jwt 0.1.4 → 0.1.5

data/Manifest

@@ -1,4 +1,5 @@
 Rakefile
 lib/jwt.rb
-spec/jwt.rb
+spec/helper.rb
+spec/jwt_spec.rb
 Manifest

data/Rakefile

@@ -2,16 +2,16 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
 
-Echoe.new('jwt', '0.1.4') do |p|
+Echoe.new('jwt', '0.1.5') do |p|
   p.description    = "JSON Web Token implementation in Ruby"
   p.url            = "http://github.com/progrium/ruby-jwt"
   p.author         = "Jeff Lindsay"
-  p.email          = "jeff.lindsay@twilio.com"
+  p.email          = "progrium@gmail.com"
   p.ignore_pattern = ["tmp/*"]
-  p.runtime_dependencies = ["json >=1.2.4"]
-  p.development_dependencies = []
+  p.runtime_dependencies = ["multi_json >=1.0"]
+  p.development_dependencies = ["echoe >=4.6.3"]
 end
 
 task :test do
-  sh "rspec spec/jwt.rb"
+  sh "rspec spec/jwt_spec.rb"
 end

data/jwt.gemspec

@@ -1,32 +1,35 @@
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
-  s.name = %q{jwt}
-  s.version = "0.1.4"
+  s.name = "jwt"
+  s.version = "0.1.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
-  s.authors = [%q{Jeff Lindsay}]
-  s.date = %q{2011-11-11}
-  s.description = %q{JSON Web Token implementation in Ruby}
-  s.email = %q{jeff.lindsay@twilio.com}
-  s.extra_rdoc_files = [%q{lib/jwt.rb}]
-  s.files = [%q{Rakefile}, %q{lib/jwt.rb}, %q{spec/jwt.rb}, %q{Manifest}, %q{jwt.gemspec}]
-  s.homepage = %q{http://github.com/progrium/ruby-jwt}
-  s.rdoc_options = [%q{--line-numbers}, %q{--inline-source}, %q{--title}, %q{Jwt}, %q{--main}, %q{README.md}]
-  s.require_paths = [%q{lib}]
-  s.rubyforge_project = %q{jwt}
-  s.rubygems_version = %q{1.8.5}
-  s.summary = %q{JSON Web Token implementation in Ruby}
+  s.authors = ["Jeff Lindsay"]
+  s.date = "2012-07-20"
+  s.description = "JSON Web Token implementation in Ruby"
+  s.email = "progrium@gmail.com"
+  s.extra_rdoc_files = ["lib/jwt.rb"]
+  s.files = ["Rakefile", "lib/jwt.rb", "spec/helper.rb", "spec/jwt_spec.rb", "Manifest", "jwt.gemspec"]
+  s.homepage = "http://github.com/progrium/ruby-jwt"
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Jwt", "--main", "README.md"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = "jwt"
+  s.rubygems_version = "1.8.24"
+  s.summary = "JSON Web Token implementation in Ruby"
 
   if s.respond_to? :specification_version then
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<json>, [">= 1.2.4"])
+      s.add_runtime_dependency(%q<multi_json>, [">= 1.0"])
+      s.add_development_dependency(%q<echoe>, [">= 4.6.3"])
     else
-      s.add_dependency(%q<json>, [">= 1.2.4"])
+      s.add_dependency(%q<multi_json>, [">= 1.0"])
+      s.add_dependency(%q<echoe>, [">= 4.6.3"])
     end
   else
-    s.add_dependency(%q<json>, [">= 1.2.4"])
+    s.add_dependency(%q<multi_json>, [">= 1.0"])
+    s.add_dependency(%q<echoe>, [">= 4.6.3"])
   end
 end

data/lib/jwt.rb

@@ -1,16 +1,16 @@
-# 
+#
 # JSON Web Token implementation
-# 
+#
 # Should be up to date with the latest spec:
 # http://self-issued.info/docs/draft-jones-json-web-token-06.html
 
