json_web_token 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/lib/json_web_token/algorithm/hmac.rb +0 -1
- data/lib/json_web_token/algorithm/rsa_util.rb +30 -0
- data/lib/json_web_token/version.rb +1 -1
- data/spec/fixtures/rsa/private_key.pem +27 -0
- data/spec/fixtures/rsa/private_key_weak.pem +27 -0
- data/spec/fixtures/rsa/public_key.pem +9 -0
- data/spec/fixtures/rsa/public_key_alt.pem +9 -0
- data/spec/json_web_token/algorithm/rsa_spec.rb +8 -6
- data/spec/json_web_token/jwa_spec.rb +7 -2
- data/spec/json_web_token/jws_spec.rb +0 -12
- data/spec/json_web_token/jwt_spec.rb +0 -15
- metadata +7 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 59b01a64cc639bdaeeac72c076ba017f0f587d96
|
|
4
|
+
data.tar.gz: 1d751ccca27d4693dedc63fb45c4ed7139a66abf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 85411ccec175d81fa600fcb85a67d4848e87b74f4a2b724550d39da8b0c48610709a75453ceee620de4bbeb109d48c06f996288cbe9fff937a92496fb38d1d11
|
|
7
|
+
data.tar.gz: f128850d5fd8d57a325778d0d21a5ae96ace9d198670d2ae01a905061becf8d7643e848ed2aa23b905193e18875ab5316cab56ba3db341f7b5a60f16cab27fd1
|
data/CHANGELOG.md
CHANGED
|
@@ -34,7 +34,6 @@ module JsonWebToken
|
|
|
34
34
|
# Hmac.verify?(< binary_string >, '256', shared_key, 'signing_input')
|
|
35
35
|
# # => true
|
|
36
36
|
def verify?(mac, sha_bits, shared_key, signing_input)
|
|
37
|
-
validate_key(sha_bits, shared_key)
|
|
38
37
|
Util.constant_time_compare?(mac, sign(sha_bits, shared_key, signing_input))
|
|
39
38
|
end
|
|
40
39
|
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
module JsonWebToken
|
|
2
|
+
module Algorithm
|
|
3
|
+
# Load encryption keys
|
|
4
|
+
module RsaUtil
|
|
5
|
+
|
|
6
|
+
module_function
|
|
7
|
+
|
|
8
|
+
# Load an RSA private key from a pem file
|
|
9
|
+
def private_key(path_to_keys, filename = 'private_key.pem')
|
|
10
|
+
decoded_key(path_to_keys, filename)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# Load an RSA public key from a pem file
|
|
14
|
+
def public_key(path_to_keys, filename = 'public_key.pem')
|
|
15
|
+
decoded_key(path_to_keys, filename)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def decoded_key(path_to_keys, filename)
|
|
19
|
+
OpenSSL::PKey::RSA.new(pem_read(path_to_keys, filename))
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def pem_read(path_to_keys, filename)
|
|
23
|
+
File.read(File.join(path_to_keys, filename))
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private_class_method :decoded_key,
|
|
27
|
+
:pem_read
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
+
MIIEpAIBAAKCAQEAruE38DIgPqG4sJeFfXDS80BZdCoQRakRmKfkoOq26BaCerNK
|
|
3
|
+
