json_web_token 0.3.2 → 0.3.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.rspec +1 -0
  3. data/.travis.yml +3 -4
  4. data/CHANGELOG.md +5 -0
  5. data/LICENSE.md +1 -1
  6. data/README.md +1 -1
  7. data/json_web_token.gemspec +1 -2
  8. data/lib/json_web_token/algorithm/rsa.rb +6 -20
  9. data/lib/json_web_token/version.rb +1 -1
  10. metadata +7 -21
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1f2f2e9c05d1aa0624ecb4c80542779a4947440d
4
- data.tar.gz: a743b29a91a80f888ef14cff51a31692e007955d
3
+ metadata.gz: d2049604b3f41c8df52e18f3437bc061986b5f53
4
+ data.tar.gz: bfed75256ebea6502c691580fd18b6fcff707ace
5
5
  SHA512:
6
- metadata.gz: 33a0ad974222c5dc8773f9640f90e07e70b5afaa6986476341c6a2cbafd114e392810f33be973d85cc91c29e366fe7e6c1d2815870563310b648ef7dc29e8fc6
7
- data.tar.gz: df28c9e985c1fd29e09cc13ae48c4b486b00f350f5d37cb92d876f9c0a3df152bba6c71432f5bd924d9a4e52c15c9d6501aa115e7040dc0d3568c590069faa13
6
+ metadata.gz: d2b811ae25982cd749cc86d4c27b9a1e547766e407c4aff35a8f9e5ce97bc5d8bc47cdfc3880aef93a029cdac124af26bbe43ecd3b9ecbfa691fb5fef835b8f7
7
+ data.tar.gz: 5143565589c04bb1618c4c69baba3993b21a3fd62fa37ca584666c25ae6d7f49515fa7eeb04326896edd34b1b4f31ab2abadd179522e8e6a1a78371cf8e9d766
data/.rspec CHANGED
@@ -1 +1,2 @@
1
1
  --color
2
+ --require spec_helper
data/.travis.yml CHANGED
@@ -1,7 +1,6 @@
1
1
  language: ruby
2
2
  rvm:
3
- - 2.0.0-p648
4
3
  - 2.1.10
5
- - 2.2.5
6
- - 2.3.1
7
- before_install: gem install bundler -v 1.13.2
4
+ - 2.2.6
5
+ - 2.3.3
6
+ - 2.4.0
data/CHANGELOG.md CHANGED
@@ -1,5 +1,10 @@
1
1
  ## Changelog
2
2
 
3
+ ### v0.3.3 (2017-01-16)
4
+
5
+ * Bug fixes
6
+ * Remove invalid RSA .validate_message_size
7
+
3
8
  ### v0.3.2 (2016-10-09)
4
9
 
5
10
  * Enhancements
data/LICENSE.md CHANGED
@@ -1,6 +1,6 @@
1
1
  The MIT License (MIT)
2
2
 
3
- Copyright (c) 2016 Gary Fleshman
3
+ Copyright (c) 2017 Gary Fleshman
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
6
6
 
data/README.md CHANGED
@@ -131,7 +131,7 @@ ES512 | ECDSA using P-521 and SHA-512
131
131
  none | No digital signature or MAC performed (unsecured)
132
132
 
133
133
  ### Supported Ruby Versions
134
- Ruby 2.0.0 and up
134
+ Ruby 2.1 and up
135
135
 
136
136
  ### Limitations
137
137
  Future implementation may include these features:
data/json_web_token.gemspec CHANGED
@@ -23,12 +23,11 @@ Gem::Specification.new do |s|
23
23
  s.platform = Gem::Platform::RUBY
24
24
  s.required_ruby_version = '>= 2.0.0'
25
25
 
26
- s.add_runtime_dependency 'json', '>= 1.8.3'
26
+ s.add_runtime_dependency 'json', '~> 2.0'
27
27
 
