jwt 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. data.tar.gz.sig +2 -1
  2. data/Rakefile +2 -9
  3. data/jwt.gemspec +9 -9
  4. data/lib/jwt.rb +25 -6
  5. data/spec/jwt.rb +18 -10
  6. metadata +5 -7
  7. metadata.gz.sig +0 -0
data.tar.gz.sig CHANGED
@@ -1 +1,2 @@
1
- ���������j��=gH�U=�`?�6f>��2��b�_}.k�$�+����IBZ��4LmA�X@�s<��T���Ȭ҅���#&�[���}���¦�6q���,�ܹ���lq��|}Z���
1
+ s��f:]�����Ӟk�QF��'��1���څ�g��,��n�����Fg�[�}��nfm&w:!0jx��z�6?i�?�q劢�}���ƴ{Ú!1����a<ey�E;����p�@���C��r-N}��� A��Eqĵ.�s� s!���U��M��旓C�QW���M#�΢%�\��6-�o���׉��hD˨��o1v�9Jk���O�ĩ`��k
2
+ ޤQ�r�%�o.i�e��5�P
data/Rakefile CHANGED
@@ -1,11 +1,8 @@
1
1
  require 'rubygems'
2
2
  require 'rake'
3
- require 'rake/clean'
4
3
  require 'echoe'
5
4
 
6
- CLEAN.include("pkg")
7
-
8
- Echoe.new('jwt', '0.1.2') do |p|
5
+ Echoe.new('jwt', '0.1.3') do |p|
9
6
  p.description = "JSON Web Token implementation in Ruby"
10
7
  p.url = "http://github.com/progrium/ruby-jwt"
11
8
  p.author = "Jeff Lindsay"
@@ -16,9 +13,5 @@ Echoe.new('jwt', '0.1.2') do |p|
16
13
  end
17
14
 
18
15
  task :test do
19
- sh "spec spec/jwt.rb"
16
+ sh "rspec spec/jwt.rb"
20
17
  end
21
-
22
- task :release => [:clean, :gem] do
23
- sh "ls pkg/*.gem"
24
- end
@@ -2,21 +2,21 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{jwt}
5
- s.version = "0.1.2"
5
+ s.version = "0.1.3"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
8
- s.authors = ["Jeff Lindsay"]
9
- s.cert_chain = ["/Users/progrium/.gem/gem-public_cert.pem"]
10
- s.date = %q{2011-03-21}
8
+ s.authors = [%q{Jeff Lindsay}]
9
+ s.cert_chain = [%q{/Users/progrium/.gem/gem-public_cert.pem}]
10
+ s.date = %q{2011-06-30}
11
11
  s.description = %q{JSON Web Token implementation in Ruby}
12
12
  s.email = %q{jeff.lindsay@twilio.com}
13
- s.extra_rdoc_files = ["lib/jwt.rb"]
14
- s.files = ["Rakefile", "lib/jwt.rb", "spec/jwt.rb", "Manifest", "jwt.gemspec"]
13
+ s.extra_rdoc_files = [%q{lib/jwt.rb}]
14
+ s.files = [%q{Rakefile}, %q{lib/jwt.rb}, %q{spec/jwt.rb}, %q{Manifest}, %q{jwt.gemspec}]
15
15
  s.homepage = %q{http://github.com/progrium/ruby-jwt}
16
- s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Jwt", "--main", "README.md"]
17
- s.require_paths = ["lib"]
16
+ s.rdoc_options = [%q{--line-numbers}, %q{--inline-source}, %q{--title}, %q{Jwt}, %q{--main}, %q{README.md}]
17
+ s.require_paths = [%q{lib}]
18
18
  s.rubyforge_project = %q{jwt}
19
- s.rubygems_version = %q{1.4.1}
19
+ s.rubygems_version = %q{1.8.5}
20
20
  s.signing_key = %q{/Users/progrium/.gem/gem-private_key.pem}
21
21
  s.summary = %q{JSON Web Token implementation in Ruby}
22
22
 
data/lib/jwt.rb CHANGED
@@ -12,7 +12,24 @@ module JWT
12
12
  class DecodeError < Exception; end
13
13
 
14
14
  def self.sign(algorithm, msg, key)
15
- raise NotImplementedError.new("Unsupported signing method") unless ["HS256", "HS384", "HS512"].include?(algorithm)
15
+ if ["HS256", "HS384", "HS512"].include?(algorithm)
16
+ sign_hmac(algorithm, msg, key)
17
+ elsif ["RS256", "RS384", "RS512"].include?(algorithm)
18
+ sign_rsa(algorithm, msg, key)
19
+ else
20
+ raise NotImplementedError.new("Unsupported signing method")
21
+ end
22
+ end
23
+
24
+ def self.sign_rsa(algorithm, msg, private_key)
25
+ private_key.sign(OpenSSL::Digest::Digest.new(algorithm.sub('RS', 'sha')), msg)
26
+ end
27
+
28
+ def self.verify_rsa(algorithm, public_key, signing_input, signature)
29
+ public_key.verify(OpenSSL::Digest::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
30
+ end
31
+
32
+ def self.sign_hmac(algorithm, msg, key)
16
33
  OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
17
34
  end
18
35
 
@@ -49,11 +66,13 @@ module JWT
49
66
  raise JWT::DecodeError.new("Invalid segment encoding")
50
67
  end
51
68
  if verify
52
- begin
53
- if not signature == sign(header['alg'], signing_input, key)
54
- raise JWT::DecodeError.new("Signature verification failed")
55
- end
56
- rescue NotImplementedError
69
+ algo = header['alg']
70
+
71
+ if ["HS256", "HS384", "HS512"].include?(algo)
72
+ raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key)
73
+ elsif ["RS256", "RS384", "RS512"].include?(algo)
74
+ verify_rsa(algo, key, signing_input, signature)
75
+ else
57
76
  raise JWT::DecodeError.new("Algorithm not supported")
58
77
  end
59
78
  end
@@ -1,14 +1,22 @@
1
- require 'spec'
2
- require "#{File.dirname(__FILE__)}/../lib/jwt.rb"
3
-
4
- payload = {"foo" => "bar"}
1
+ require 'helper'
5
2
 
6
3
  describe JWT do
4
+ before do
5
+ @payload = {"foo" => "bar"}
6
+ end
7
+
7
8
  it "encodes and decodes JWTs" do
8
9
  secret = "secret"
9
- jwt = JWT.encode(payload, secret)
10
+ jwt = JWT.encode(@payload, secret)
10
11
  decoded_payload = JWT.decode(jwt, secret)
11
- decoded_payload.should == payload
12
+ decoded_payload.should == @payload
13
+ end
14
+
15
+ it "encodes and decodes JWTs for RSA signatures" do
16
+ private_key = OpenSSL::PKey::RSA.generate(512)
17
+ jwt = JWT.encode(@payload, private_key, "RS256")
18
+ decoded_payload = JWT.decode(jwt, private_key.public_key)
19
+ decoded_payload.should == @payload
12
20
  end
13
21
 
14
22
  it "decodes valid JWTs" do
@@ -22,19 +30,19 @@ describe JWT do
22
30
  it "raises exception with wrong key" do
23
31
  right_secret = 'foo'
24
32
  bad_secret = 'bar'
25
- jwt_message = JWT.encode(payload, right_secret)
33
+ jwt_message = JWT.encode(@payload, right_secret)
26
34
  lambda { JWT.decode(jwt_message, bad_secret) }.should raise_error(JWT::DecodeError)
27
35
  end
28
36
 
29
37
  it "allows decoding without key" do
30
38
  right_secret = 'foo'
31
39
  bad_secret = 'bar'
32
- jwt = JWT.encode(payload, right_secret)
40
+ jwt = JWT.encode(@payload, right_secret)
33
41
  decoded_payload = JWT.decode(jwt, bad_secret, false)
34
- decoded_payload.should == payload
42
+ decoded_payload.should == @payload
35
43
  end
36
44
 
37
45
  it "raises exception on unsupported crypto algorithm" do
38
- lambda { JWT.encode(payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
46
+ lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
39
47
  end
40
48
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- hash: 31
4
+ hash: 29
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 2
10
- version: 0.1.2
9
+ - 3
10
+ version: 0.1.3
11
11
  platform: ruby
12
12
  authors:
13
13
  - Jeff Lindsay
@@ -36,8 +36,7 @@ cert_chain:
36
36
  WZqts+sMhUpDxxL+p6p6bQ==
37
37
  -----END CERTIFICATE-----
38
38
 
39
- date: 2011-03-21 00:00:00 -07:00
40
- default_executable:
39
+ date: 2011-06-30 00:00:00 Z
41
40
  dependencies:
42
41
  - !ruby/object:Gem::Dependency
43
42
  name: json
@@ -69,7 +68,6 @@ files:
69
68
  - spec/jwt.rb
70
69
  - Manifest
71
70
  - jwt.gemspec
72
- has_rdoc: true
73
71
  homepage: http://github.com/progrium/ruby-jwt
74
72
  licenses: []
75
73
 
@@ -105,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
105
103
  requirements: []
106
104
 
107
105
  rubyforge_project: jwt
108
- rubygems_version: 1.4.1
106
+ rubygems_version: 1.8.5
109
107
  signing_key:
110
108
  specification_version: 3
111
109
  summary: JSON Web Token implementation in Ruby
metadata.gz.sig CHANGED
Binary file