RubyGems - jwt - Versions diffs - 0.1.2 → 0.1.3 - Mend

jwt 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data.tar.gz.sig CHANGED

@@ -1 +1,2 @@
-���������j��=gH�U=�`?�6f>��2��b�_}.k�$�+����I�BZ��4LmA�X@�s<��T���Ȭ҅���#&�[���}���¦�6q���,�ܹ���lq��|}Z���
+s��f:]�����Ӟk�QF��'��1���څ�g��,��n�����Fg�[�}��nf�m&w:!0jx��z�6?i�?�q劢�}���ƴ{Ú!1����a<ey�E;����p�@���C��r-N}���A��Eqĵ.�s�s!���U��M��旓C�QW���M#�΢%�\��6-�o���׉��hD˨��o1v�9Jk���O�ĩ`��k
+ޤQ�r�%�o.i�e��5�P

data/Rakefile CHANGED

@@ -1,11 +1,8 @@
 require 'rubygems'
 require 'rake'
-require 'rake/clean'
 require 'echoe'
-CLEAN.include("pkg")
-Echoe.new('jwt', '0.1.2') do |p|
+Echoe.new('jwt', '0.1.3') do |p|
   p.description    = "JSON Web Token implementation in Ruby"
   p.url            = "http://github.com/progrium/ruby-jwt"
   p.author         = "Jeff Lindsay"
@@ -16,9 +13,5 @@ Echoe.new('jwt', '0.1.2') do |p|
 end
 task :test do
-  sh "spec spec/jwt.rb"
+  sh "rspec spec/jwt.rb"
 end
-task :release => [:clean, :gem] do
-  sh "ls pkg/*.gem"
-end

data/jwt.gemspec CHANGED

@@ -2,21 +2,21 @@
 Gem::Specification.new do |s|
   s.name = %q{jwt}
-  s.version = "0.1.2"
+  s.version = "0.1.3"
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Jeff Lindsay"]
-  s.cert_chain = ["/Users/progrium/.gem/gem-public_cert.pem"]
-  s.date = %q{2011-03-21}
+  s.authors = [%q{Jeff Lindsay}]
+  s.cert_chain = [%q{/Users/progrium/.gem/gem-public_cert.pem}]
+  s.date = %q{2011-06-30}
   s.description = %q{JSON Web Token implementation in Ruby}
   s.email = %q{jeff.lindsay@twilio.com}
-  s.extra_rdoc_files = ["lib/jwt.rb"]
-  s.files = ["Rakefile", "lib/jwt.rb", "spec/jwt.rb", "Manifest", "jwt.gemspec"]
+  s.extra_rdoc_files = [%q{lib/jwt.rb}]
+  s.files = [%q{Rakefile}, %q{lib/jwt.rb}, %q{spec/jwt.rb}, %q{Manifest}, %q{jwt.gemspec}]
   s.homepage = %q{http://github.com/progrium/ruby-jwt}
-  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Jwt", "--main", "README.md"]
-  s.require_paths = ["lib"]
+  s.rdoc_options = [%q{--line-numbers}, %q{--inline-source}, %q{--title}, %q{Jwt}, %q{--main}, %q{README.md}]
+  s.require_paths = [%q{lib}]
   s.rubyforge_project = %q{jwt}
-  s.rubygems_version = %q{1.4.1}
+  s.rubygems_version = %q{1.8.5}
   s.signing_key = %q{/Users/progrium/.gem/gem-private_key.pem}
   s.summary = %q{JSON Web Token implementation in Ruby}