IsMV1zMCnFWh/c3ax7iWXMbIrUIixDxAjOe/smzRCaT9rL6Jz235dbYX81mdGPUA
|
|
4
|
+
/PqzgwbfYnoKf9tDrUWDG0oU9WN/HJDY+1lKFW3sG29ENsLn7ezJOP8d7y1mIocg
|
|
5
|
+
l94dfKKaPlM3NECPObXGbJWyPsIlYrgCBKwdH6zHfKFeDDawsagtK7MZfzVfh/bI
|
|
6
|
+
JzL+84oCOUn75pXwl5JKOLaudYuHFNNGe4XCma+l0BEyfIAykIm2V5tL2zUaEPm6
|
|
7
|
+
Mh8r70nEeLtEDUgbVXk6OoEVfbEksvRfEaxPUQIDAQABAoIBAE2n+R0SRTtKuSbB
|
|
8
|
+
widX6HTYSGDLJPqp/wRY2a+TSrF4/WvbHbqeAp7TKf+eDxcTSGmT0EFWjFpTmfim
|
|
9
|
+
AMwRRRDIPXMY7wS8f5m67iGVQMFxM8+XTF8KPJicfqnOI8du6HiS+4sstG3bRuC6
|
|
10
|
+
eX/zwHAPpd7w48uldTQ0B47lyrcgJ8ZaKdA7BZRzxSojSrCmosajoOoAqRUKj9Bw
|
|
11
|
+
CcDVmZOrgd0z2spNsP/h1u8tyKNc55QtY7AbhiuJ7Eo99Fob78xH7pKgZk10MqLX
|
|
12
|
+
xWB0x5yKAptJ5O/cGkHwJ0CNP+/bWN4tRPJLd7q+lTDvBf40ix3UJ8xq2MItJoIo
|
|
13
|
+
4ysKplkCgYEA22tUs30r8qtQwzkTnwKnnNtHQbCVNx79PbQiSVeg1OFULBJ9Q5JB
|
|
14
|
+
tScgTeINvjeYvFk5yguy25dUZfpLy8tR2mziGy023LTfnPM7ldsFsoXgW+TimQhd
|
|
15
|
+
xn4aizgLk4F+jmX+Ga/YJllSUBmzgHtrJxFyFgfprlCWY8Oy6ayQvLMCgYEAzAj4
|
|
16
|
+
nPjf0tIU+HLVQNxzq+6EaJIdsaF4VNtuc5RUyIpN7ptnm+Qp1sZgMTFuZY/NGUJd
|
|
17
|
+
JUHF2598P7izf8k1U55CzHt9WR3gXADiDgubWXKJC9aO67RXQPfUX0f8g0MBpRyr
|
|
18
|
+
aMb1P3vEeEN6Mz2+rpxRQ+VMZHm03WgXfKTeDesCgYBw13nv9OetHT2jqK7Wj97z
|
|
19
|
+
ZDH5Ln8OoflKymD3pwEnedp37+pL3eO87ipG44J92MnL03dM2UdadzEIYPiqDh5C
|
|
20
|
+
XszJfS9BwiNd7BkwsDr13LPNjqCaYxsXAbNU9bW+XlJfmURcoXpf/n++gfk2kkJB
|
|
21
|
+
DU/G1Lrw0rEFDZftZLnq0QKBgQC4vsLF939K+Bgu4mN/6F0AZ+cSfINQjKFVTJ8V
|
|
22
|
+
HlEqiDiKfcJx4EWWCGefA2Avq+aNIY8Pph+OfjlVxVsasMiNXzaiyoo0QB4fkFkf
|
|
23
|
+
WJkgg9ndkzgz6kY7OGvenmLhQ7HgnDYEmGoGQn4iWw7yCM14c2gN7zidnaoL9C2Y
|
|
24
|
+
GfxKYwKBgQCvOp4mlfL176dKrCjOxVFqnpXMCS3WqTWk5e+uR6GKcs6SvEfue0X0
|
|
25
|
+
B/SVRn6tyKqLp9pvM+0fEaXrspZmgoedmiPY3V7Am5bdMOltW5DMvxAAdnqjok1i
|
|
26
|
+
q2O8Of/DTt2bn3nu8IZDeHrKebx8z/CG9rQK4x5fT1HcwAgroYG0bQ==
|
|
27
|
+
-----END RSA PRIVATE KEY-----
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
+
MIIEgQIBAAKB+wDZmyrApkiH+zL7G2Gzwht9N0KbW/iJCeygAKyqHoc75nFLE4We
|
|
3
|
+
jxGHR4RlIg9kYn1Qbm7Yl5/ASFIE//vMjqyJJ5GqoeVAKZfAp4NFKd99Ja5z1pIW
|
|
4
|
+
/hh4n2fswF9VYRsuCC0nmDQ9XNUZunXVJPJwOZ3RlWkE1yIbU1Ianr+Y81SkF6bp
|
|
5
|
+
pT/ucmA52RbVImoDoxztu0OK7CQ/yE3+gvHSwLaRE3/s5NpGhOPj3XoumMZoyAyb
|
|
6
|
+
rWlBCadAoaaaPAZx460xTP+I6n6CDM6/6uPazaRbOVxChIgiOxpPU39aNKwbB/iN
|
|
7
|
+
7LOuiSO1mStLXVTVpCsQukJa6GBPAgMBAAECgfo4oBYp95tcN1P24BM2kcZReTXN
|
|
8
|
+
88ri7kAzCrnjsvoB7l+A592XeydWipe7MXfL6Y0uhu41Uo9xm+AsCOjfPClNr4xK
|
|
9
|
+
WMKtRaWFrpGMR+8uQ8X3wthVP13i1ahXhV/JefF2sw39BbBiX2vcvBa5llm4NmYJ
|
|
10
|
+
CdZAOjNX5QCyiC3qDkYrQnY3c8ccWA+SdrZylRRBufzKxbp0HPU7NpQJmKGrORTd
|
|
11
|
+
lkYgXKI7QPMQ1/LgaVtEbG77MYbmzt0PAw6w5nQlwF8G9hV37Y6xanpg3EobOih2
|
|
12
|
+
