jwt 0.1.2 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. data.tar.gz.sig +2 -1
  2. data/Rakefile +2 -9
  3. data/jwt.gemspec +9 -9
  4. data/lib/jwt.rb +25 -6
  5. data/spec/jwt.rb +18 -10
  6. metadata +5 -7
  7. metadata.gz.sig +0 -0
data.tar.gz.sig CHANGED
@@ -1 +1,2 @@
1
- ���������j��=gH�U=�`?�6f>��2��b�_}.k�$�+����IBZ��4LmA�X@�s<��T���Ȭ҅���#&�[���}���¦�6q���,�ܹ���lq��|}Z���
1
+ s��f:]�����Ӟk�QF��'��1���څ�g��,��n�����Fg�[�}��nfm&w:!0jx��z�6?i�?�q劢�}���ƴ{Ú!1����a<ey�E;����p�@���C��r-N}��� A��Eqĵ.�s� s!���U��M��旓C�QW���M#�΢%�\��6-�o���׉��hD˨��o1v�9Jk���O�ĩ`��k
2
+ ޤQ�r�%�o.i�e��5�P
data/Rakefile CHANGED
@@ -1,11 +1,8 @@
1
1
  require 'rubygems'
2
2
  require 'rake'
3
- require 'rake/clean'
4
3
  require 'echoe'
5
4
 
6
- CLEAN.include("pkg")
7
-
8
- Echoe.new('jwt', '0.1.2') do |p|
5
+ Echoe.new('jwt', '0.1.3') do |p|
9
6
  p.description = "JSON Web Token implementation in Ruby"
10
7
  p.url = "http://github.com/progrium/ruby-jwt"
11
8
  p.author = "Jeff Lindsay"
@@ -16,9 +13,5 @@ Echoe.new('jwt', '0.1.2') do |p|
16
13
  end
17
14
 
18
15
  task :test do
19
- sh "spec spec/jwt.rb"
16
+ sh "rspec spec/jwt.rb"
20
17
  end
21
-
22
- task :release => [:clean, :gem] do
23
- sh "ls pkg/*.gem"
24
- end
@@ -2,21 +2,21 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{jwt}
5
- s.version = "0.1.2"
5
+ s.version = "0.1.3"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
8
- s.authors = ["Jeff Lindsay"]
9
- s.cert_chain = ["/Users/progrium/.gem/gem-public_cert.pem"]
10
- s.date = %q{2011-03-21}
8
+ s.authors = [%q{Jeff Lindsay}]
9
+ s.cert_chain = [%q{/Users/progrium/.gem/gem-public_cert.pem}]
10
+ s.date = %q{2011-06-30}
11
11
  s.description = %q{JSON Web Token implementation in Ruby}
12
12
  s.email = %q{jeff.lindsay@twilio.com}
13
- s.extra_rdoc_files = ["lib/jwt.rb"]
14
- s.files = ["Rakefile", "lib/jwt.rb", "spec/jwt.rb", "Manifest", "jwt.gemspec"]
13
+ s.extra_rdoc_files = [%q{lib/jwt.rb}]
14
+ s.files = [%q{Rakefile}, %q{lib/jwt.rb}, %q{spec/jwt.rb}, %q{Manifest}, %q{jwt.gemspec}]
15
15
  s.homepage = %q{http://github.com/progrium/ruby-jwt}
16
- s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Jwt", "--main", "README.md"]
17
- s.require_paths = ["lib"]
16
+ s.rdoc_options = [%q{--line-numbers}, %q{--inline-source}, %q{--title}, %q{Jwt}, %q{--main}, %q{README.md}]
17
+ s.require_paths = [%q{lib}]
18
18
  s.rubyforge_project = %q{jwt}
19
- s.rubygems_version = %q{1.4.1}
19
+ s.rubygems_version = %q{1.8.5}
20
20
  s.signing_key = %q{/Users/progrium/.gem/gem-private_key.pem}
21
21
  s.summary = %q{JSON Web Token implementation in Ruby}
22
22
 
data/lib/jwt.rb CHANGED
@@ -12,7 +12,24 @@ module JWT
12
12
  class DecodeError < Exception; end
13
13
 
14
14
  def self.sign(algorithm, msg, key)
15
- raise NotImplementedError.new("Unsupported signing method") unless ["HS256", "HS384", "HS512"].include?(algorithm)
15
+ if ["HS256", "HS384", "HS512"].include?(algorithm)
16
+ sign_hmac(algorithm, msg, key)
17
+ elsif ["RS256", "RS384", "RS512"].include?(algorithm)
18
+ sign_rsa(algorithm, msg, key)
19
+ else
20
+ raise NotImplementedError.new("Unsupported signing method")
21
+ end
22
+ end
23
+
24
+ def self.sign_rsa(algorithm, msg, private_key)
25
+ private_key.sign(OpenSSL::Digest::Digest.new(algorithm.sub('RS', 'sha')), msg)
26
+ end
27
+
28
+ def self.verify_rsa(algorithm, public_key, signing_input, signature)
29
+ public_key.verify(OpenSSL::Digest::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
30
+ end
31
+
32
+ def self.sign_hmac(algorithm, msg, key)
16
33
  OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
17
34
  end
18
35
 
@@ -49,11 +66,13 @@ module JWT
49
66
  raise JWT::DecodeError.new("Invalid segment encoding")
50
67
  end
51
68
  if verify
52
- begin
53
- if not signature == sign(header['alg'], signing_input, key)
54
- raise JWT::DecodeError.new("Signature verification failed")
55
- end
56
- rescue NotImplementedError
69
+ algo = header['alg']
70
+
71
+ if ["HS256", "HS384", "HS512"].include?(algo)
72
+ raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key)
73
+ elsif ["RS256", "RS384", "RS512"].include?(algo)
74
+ verify_rsa(algo, key, signing_input, signature)
75
+ else
57
76
  raise JWT::DecodeError.new("Algorithm not supported")
58
77
  end
59
78
  end
@@ -1,14 +1,22 @@
1
- require 'spec'
2
- require "#{File.dirname(__FILE__)}/../lib/jwt.rb"
3
-
4
- payload = {"foo" => "bar"}
1
+ require 'helper'
5
2
 
6
3
  describe JWT do
4
+ before do
5
+ @payload = {"foo" => "bar"}
6
+ end
7
+
7
8
  it "encodes and decodes JWTs" do
8
9
  secret = "secret"
9
- jwt = JWT.encode(payload, secret)
10
+ jwt = JWT.encode(@payload, secret)
10
11
  decoded_payload = JWT.decode(jwt, secret)
11
- decoded_payload.should == payload
12
+ decoded_payload.should == @payload
13
+ end
14
+
15
+ it "encodes and decodes JWTs for RSA signatures" do
16
+ private_key = OpenSSL::PKey::RSA.generate(512)
17
+ jwt = JWT.encode(@payload, private_key, "RS256")
18
+ decoded_payload = JWT.decode(jwt, private_key.public_key)
19
+ decoded_payload.should == @payload
12
20
  end
13
21
 
14
22
  it "decodes valid JWTs" do
@@ -22,19 +30,19 @@ describe JWT do
22
30
  it "raises exception with wrong key" do
23
31
  right_secret = 'foo'
24
32
  bad_secret = 'bar'
25
- jwt_message = JWT.encode(payload, right_secret)
33
+ jwt_message = JWT.encode(@payload, right_secret)
26
34
  lambda { JWT.decode(jwt_message, bad_secret) }.should raise_error(JWT::DecodeError)
27
35
  end
28
36
 
29
37
  it "allows decoding without key" do
30
38
  right_secret = 'foo'
31
39
  bad_secret = 'bar'
32
- jwt = JWT.encode(payload, right_secret)
40
+ jwt = JWT.encode(@payload, right_secret)
33
41
  decoded_payload = JWT.decode(jwt, bad_secret, false)
34
- decoded_payload.should == payload
42
+ decoded_payload.should == @payload
35
43
  end
36
44
 
37
45
  it "raises exception on unsupported crypto algorithm" do
38
- lambda { JWT.encode(payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
46
+ lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
39
47
  end
40
48
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- hash: 31
4
+ hash: 29
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 2
10
- version: 0.1.2
9
+ - 3
10
+ version: 0.1.3
11
11
  platform: ruby
12
12
  authors:
13
13
  - Jeff Lindsay
@@ -36,8 +36,7 @@ cert_chain:
36
36
  WZqts+sMhUpDxxL+p6p6bQ==
37
37
  -----END CERTIFICATE-----
38
38
 
39
- date: 2011-03-21 00:00:00 -07:00
40
- default_executable:
39
+ date: 2011-06-30 00:00:00 Z
41
40
  dependencies:
42
41
  - !ruby/object:Gem::Dependency
43
42
  name: json
@@ -69,7 +68,6 @@ files:
69
68
  - spec/jwt.rb
70
69
  - Manifest
71
70
  - jwt.gemspec
72
- has_rdoc: true
73
71
  homepage: http://github.com/progrium/ruby-jwt
74
72
  licenses: []
75
73
 
@@ -105,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
105
103
  requirements: []
106
104
 
107
105
  rubyforge_project: jwt
108
- rubygems_version: 1.4.1
106
+ rubygems_version: 1.8.5
109
107
  signing_key:
110
108
  specification_version: 3
111
109
  summary: JSON Web Token implementation in Ruby
metadata.gz.sig CHANGED
Binary file