data/lib/jwt.rb CHANGED

@@ -12,7 +12,24 @@ module JWT
   class DecodeError < Exception; end
   def self.sign(algorithm, msg, key)
-    raise NotImplementedError.new("Unsupported signing method") unless ["HS256", "HS384", "HS512"].include?(algorithm)
+    if ["HS256", "HS384", "HS512"].include?(algorithm)
+      sign_hmac(algorithm, msg, key)
+    elsif ["RS256", "RS384", "RS512"].include?(algorithm)
+      sign_rsa(algorithm, msg, key)
+    else
+      raise NotImplementedError.new("Unsupported signing method")
+    end
+  end
+  def self.sign_rsa(algorithm, msg, private_key)
+    private_key.sign(OpenSSL::Digest::Digest.new(algorithm.sub('RS', 'sha')), msg)
+  end
+  def self.verify_rsa(algorithm, public_key, signing_input, signature)
+    public_key.verify(OpenSSL::Digest::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
+  end
+  def self.sign_hmac(algorithm, msg, key)
     OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
   end
@@ -49,11 +66,13 @@ module JWT
       raise JWT::DecodeError.new("Invalid segment encoding")
     end
     if verify
-      begin
-        if not signature == sign(header['alg'], signing_input, key)
-          raise JWT::DecodeError.new("Signature verification failed")
-        end
-      rescue NotImplementedError
+      algo = header['alg']
+      if ["HS256", "HS384", "HS512"].include?(algo)
+        raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key)
+      elsif ["RS256", "RS384", "RS512"].include?(algo)
+        verify_rsa(algo, key, signing_input, signature)
+      else
         raise JWT::DecodeError.new("Algorithm not supported")
       end
     end

data/spec/jwt.rb CHANGED

@@ -1,14 +1,22 @@
-require 'spec'
-require "#{File.dirname(__FILE__)}/../lib/jwt.rb"
-payload = {"foo" => "bar"}
+require 'helper'
 describe JWT do
+  before do
+    @payload = {"foo" => "bar"}
+  end
   it "encodes and decodes JWTs" do
     secret = "secret"
-    jwt = JWT.encode(payload, secret)
+    jwt = JWT.encode(@payload, secret)
     decoded_payload = JWT.decode(jwt, secret)
-    decoded_payload.should == payload
+    decoded_payload.should == @payload
+  end
+  it "encodes and decodes JWTs for RSA signatures" do
+    private_key = OpenSSL::PKey::RSA.generate(512)
+    jwt = JWT.encode(@payload, private_key, "RS256")
+    decoded_payload = JWT.decode(jwt, private_key.public_key)
+    decoded_payload.should == @payload
   end
   it "decodes valid JWTs" do
@@ -22,19 +30,19 @@ describe JWT do
   it "raises exception with wrong key" do
     right_secret = 'foo'
     bad_secret = 'bar'
-    jwt_message = JWT.encode(payload, right_secret)
+    jwt_message = JWT.encode(@payload, right_secret)
     lambda { JWT.decode(jwt_message, bad_secret) }.should raise_error(JWT::DecodeError)
   end
   it "allows decoding without key" do
     right_secret = 'foo'
     bad_secret = 'bar'
-    jwt = JWT.encode(payload, right_secret)
+    jwt = JWT.encode(@payload, right_secret)
     decoded_payload = JWT.decode(jwt, bad_secret, false)
-    decoded_payload.should == payload
+    decoded_payload.should == @payload
   end
   it "raises exception on unsupported crypto algorithm" do
-    lambda { JWT.encode(payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
+    lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
   end
 end

metadata CHANGED

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  hash: 31
+  hash: 29
   prerelease:
   segments:
   - 0
   - 1
-  - 2
-  version: 0.1.2
+  - 3
+  version: 0.1.3
 platform: ruby
 authors:
 - Jeff Lindsay
@@ -36,8 +36,7 @@ cert_chain:
   WZqts+sMhUpDxxL+p6p6bQ==
   -----END CERTIFICATE-----
-date: 2011-03-21 00:00:00 -07:00
-default_executable:
+date: 2011-06-30 00:00:00 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -69,7 +68,6 @@ files:
 - spec/jwt.rb
 - Manifest
 - jwt.gemspec
-has_rdoc: true
 homepage: http://github.com/progrium/ruby-jwt
 licenses: []
@@ -105,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project: jwt
-rubygems_version: 1.4.1
+rubygems_version: 1.8.5
 signing_key:
 specification_version: 3
 summary: JSON Web Token implementation in Ruby

metadata.gz.sig CHANGED

Binary file