jwk-loader 0.1.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95cc2cfa71f70b65862e3be731568a8f935934ed814f45d282eed64c713e5e71
-  data.tar.gz: 3d9d2ba513abc82c1a8f356287622829b784b3e4fa89746cf517c036301c905c
+  metadata.gz: cc35d8bbe5c77c12e387ee48e54543073527d3851148d6c313cd062e7da5de5d
+  data.tar.gz: 9ee9af3ebd760f4608265ba99a845427d5a047c0a5fe1ded70297f6f408a8838
 SHA512:
-  metadata.gz: d8cb52c884a168816011173d453f0567c023f17e78f10badd5da583fbf4af6445723d434d7a77ee6d0f51bd645a6f2eaf4a9019646a0f568403a7286f4d03819
-  data.tar.gz: 76b90c92b4af19b21aa1ddd07d9e7b300042f3521301094b00576aee491fe602e7e70e9a6dd2ed166a1b2f50b5f0ceb0f21bfee3bb8433ee965d4e4e08067f64
+  metadata.gz: 7c1da1b6d607b9006a3b8efe55bac39bf8d61db95d137db6705d9eb08ba5eb3340bb66fbad2b15945c4abdf8550143a75b8d34b80975c159baeb11728808c0e6
+  data.tar.gz: 2d14daadf7bf995b2324b3c9ccf46bc2cc67ecc4c00314e20dcc0d01a866dda2056d0b3f5e83a4df00d9f7c0ca02c9154714f2299481c41707a35f80b763cfc6

data/.rubocop.yml

@@ -17,6 +17,7 @@ Layout/LineLength:
 Naming/FileName:
   Exclude:
     - 'lib/jwk-loader.rb'
+    - 'spec/jwk-loader_spec.rb'
 
 Metrics/BlockLength:
   Exclude:

data/CHANGELOG.md

@@ -1,8 +1,13 @@
 ## [Unreleased]
 
+## [1.0.0] - 2023-12-28
+
+- `jwk_loader/test` for convenience for testing without external dependencies. [#6](https://github.com/anakinj/jwk-loader/pull/6) ([@anakinj](https://github.com/anakinj))
+- Serialize the cached key sets into `JWT::JWK:Set` to avoid generating OpenSSL PKeys for each time the keys are used. [#6](https://github.com/anakinj/jwk-loader/pull/6) ([@anakinj](https://github.com/anakinj))
+
 ## [0.1.1] - 2022-08-26
 
-- make sure 'net/http' is required [#1](https://github.com/anakinj/jwk-loader/pull/2) ([@lukad](https://github.com/lukad)).
+- make sure 'net/http' is required [#2](https://github.com/anakinj/jwk-loader/pull/2) ([@lukad](https://github.com/lukad)).
 
 ## [0.1.0] - 2022-07-06
 

data/Gemfile

@@ -11,5 +11,3 @@ gem "rubocop", "~> 1.32.0"
 gem "simplecov"
 gem "vcr"
 gem "webmock"
-
-gem "jwt"

data/README.md

@@ -16,16 +16,56 @@ If bundler is not being used to manage dependencies, install the gem by executin
 
 ### Using as a jwks loader when decoding JWT tokens
 
-```
+```ruby
 require "jwt"
 require "jwk-loader"
 