qM/qmWRyg417h1VTMxVQLNf53f9P/nzRnSQK79ZDzPmSyI+ww0kRAn4A9TjM/51r
|
|
13
|
+
c/1IlFrWpo3NlsepGBmyX0DUNWuZOhA4Z2z7+GyAokF0LacFRyQNxzwFLAuMargm
|
|
14
|
+
WMgAKNs3LaZxrsWNCbyUCv2vyGSREsFJtXRIs2jBE4TUycOZvtgD32Y0EeKknc9y
|
|
15
|
+
RCT/kPSkKj/QDB8vsRaUql7829uuVAsCfgDjK6NPv8fTyLITPeCJoOcCa4LDr6nZ
|
|
16
|
+
vB21FCJom2eumrQ6lHkuLiFh2E+E2ICvKuCBaNi5g01wV6WnjJ1Ou3r33Ig+H6wX
|
|
17
|
+
La7cr0bq+QlLQy/woBlrgevIseAVKFnBe/rB8RY3vLTV53DLsRIlUjW3r0Hi+ovN
|
|
18
|
+
6ky/6dnrTQJ9cHBk/ufNd1exyeSE+8WVeQd/rz9JHIf7RatajNcXJcVBG72UldFx
|
|
19
|
+
VeV5dA9CChKpRHLfJafeXWMHP7SUbmgdREfszYQcVZXQ3g/OvUzHYV46X5kuvqZv
|
|
20
|
+
czwu6OTfkbWpNnI3jOyrtjdIv8yM4Zp06Ln8AjUaYaxAQQdPvdUCfgC6qdHQptpw
|
|
21
|
+
6HmCnBaToFYRw/u4BfDAC/YxI7E+WWvxqgcsF3IXgypE9vQoSao7xTSiwV9L2Fta
|
|
22
|
+
U3q32TAtUJozbs+4lFfY193WUmQokaeUY0nSJAufLitrRtXFLNnLxa7/i7Vg6TuC
|
|
23
|
+
hGFHzmEFr66aF3VBJ/SWp86W53X8BQJ9R6IhbZpxnGW3TbcgP5R7xVBcas+ypYn6
|
|
24
|
+
CEV22CzMDSE21Zek/q0N65im9QJgHrtLXSrb6DVOJF6lp8pm3yO+UXsaMTldysvo
|
|
25
|
+
H7sN9CzhhQNpSwFp4dvYQBi6pIQGsit6lbOj5wkE3PeRsusO6pcIli2w2MzgPjxn
|
|
26
|
+
OERK2BM=
|
|
27
|
+
-----END RSA PRIVATE KEY-----
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
-----BEGIN PUBLIC KEY-----
|
|
2
|
+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruE38DIgPqG4sJeFfXDS
|
|
3
|
+
80BZdCoQRakRmKfkoOq26BaCerNKIsMV1zMCnFWh/c3ax7iWXMbIrUIixDxAjOe/
|
|
4
|
+
smzRCaT9rL6Jz235dbYX81mdGPUA/PqzgwbfYnoKf9tDrUWDG0oU9WN/HJDY+1lK
|
|
5
|
+
FW3sG29ENsLn7ezJOP8d7y1mIocgl94dfKKaPlM3NECPObXGbJWyPsIlYrgCBKwd
|
|
6
|
+
H6zHfKFeDDawsagtK7MZfzVfh/bIJzL+84oCOUn75pXwl5JKOLaudYuHFNNGe4XC
|
|
7
|
+
ma+l0BEyfIAykIm2V5tL2zUaEPm6Mh8r70nEeLtEDUgbVXk6OoEVfbEksvRfEaxP
|
|
8
|
+
UQIDAQAB
|
|
9
|
+
-----END PUBLIC KEY-----
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
-----BEGIN PUBLIC KEY-----
|
|
2
|
+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcDymjKwuWwyq9Zyt7EF
|
|
3
|
+
epTHzyvO875ioqDoMtCNhADrjLU25vaAaCyyf035VoXl/HYaUj0tBiEvQreso98O
|
|
4
|
+
eGO6cnfnu/QBvd1veyKtA8EjHFeo7NeA/RdXj6sEWtdM+QVHy6yI8YS/WAu8Ubrb
|
|
5
|
+
MNeDk4dEmfvvgL9TxNAYuVlWcLuR1fEyNN4NsansHZtoBCf6lRhd6l9uvu1HZJJ/
|
|
6
|
+
UrOostwH5jgnI3rWS2fB9SU7G5l9+YS7NbNGxa4kE6x72ko5WPg1U+wch94rZhxT
|
|
7
|
+
XBJDipRIox83wEQEP0qH8IWC905CmnYqfZ7HMdGt7KWvg/svO/q4oRtCb5NDEDGL
|
|
8
|
+
6QIDAQAB
|
|
9
|
+
-----END PUBLIC KEY-----
|
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
require 'json_web_token/algorithm/rsa'
|
|
2
|
+
require 'json_web_token/algorithm/rsa_util'
|
|
2
3
|
|
|
3
4
|
module JsonWebToken
|
|
4
5
|
module Algorithm
|
|
5
6
|
describe Rsa do
|
|
6
7
|
let(:signing_input_0) { '{"iss":"joe","exp":1300819380,"http://example.com/is_root":true}' }
|
|
7
8
|
let(:signing_input_1) { '{"iss":"mike","exp":1300819380,"http://example.com/is_root":false}' }
|
|
9
|
+
let(:path_to_keys) { 'spec/fixtures/rsa' }
|
|
8
10
|
context 'detect changed signing_input or MAC' do
|
|
9
|
-
let(:private_key) {
|
|
10
|
-
let(:public_key) {
|
|
11
|
+
let(:private_key) { RsaUtil.private_key(path_to_keys) }
|
|
12
|
+
let(:public_key) { RsaUtil.public_key(path_to_keys) }
|
|
11
13
|
shared_examples_for '#sign' do
|
|
12
14
|
it 'does #verify?' do
|
|
13
15
|
mac = Rsa.sign(sha_bits, private_key, signing_input_0)
|
|
@@ -24,7 +26,7 @@ module JsonWebToken
|
|
|
24
26
|
it_behaves_like '#sign'
|
|
25
27
|
|
|
26
28
|
describe 'changed key' do
|
|
27
|
-
let(:changed_public_key) {
|
|
29
|
+
let(:changed_public_key) { RsaUtil.public_key(path_to_keys, 'public_key_alt.pem') }
|
|
28
30
|
it 'fails to #verify?' do
|
|
29
31
|
mac = Rsa.sign(sha_bits, private_key, signing_input_0)
|
|
30
32
|
expect(Rsa.verify? mac, sha_bits, public_key, signing_input_0).to be true
|
|
@@ -52,8 +54,8 @@ module JsonWebToken
|
|
|
52
54
|
end
|
|
53
55
|
end
|
|
54
56
|
|
|
55
|
-
context 'private_key bit size
|
|
56
|
-
let(:private_key) {
|
|
57
|
+
context 'private_key bit size < KEY_BITS_MIN (2048)' do
|
|
58
|
+
let(:private_key) { RsaUtil.private_key(path_to_keys, 'private_key_weak.pem') }
|
|
57
59
|
describe 'w 256 sha_bits' do
|
|
58
60
|
let(:sha_bits) { '256' }
|
|
59
61
|
it_behaves_like 'invalid private_key'
|
|
@@ -78,7 +80,7 @@ module JsonWebToken
|
|
|
78
80
|
end
|
|
79
81
|
|
|
80
82
|
context 'private_key bits (2048) == KEY_BITS_MIN (2048)' do
|
|
81
|
-
let(:private_key) {
|
|
83
|
+
let(:private_key) { RsaUtil.private_key(path_to_keys) }
|
|
82
84
|
describe 'w 256 sha_bits' do
|
|
83
85
|
let(:sha_bits) { '256' }
|
|
84
86
|
it_behaves_like '2048 bit private_key'
|
|
@@ -1,7 +1,11 @@
|
|
|
1
|
+
require 'json_web_token/algorithm/rsa_util'
|
|
1
2
|
require 'json_web_token/jwa'
|
|
2
3
|
require 'support/ecdsa_key'
|
|
3
4
|
|
|
4
5
|
module JsonWebToken
|
|
6
|
+
|
|
7
|
+
RsaUtil = JsonWebToken::Algorithm::RsaUtil
|
|
8
|
+
|
|
5
9
|
describe Jwa do
|
|
6
10
|
let(:signing_input) { '{"iss":"joe","exp":1300819380,"http://example.com/is_root":true}' }
|
|
7
11
|
shared_examples_for 'w #verify?' do
|
|
@@ -24,8 +28,9 @@ module JsonWebToken
|
|
|
24
28
|
|
|
25
29
|
describe 'RS256' do
|
|
26
30
|
let(:algorithm) { 'RS256' }
|
|
27
|
-
let(:
|
|
28
|
-
let(:
|
|
31
|
+
let(:path_to_keys) { 'spec/fixtures/rsa' }
|
|
32
|
+
let(:signing_key) { RsaUtil.private_key(path_to_keys) }
|
|
33
|
+
let(:verifying_key) { RsaUtil.public_key(path_to_keys) }
|
|
29
34
|
it_behaves_like 'w #verify?'