28
28
  s.add_development_dependency 'bundler', '~> 1.13'
29
29
  s.add_development_dependency 'rake', '~> 10.0'
30
30
  s.add_development_dependency 'rspec', '~> 3.0'
31
- s.add_development_dependency 'pry', '~> 0.10'
32
31
  s.add_development_dependency 'pry-byebug', '~> 3.4'
33
32
  s.add_development_dependency 'simplecov', '~> 0.12'
34
33
  s.add_development_dependency 'yard', '~> 0.9'
data/lib/json_web_token/algorithm/rsa.rb CHANGED
@@ -5,14 +5,10 @@ module JsonWebToken
5
5
  # Sign or verify a JSON Web Signature (JWS) structure using RSASSA-PKCS-v1_5
6
6
  # @see http://tools.ietf.org/html/rfc7518#section-3.3
7
7
  module Rsa
8
-
9
8
  extend JsonWebToken::Algorithm::Common
10
9
 
11
10
  KEY_BITS_MIN = 2048
12
11
 
13
- # @see http://tools.ietf.org/html/rfc3447#section-7.2
14
- MESSAGE_BYTES_MAX = 245 # 256 - 11 bytes
15
-
16
12
  module_function
17
13
 
18
14
  # @param sha_bits [String] desired security level in bits of the signature scheme
@@ -23,26 +19,23 @@ module JsonWebToken
23
19
  # Rsa.sign('256', < private_key >, 'signing_input').bytes.length
24
20
  # # => 256
25
21
  def sign(sha_bits, private_key, signing_input)
26
- validate_params(sha_bits, private_key, signing_input)
22
+ validate_key(sha_bits, private_key)
27
23
  private_key.sign(digest_new(sha_bits), signing_input)
28
24
  end
29
25
 
30
26
  # @param mac [BinaryString] a digital signature, or mac
27
+ # @param sha_bits [String] desired security level in bits of the signature scheme
31
28
  # @param public_key [OpenSSL::PKey::RSA] key used to verify a digital signature, or mac
29
+ # @param signing_input [String] input payload for a mac computation
32
30
  # @return [Boolean] a predicate to verify the signing_input for a given +mac+
33
31
  # @example
34
32
  # Rsa.verify?(< binary_string >, '256', < public_key >, 'signing_input')
35
33
  # # => true
36
34
  def verify?(mac, sha_bits, public_key, signing_input)
37
- validate_params(sha_bits, public_key, signing_input)
35
+ validate_key(sha_bits, public_key)
38
36
  public_key.verify(digest_new(sha_bits), mac, signing_input)
39
37
  end
40
38
 
41
- def validate_params(sha_bits, key, signing_input)
42
- validate_key(sha_bits, key)
43
- validate_message_size(signing_input)
44
- end
45
-
46
39
  def validate_key_size(_sha_bits, key)
47
40
  fail('Invalid key: RSA modulus too small') if weak_key?(key)
48
41
  end
@@ -52,15 +45,8 @@ module JsonWebToken
52
45
  !key || key.n.num_bits < KEY_BITS_MIN
53
46
  end
54
47
 
55
- # http://tools.ietf.org/html/rfc3447#section-7.2
56
- def validate_message_size(signing_input)
57
- fail('Invalid message: too large for RSA') if signing_input.bytesize > MESSAGE_BYTES_MAX
58
- end
59
-
60
- private_class_method :validate_params,
61
- :validate_key_size,
62
- :weak_key?,
63
- :validate_message_size
48
+ private_class_method :validate_key_size,
49
+ :weak_key?
64
50
  end
65
51
  end
66
52
  end
data/lib/json_web_token/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module JsonWebToken
2
- VERSION = '0.3.2'
2
+ VERSION = "0.3.3"
3
3
  end
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json_web_token
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gary Fleshman
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-10-09 00:00:00.000000000 Z
11
+ date: 2017-01-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ">="
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.8.3
19
+ version: '2.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ">="
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.8.3
26
+ version: '2.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -66,20 +66,6 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '3.0'
69
- - !ruby/object:Gem::Dependency
70
- name: pry
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - "~>"
74
- - !ruby/object:Gem::Version
75
- version: '0.10'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - "~>"
81
- - !ruby/object:Gem::Version
82
- version: '0.10'
83
69
  - !ruby/object:Gem::Dependency
84
70
  name: pry-byebug
85
71
  requirement: !ruby/object:Gem::Requirement
@@ -187,7 +173,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
187
173
  version: '0'
188
174
  requirements: []
189
175
  rubyforge_project:
190
- rubygems_version: 2.6.7
176
+ rubygems_version: 2.6.8
191
177
  signing_key:
192
178
  specification_version: 4
193
179
  summary: JSON Web Token (JWT) for Ruby