 JWT.decode(token, nil, true, algorithm: "RS512", jwks: JwkLoader.for_uri(uri: "https://url/to/public/jwks") )
 ```
 
+### Testing endpoints protected by JWT tokens
+
+When testing HTTP endpoints protected by asymmetric JWT keys the mechanism in `jwk_loader/test` can be used to simplify the process.
+
+```ruby
+require 'jwk_loader/test'
+
+RSpec.describe 'GET /protected' do
+  include JwkLoader::Test
+
+  context 'when called with a valid token' do
+    let(:token) { sign_test_token(token_payload: { user_id: 'user' }, jwk_endpoint: 'https://url/to/public/jwks') }
+    subject(:response) { get('/protected', { 'HTTP_AUTHORIZATION' => "Bearer #{token}" }) }
+
+    it 'is a success' do
+      expect(response.status).to eq(200)
+    end
+  end
+end
+```
+
 ### Configuring the gem
 
-TODO: Will probably be implemented at some point
+```ruby
+require "jwt-loader"
+
+JwkLoader.configure do |config|
+  config[:cache] = YetAnotherCache.new
+  config[:cache_grace_period] = 999
+end
+```
+
+or in alternative
+
+```ruby
+require "jwt-loader"
+
+JwkLoader.configure do |config|
+  config.cache = YetAnotherCache.new
+  config.cache_grace_period = 999
+end
+```
+
 
 ## Development
 

data/jwk-loader.gemspec

@@ -32,4 +32,5 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
   spec.add_dependency "concurrent-ruby"
+  spec.add_dependency "jwt", "~> 2.6"
 end

data/lib/jwk-loader.rb

@@ -5,9 +5,37 @@ require_relative "jwk_loader/jwks"
 require_relative "jwk_loader/jwks_uri_provider"
 require_relative "jwk_loader/memory_cache"
 require_relative "jwk_loader/error"
+require_relative "jwk_loader/config/config"
 
 module JwkLoader
-  def self.for_uri(**options)
-    JwksUriProvider.new(**options)
+  class << self
+    def for_uri(**options)
+      options[:cache] ||= config[:cache]
+      options[:cache_grace_period] ||= config[:cache_grace_period]
+      JwksUriProvider.new(**options)
+    end
+
+    def cache
+      config[:cache]
+    end
+
+    def configure
+      yield config
+    end
+
+    def config
+      @config ||= JwkLoader::Config.new.tap do |cfg|
+        cfg[:cache] = MemoryCache.new
+        cfg[:cache_grace_period] = 900
+      end
+    end
+
+    def reset!
+      @config = nil
+    end
+
+    def memory_store
+      @memory_store ||= MemoryCache.new
+    end
   end
 end

data/lib/jwk_loader/config/config.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module JwkLoader
+  class Config
+    class ConfigurationNotFound < JwkLoader::Error
+      def initialize(key)
+        super "Configuration for #{key} not available"
+      end
+    end
+
+    def []=(key, value)
+      registry[key] = value
+    end
+
+    def [](key)
+      registry[key] || (raise ConfigurationNotFound, key)
+    end
+
+    def method_missing(name, *args)
+      return send(:[]=, name.to_s[0..-2].to_sym, *args) if name.to_s.end_with?("=")
+
+      send(:[], name, *args)
+    end
+
+    def respond_to_missing?(_name, _include_private)
+      true
+    end
+
+    private
+
+    def registry
+      @registry ||= {}
+    end
+  end
+end

data/lib/jwk_loader/jwks.rb

@@ -14,6 +14,10 @@ module JwkLoader
         from_json(response.body)
       end
 
+      def from_memory(uri)
+        JwkLoader.memory_store.fetch(uri)
+      end
+
       def from_json(jwks_json)
         JSON.parse(jwks_json, symbolize_names: true)
       end

data/lib/jwk_loader/jwks_uri_provider.rb

@@ -1,16 +1,12 @@
 # frozen_string_literal: true
 
 module JwkLoader
-  def self.cache
-    @cache ||= MemoryCache.new
-  end
-
   class JwksUriProvider
     attr_reader :uri, :cache, :cache_grace_period
 
-    def initialize(uri:, cache: JwkLoader.cache, cache_grace_period: 900)
+    def initialize(uri:, cache:, cache_grace_period:)
       @uri          = uri
-      @cache        = cache || MemoryCache.new
+      @cache        = cache
       @cache_grace_period = cache_grace_period
     end
 
@@ -22,7 +18,7 @@ module JwkLoader
     private
 
     def jwks
-      from_cache || from_uri
+      from_cache || from_memory || from_uri
     end
 
     def invalidate_cache!
@@ -35,12 +31,17 @@ module JwkLoader
       cache_entry&.fetch(:jwks)
     end
 
+    def from_memory
+      JwkLoader::Jwks.from_memory(uri)
+    end
+
     def cache_entry
       cache.fetch(uri)
     end
 
     def from_uri
-      JwkLoader::Jwks.from_uri(uri).tap do |jwks|
+      data = JwkLoader::Jwks.from_uri(uri)
+      JWT::JWK::Set.new(data).tap do |jwks|
         cache.store(uri, jwks: jwks, fetched_at: Time.now)
       end
     end

data/lib/jwk_loader/test.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module JwkLoader
+  module Test
+    def generate_signing_key(algorithm:)
+      case algorithm
+      when "RS256", "RS384", "RS512"
+        OpenSSL::PKey::RSA.new(2048)
+      when "ES256"
+        OpenSSL::PKey::EC.generate("prime256v1")
+      else
+        raise "Unsupported algorithm: #{algorithm}"
+      end
+    end
+
+    def test_signing_key_for(jwk_endpoint:, algorithm: "RS512")
+      key_set = JwkLoader.memory_store.fetch(jwk_endpoint)
+
+      if key_set.nil?
+        key_set = JWT::JWK::Set.new([generate_signing_key(algorithm: algorithm)])
+        JwkLoader.memory_store.store(jwk_endpoint, key_set)
+      end
+
+      key_set.first
+    end
+
+    def sign_test_token(token_payload:, jwk_endpoint:, algorithm: "RS512")
+      key = test_signing_key_for(jwk_endpoint: jwk_endpoint, algorithm: algorithm)
+      JWT.encode(token_payload, key.signing_key, algorithm, kid: key[:kid])
+    end
+  end
+end

data/lib/jwk_loader/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module JwkLoader
-  VERSION = "0.1.1"
+  VERSION = "1.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwk-loader
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.0.0
 platform: ruby
 authors:
 - Joakim Antman
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-08-26 00:00:00.000000000 Z
+date: 2023-12-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
 description:
 email:
 - antmanj@gmail.com
@@ -41,10 +55,12 @@ files:
 - Rakefile
 - jwk-loader.gemspec
 - lib/jwk-loader.rb
+- lib/jwk_loader/config/config.rb
 - lib/jwk_loader/error.rb
 - lib/jwk_loader/jwks.rb
 - lib/jwk_loader/jwks_uri_provider.rb
 - lib/jwk_loader/memory_cache.rb
+- lib/jwk_loader/test.rb
 - lib/jwk_loader/version.rb
 homepage: https://github.com/anakinj/jwk-loader
 licenses:
@@ -53,7 +69,7 @@ metadata:
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/anakinj/jwk-loader
   source_code_uri: https://github.com/anakinj/jwk-loader
-  changelog_uri: https://github.com/anakinj/jwk-loader/blob/0.1.1/CHANGELOG.md
+  changelog_uri: https://github.com/anakinj/jwk-loader/blob/1.0.0/CHANGELOG.md
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []