jwk 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1575c0b94d636319a7465b52c562595fb9879116
+  data.tar.gz: 3a75443a7e7f83443309de1746c661a26c351f4a
+SHA512:
+  metadata.gz: dd408f90856457824da0a2f522c0609e404ea794825ffd3354318a0568fad0739c068b860f6d7cd839db456d5b61526940ffed13982211ee2f5958721d9bd976
+  data.tar.gz: dc057987055f26dc8fbc3c533eb93e9321a8023d13825c75b40dcfab0a3b586dc620f20522f34f23d4c034bf7cb94468ff2019aacb6ab44c6c1bffbff44e889f

data/.codeclimate.yml

@@ -0,0 +1,15 @@
+engines:
+  duplication:
+    enabled: true
+    config:
+      languages:
+      - ruby
+  rubocop:
+    enabled: true
+
+ratings:
+  paths:
+    - lib/**
+
+exclude_paths:
+  - spec/**/*

data/.gitignore

@@ -0,0 +1,17 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/.ruby-gemset
+/.ruby-version
+Gemfile.lock
+/coverage
+.byebug_history
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,16 @@
+Metrics/LineLength:
+  Max: 120
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*
+
+Style/Documentation:
+  Enabled: false
+
+Style/GuardClause:
+  Enabled: false
+
+Lint/RescueException:
+  Exclude:
+    - spec/**/*

data/.travis.yml

@@ -0,0 +1,16 @@
+language: ruby
+dist: trusty
+rvm:
+  - jruby-1.7.26
+  - jruby-9.1.9.0
+  - 2.0.0-p648
+  - 2.1.10
+  - 2.2.8
+  - 2.3.5
+
+matrix:
+  include:
+    - rvm: 2.4.2
+      env: CODECLIMATE_REPO_TOKEN=5d5a47900abd78d4b430435e4948a78c9b065c20e2f4be4ecb0a084413d75ca0
+      after_script:
+        - bundle exec codeclimate-test-reporter

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in jwk.gemspec
+gemspec

data/LICENSE.md

@@ -0,0 +1,23 @@
+The MIT License (MIT)
+=====================
+
+* Copyright © 2017 Francesco Boffa
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,26 @@
+# JWK
+
+[![Build Status](https://travis-ci.org/aomega08/jwk.svg)](https://travis-ci.org/aomega08/jwk)
+[![Code Climate](https://codeclimate.com/github/aomega08/jwk/badges/gpa.svg)](https://codeclimate.com/github/aomega08/jwk)
+[![Test Coverage](https://codeclimate.com/github/aomega08/jwk/badges/coverage.svg)](https://codeclimate.com/github/aomega08/jwk/coverage)
+
+A Ruby implementation of the RFC 7517 JSON Web Keys (JWK) standard.
+
+## Installation
+
+    $ gem install jwk
+
+## Usage
+
+TODO: Write usage instructions here
+
+## License
+
+The MIT License
+
+Copyright © 2017 Francesco Boffa
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'jwk'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/docs/asn1.md

@@ -0,0 +1,62 @@
+# DER Encoded ASN.1
+
+* Everything is Big Endian.
+* Every encoded item is prefixed by a tag that specifies its nature followed by its length and data.
+* If lengths are < 128 they are just added to the stream as a single byte. Lengths > 127 are prefixed by (0x80 | bytelength of length).
+* If Tags have 0x80 bit set, they're "custom". If 0xA0, they're custom, but structured like a SEQUENCE.
+
+### Notable tags:
+
+* **0x30** SEQUENCE (array of non-uniform objects)
+* **0x02** INTEGER
+* **0x03** BIT STRING (for some reason prefixed by 00)
+* **0x04** OCTET STRING (similar to BIT STRING but not prefixed by 00)
+* **0x05** NULL
+* **0x06** OBJECT IDENTIFIER
+
+## Generic Public Key format:
+
+    SEQUENCE
+      SEQUENCE
+        OBJECT IDENTIFIER
+        NULL
+      BIT STRING
+        (Key Type dependent)
+
+## RSA Public Key format:
+
+Can be found in the wild, but it is usually embedded in the Generic Public Key format.
+
+    SEQUENCE
+      INTEGER n
+      INTEGER e
+
+## RSA Private Key format:
+
+    SEQUENCE (0x30)
+      INTEGER 0
+      INTEGER n
+      INTEGER e
+      INTEGER d
+      INTEGER p
+      INTEGER q
+      INTEGER dp
+      INTEGER dq
+      INTEGER qi
+
+## EC Private Key format:
+
+    SEQUENCE
+      INTEGER 1
+      OCTET STRING d
+      (custom structure, 0xA0)
+        OBJECT IDENTIFIER
+      (custom structure, 0xA1)
+        BIT STRING (0x04 followed by x and y)
+
+## Common Object IDs
+
+RSA: 1.2.840.113549.1.1.1
+EC P-256: 1.2.840.10045.3.1.7
+EC P-384: 1.3.132.0.34
+EC P-521: 1.3.132.0.35

data/jwk.gemspec

@@ -0,0 +1,23 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'jwk/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'jwk'
+  spec.version       = JWK::VERSION
+  spec.authors       = ['Francesco Boffa']
+  spec.email         = ['fra.boffa@gmail.com']
+
+  spec.summary       = 'JSON Web Keys implementation in Ruby'
+  spec.description   = 'A Ruby implementation of the RFC 7517 JSON Web Keys (JWK) standard'
+  spec.homepage      = 'https://github.com/aomega08/jwk'
+  spec.license       = 'MIT'
+
+  spec.files = `git ls-files`.split("\n")
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'codeclimate-test-reporter'
+end

