing_input))
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
-
def validate_key_size(
|
|
42
|
-
fail('Invalid shared key')
|
|
41
|
+
def validate_key_size(sha_bits, key)
|
|
42
|
+
fail('Invalid shared key') if weak_key?(sha_bits, key)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
-
|
|
45
|
+
def weak_key?(sha_bits, key)
|
|
46
|
+
!key || key.bytesize * 8 < sha_bits.to_i
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
private_class_method :validate_key_size,
|
|
50
|
+
:weak_key?
|
|
46
51
|
end
|
|
47
52
|
end
|
|
48
53
|
end
|
|
@@ -10,6 +10,9 @@ module JsonWebToken
|
|
|
10
10
|
|
|
11
11
|
KEY_BITS_MIN = 2048
|
|
12
12
|
|
|
13
|
+
# @see http://tools.ietf.org/html/rfc3447#section-7.2
|
|
14
|
+
MESSAGE_BYTES_MAX = 245 # 256 - 11 bytes
|
|
15
|
+
|
|
13
16
|
module_function
|
|
14
17
|
|
|
15
18
|
# @param sha_bits [String] desired security level in bits of the signature scheme
|
|
@@ -20,7 +23,7 @@ module JsonWebToken
|
|
|
20
23
|
# Rsa.sign('256', < private_key >, 'signing_input').bytes.length
|
|
21
24
|
# # => 256
|
|
22
25
|
def sign(sha_bits, private_key, signing_input)
|
|
23
|
-
|
|
26
|
+
validate_params(sha_bits, private_key, signing_input)
|
|
24
27
|
private_key.sign(digest_new(sha_bits), signing_input)
|
|
25
28
|
end
|
|
26
29
|
|
|
@@ -31,16 +34,33 @@ module JsonWebToken
|
|
|
31
34
|
# Rsa.verify?(< binary_string >, '256', < public_key >, 'signing_input')
|
|
32
35
|
# # => true
|
|
33
36
|
def verify?(mac, sha_bits, public_key, signing_input)
|
|
34
|
-
|
|
37
|
+
validate_params(sha_bits, public_key, signing_input)
|
|
35
38
|
public_key.verify(digest_new(sha_bits), mac, signing_input)
|
|
36
39
|
end
|
|
37
40
|
|
|
41
|
+
def validate_params(sha_bits, key, signing_input)
|
|
42
|
+
validate_key(sha_bits, key)
|
|
43
|
+
validate_message_size(signing_input)
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def validate_key_size(_sha_bits, key)
|
|
47
|
+
fail('Invalid key: RSA modulus too small') if weak_key?(key)
|
|
48
|
+
end
|
|
49
|
+
|
|
38
50
|
# https://github.com/ruby/openssl/issues/5
|
|
39
|
-
def
|
|
40
|
-
|
|
51
|
+
def weak_key?(key)
|
|
52
|
+
!key || key.n.num_bits < KEY_BITS_MIN
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# http://tools.ietf.org/html/rfc3447#section-7.2
|
|
56
|
+
def validate_message_size(signing_input)
|
|
57
|
+
fail('Invalid message: too large for RSA') if signing_input.bytesize > MESSAGE_BYTES_MAX
|
|
41
58
|
end
|
|
42
59
|
|
|
43
|
-
private_class_method :
|
|
60
|
+
private_class_method :validate_params,
|
|
61
|
+
:validate_key_size,
|
|
62
|
+
:weak_key?,
|
|
63
|
+
:validate_message_size
|
|
44
64
|
end
|
|
45
65
|
end
|
|
46
66
|
end
|
|
@@ -47,7 +47,8 @@ module JsonWebToken
|
|
|
47
47
|
context 'param validation' do
|
|
48
48
|
shared_examples_for 'invalid private_key' do
|
|
49
49
|
it 'raises' do
|
|
50
|
-
expect { Rsa.sign(sha_bits, private_key, signing_input_0) }
|
|
50
|
+
expect { Rsa.sign(sha_bits, private_key, signing_input_0) }
|
|
51
|
+
.to raise_error(RuntimeError, 'Invalid key: RSA modulus too small')
|
|
51
52
|
end
|
|
52
53
|
end
|
|
53
54
|
|
|
@@ -23,7 +23,7 @@ module JsonWebToken
|
|
|
23
23
|
it_behaves_like 'does #verify'
|
|
24
24
|
|
|
25
25
|
describe 'w/o passing key to #verify' do
|
|
26
|
-
it
|
|
26
|
+
it 'returns false' do
|
|
27
27
|
jws = Jws.sign(header, payload, signing_key)
|
|
28
28
|
expect(Jws.verify jws, algorithm, nil).to be false
|
|
29
29
|
end
|
|
@@ -31,7 +31,7 @@ module JsonWebToken
|
|
|
31
31
|
|
|
32
32
|
describe 'w passing a changed key to #verify' do
|
|
33
33
|
let(:changed_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9Z' }
|
|
34
|
-