|
|
30
35
|
|
|
31
36
|
it 'returns a 256-byte MAC' do
|
|
@@ -49,18 +49,6 @@ module JsonWebToken
|
|
|
49
49
|
end
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
context 'w RS256 keys' do
|
|
53
|
-
let(:signing_key) { OpenSSL::PKey::RSA.generate(2048) }
|
|
54
|
-
let(:verifying_key) { signing_key.public_key }
|
|
55
|
-
context "w RS256 'alg' header parameter" do
|
|
56
|
-
let(:header) { {alg: 'RS256'} }
|
|
57
|
-
describe 'w passing a matching algorithm to #verify' do
|
|
58
|
-
let(:algorithm) { 'RS256' }
|
|
59
|
-
it_behaves_like 'does #verify'
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
end
|
|
63
|
-
|
|
64
52
|
context "w ES256 'alg' header parameter" do
|
|
65
53
|
let(:header) { {alg: 'ES256'} }
|
|
66
54
|
describe 'w passing a matching algorithm to #verify' do
|
|
@@ -76,21 +76,6 @@ module JsonWebToken
|
|
|
76
76
|
end
|
|
77
77
|
end
|
|
78
78
|
|
|
79
|
-
context 'w RS256 keys' do
|
|
80
|
-
let(:signing_key) { OpenSSL::PKey::RSA.generate(2048) }
|
|
81
|
-
let(:verifying_key) { signing_key.public_key }
|
|
82
|
-
let(:verify_options) { {alg: 'RS256', key: verifying_key} }
|
|
83
|
-
describe 'passing matching options' do
|
|
84
|
-
let(:sign_options) { {alg: 'RS256', key: signing_key} }
|
|
85
|
-
it_behaves_like 'does #verify'
|
|
86
|
-
|
|
87
|
-
it 'plausible' do
|
|
88
|
-
jwt = Jwt.sign(claims, sign_options)
|
|
89
|
-
expect(plausible_message_signature? jwt, 256).to be true
|
|
90
|
-
end
|
|
91
|
-
end
|
|
92
|
-
end
|
|
93
|
-
|
|
94
79
|
context "w ES256 'alg' header parameter" do
|
|
95
80
|
let(:algorithm) { 'ES256' }
|
|
96
81
|
describe 'w passing a matching algorithm to #verify' do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json_web_token
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gary Fleshman
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-08-
|
|
11
|
+
date: 2015-08-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: json
|
|
@@ -63,6 +63,7 @@ files:
|
|
|
63
63
|
- lib/json_web_token/algorithm/ecdsa.rb
|
|
64
64
|
- lib/json_web_token/algorithm/hmac.rb
|
|
65
65
|
- lib/json_web_token/algorithm/rsa.rb
|
|
66
|
+
- lib/json_web_token/algorithm/rsa_util.rb
|
|
66
67
|
- lib/json_web_token/format/asn1.rb
|
|
67
68
|
- lib/json_web_token/format/base64_url.rb
|
|
68
69
|
- lib/json_web_token/jwa.rb
|
|
@@ -70,6 +71,10 @@ files:
|
|
|
70
71
|
- lib/json_web_token/jwt.rb
|
|
71
72
|
- lib/json_web_token/util.rb
|
|
72
73
|
- lib/json_web_token/version.rb
|
|
74
|
+
- spec/fixtures/rsa/private_key.pem
|
|
75
|
+
- spec/fixtures/rsa/private_key_weak.pem
|
|
76
|
+
- spec/fixtures/rsa/public_key.pem
|
|
77
|
+
- spec/fixtures/rsa/public_key_alt.pem
|
|
73
78
|
- spec/json_web_token/algorithm/ecdsa_spec.rb
|
|
74
79
|
- spec/json_web_token/algorithm/hmac_spec.rb
|
|
75
80
|
- spec/json_web_token/algorithm/rsa_spec.rb
|