data/lib/jwk.rb

@@ -0,0 +1,15 @@
+require 'base64'
+require 'json'
+require 'openssl'
+
+require 'jwk/asn1'
+require 'jwk/ec_key'
+require 'jwk/key'
+require 'jwk/oct_key'
+require 'jwk/rsa_key'
+require 'jwk/utils'
+require 'jwk/version'
+
+module JWK
+  class InvalidKey < StandardError; end
+end

data/lib/jwk/asn1.rb

@@ -0,0 +1,101 @@
+module JWK
+  class ASN1
+    class << self
+      def rsa_public_key(n, e)
+        pubkey = bit_string(sequence(integer(n), integer(e)))
+        sequence(rsa_header, pubkey)
+      end
+
+      def rsa_private_key(*args)
+        raise ArgumentError('Some pieces missing for RSA Private Key') unless args.length == 8
+        sequence(integer(0), *args.map { |n| integer(n) })
+      end
+
+      def ec_private_key(crv, d, x, y)
+        _, raw_x = raw_integer_encoding(x)
+        _, raw_y = raw_integer_encoding(y)
+
+        object_id = object_id_for_crv(crv)
+
+        sequence(
+          integer(1),
+          integer_octet_string(d),
+          context_specific(true, 0, object_id),
+          context_specific(true, 1, bit_string("\x04#{raw_x}#{raw_y}"))
+        )
+      end
+
+      private
+
+      def object_id_for_crv(crv)
+        case crv
+        when 'P-256'
+          "\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x07"
+        when 'P-384'
+          "\x06\x05\x2B\x81\x04\x00\x22"
+        when 'P-521'
+          "\x06\x05\x2B\x81\x04\x00\x23"
+        end
+      end
+
+      def rsa_header
+        "\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00".force_encoding('ASCII-8BIT')
+      end
+
+      def bit_string(data)
+        "\x03" + asn_length(data.length + 1) + "\x00" + data
+      end
+
+      def sequence(*items)
+        data = items.join
+        "\x30" + asn_length(data.length) + data
+      end
+
+      def integer(n)
+        len, data = raw_integer_encoding(n)
+
+        if data[0].ord & 0x80 != 0
+          data = "\x00" + data
+          len += 1
+        end
+
+        "\x02" + asn_length(len) + data
+      end
+
+      def integer_octet_string(n)
+        len, data = raw_integer_encoding(n)
+        "\x04" + asn_length(len) + data
+      end
+
+      def asn_length(n)
+        if n > 127
+          self_len, data = raw_integer_encoding(n)
+          self_len |= 0x80
+          self_len.chr + data
+        else
+          n.chr
+        end
+      end
+
+      def raw_integer_encoding(n)
+        # find out how many octets are required to encode it
+        num_octets = (n.to_s(16).length / 2.0).ceil
+
+        # encode the low num_octets bytes of the integer.
+        shifted = n << 8
+        data = Array.new(num_octets) do
+          ((shifted >>= 8) & 0xFF).chr
+        end.join.reverse
+
+        [num_octets, data]
+      end
+
+      def context_specific(structured, tag, content)
+        tag |= 0x80
+        tag |= 0x20 if structured
+
+        tag.chr + asn_length(content.length) + content.force_encoding('ASCII-8BIT')
+      end
+    end
+  end
+end

data/lib/jwk/ec_key.rb

@@ -0,0 +1,79 @@
+require 'jwk/key'
+
+module JWK
+  class ECKey < Key
+    def initialize(key)
+      @key = key
+      validate
+    end
+
+    def public?
+      true
+    end
+
+    def private?
+      !@key['d'].nil?
+    end
+
+    def validate
+      unless @key['x'] && @key['y'] && ['P-256', 'P-384', 'P-521'].include?(@key['crv'])
+        raise JWK::InvalidKey, 'Invalid EC key.'
+      end
+    end
+
+    def to_pem
+      raise NotImplementedError, 'Cannot convert an EC public key to PEM.' unless private?
+
+      asn = ASN1.ec_private_key(crv, d, x, y)
+      generate_pem('EC PRIVATE', asn)
+    end
+
+    def to_openssl_key
+      OpenSSL::PKey.read(to_pem)
+    end
+
+    def to_s
+      to_pem
+    end
+
+    def crv
+      @key['crv']
+    end
+
+    %w[d x y].each do |part|
+      define_method(part) do
+        Utils.decode_ub64_int(@key[part]) if @key[part]
+      end
+    end
+
+    class << self
+      def from_openssl(k)
+        x, y = coords_from_key(k)
+
+        names = { 'secp256r1' => 'P-256', 'secp384r1' => 'P-384', 'secp521r1' => 'P-521' }
+        crv = names[k.group.curve_name]
+
+        raise NotImplementedError, "Unsupported EC curve type #{k.group.curve_name}" unless crv
+
+        new('kty' => 'EC',
+            'crv' => crv,
+            'd' => Utils.encode_ub64_int(k.private_key.to_i), 'x' => x, 'y' => y)
+      end
+
+      private
+
+      def coords_from_key(key)
+        pb = key.public_key.to_bn.to_s(16)
+
+        raise NotImplementedError, 'Cannot convert EC compressed public key' unless pb[0..1] == '04'
+
+        decode_uncompressed_coords(pb[2..-1])
+      end
+
+      def decode_uncompressed_coords(pb)
+        coords = [pb[0...pb.length / 2], pb[pb.length / 2..-1]]
+        coords.map { |c| Base64.urlsafe_encode64(Utils.hex_string_to_binary(c)) }
+      end
+    end
+  end
+end