it
|
|
34
|
+
it 'returns false' do
|
|
35
35
|
jws = Jws.sign(header, payload, signing_key)
|
|
36
36
|
expect(Jws.verify jws, algorithm, changed_key).to be false
|
|
37
37
|
end
|
|
@@ -59,6 +59,13 @@ module JsonWebToken
|
|
|
59
59
|
end
|
|
60
60
|
end
|
|
61
61
|
|
|
62
|
+
describe 'w/o key w default header alg' do
|
|
63
|
+
it 'raises' do
|
|
64
|
+
expect { JsonWebToken.sign(claims, {}) }
|
|
65
|
+
.to raise_error(RuntimeError, 'Invalid shared key')
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
|
|
62
69
|
describe 'w HS256 key changed' do
|
|
63
70
|
let(:sign_options) { {alg: 'HS256', key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C'} }
|
|
64
71
|
let(:changed_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9Z' }
|
data/spec/json_web_token_spec.rb
CHANGED
|
@@ -34,12 +34,6 @@ describe JsonWebToken do
|
|
|
34
34
|
end
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
|
-
|
|
38
|
-
describe 'w/o key w default header alg' do
|
|
39
|
-
it 'raises' do
|
|
40
|
-
expect { JsonWebToken.sign(claims, {}) }.to raise_error(RuntimeError, 'Invalid shared key')
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
37
|
end
|
|
44
38
|
|
|
45
39
|
context 'module alias JWT' do
|
metadata
CHANGED
|
@@ -1,47 +1,47 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json_web_token
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gary Fleshman
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-08-
|
|
11
|
+
date: 2015-08-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: json
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - ~>
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '1.8'
|
|
20
|
-
- -
|
|
20
|
+
- - ">="
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 1.8.3
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
26
26
|
requirements:
|
|
27
|
-
- - ~>
|
|
27
|
+
- - "~>"
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
29
|
version: '1.8'
|
|
30
|
-
- -
|
|
30
|
+
- - ">="
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 1.8.3
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
name: rspec
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
|
-
- - ~>
|
|
37
|
+
- - "~>"
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
39
|
version: '3.3'
|
|
40
40
|
type: :development
|
|
41
41
|
prerelease: false
|
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
|
43
43
|
requirements:
|
|
44
|
-
- - ~>
|
|
44
|
+
- - "~>"
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: '3.3'
|
|
47
47
|
description: Ruby implementation of the JSON Web Token (JWT) standard, RFC 7519
|
|
@@ -50,9 +50,9 @@ executables: []
|
|
|
50
50
|
extensions: []
|
|
51
51
|
extra_rdoc_files: []
|
|
52
52
|
files:
|
|
53
|
-
- .gitignore
|
|
54
|
-
- .rspec
|
|
55
|
-
- .travis.yml
|
|
53
|
+
- ".gitignore"
|
|
54
|
+
- ".rspec"
|
|
55
|
+
- ".travis.yml"
|
|
56
56
|
- CHANGELOG.md
|
|
57
57
|
- Gemfile
|
|
58
58
|
- LICENSE
|
|
@@ -93,12 +93,12 @@ require_paths:
|
|
|
93
93
|
- lib
|
|
94
94
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
95
95
|
requirements:
|
|
96
|
-
- -
|
|
96
|
+
- - ">="
|
|
97
97
|
- !ruby/object:Gem::Version
|
|
98
98
|
version: 2.0.0
|
|
99
99
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
|
-
- -
|
|
101
|
+
- - ">="
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
103
|
version: '0'
|
|
104
104
|
requirements: []
|
|
@@ -106,6 +106,6 @@ rubyforge_project:
|
|
|
106
106
|
rubygems_version: 2.4.8
|
|
107
107
|
signing_key:
|
|
108
108
|
specification_version: 4
|
|
109
|
-
summary: JSON Web Token for Ruby
|
|
109
|
+
summary: JSON Web Token (JWT) for Ruby
|
|
110
110
|
test_files: []
|
|
111
111
|
has_rdoc:
|