 require "base64"
 require "openssl"
-require "json"
+require "multi_json"
 
 module JWT
   class DecodeError < Exception; end
-  
+
   def self.sign(algorithm, msg, key)
     if ["HS256", "HS384", "HS512"].include?(algorithm)
       sign_hmac(algorithm, msg, key)
@@ -32,22 +32,22 @@ module JWT
   def self.sign_hmac(algorithm, msg, key)
     OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
   end
-  
+
   def self.base64url_decode(str)
     str += '=' * (4 - str.length.modulo(4))
     Base64.decode64(str.gsub("-", "+").gsub("_", "/"))
   end
-  
+
   def self.base64url_encode(str)
     Base64.encode64(str).gsub("+", "-").gsub("/", "_").gsub("\n", "").gsub('=', '')
-  end  
-  
-  def self.encode(payload, key, algorithm='HS256')
+  end
+
+  def self.encode(payload, key, algorithm='HS256', header_fields={})
     algorithm ||= "none"
     segments = []
-    header = {"typ" => "JWT", "alg" => algorithm}
-    segments << base64url_encode(header.to_json)
-    segments << base64url_encode(payload.to_json)
+    header = {"typ" => "JWT", "alg" => algorithm}.merge(header_fields)
+    segments << base64url_encode(MultiJson.encode(header))
+    segments << base64url_encode(MultiJson.encode(payload))
     signing_input = segments.join('.')
     if algorithm != "none"
       signature = sign(algorithm, signing_input, key)
@@ -57,15 +57,15 @@ module JWT
     end
     segments.join('.')
   end
-  
-  def self.decode(jwt, key=nil, verify=true)
+
+  def self.decode(jwt, key=nil, verify=true, &keyfinder)
     segments = jwt.split('.')
     raise JWT::DecodeError.new("Not enough or too many segments") unless [2,3].include? segments.length
     header_segment, payload_segment, crypto_segment = segments
     signing_input = [header_segment, payload_segment].join('.')
     begin
-      header = JSON.parse(base64url_decode(header_segment))
-      payload = JSON.parse(base64url_decode(payload_segment))
+      header = MultiJson.decode(base64url_decode(header_segment))
+      payload = MultiJson.decode(base64url_decode(payload_segment))
       signature = base64url_decode(crypto_segment) if verify
     rescue JSON::ParserError
       raise JWT::DecodeError.new("Invalid segment encoding")
@@ -73,12 +73,20 @@ module JWT
     if verify == true
       algo = header['alg']
 
-      if ["HS256", "HS384", "HS512"].include?(algo)
-        raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key)
-      elsif ["RS256", "RS384", "RS512"].include?(algo)
-        raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
-      else
-        raise JWT::DecodeError.new("Algorithm not supported")
+      if keyfinder
+        key = keyfinder.call(header)
+      end
+
+      begin
+        if ["HS256", "HS384", "HS512"].include?(algo)
+          raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key)
+        elsif ["RS256", "RS384", "RS512"].include?(algo)
+          raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
+        else
+          raise JWT::DecodeError.new("Algorithm not supported")
+        end
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::DecodeError.new("Signature verification failed")
       end
     end
     payload

data/spec/helper.rb

@@ -0,0 +1,6 @@
+require 'rspec'
+require "#{File.dirname(__FILE__)}/../lib/jwt.rb"
+
+RSpec.configure do |c|
+end
+

data/spec/{jwt.rb → jwt_spec.rb}

@@ -13,12 +13,22 @@ describe JWT do
   end
 
   it "encodes and decodes JWTs for RSA signatures" do
-    private_key = OpenSSL::PKey::RSA.generate(512) 
+    private_key = OpenSSL::PKey::RSA.generate(512)
     jwt = JWT.encode(@payload, private_key, "RS256")
     decoded_payload = JWT.decode(jwt, private_key.public_key)
     decoded_payload.should == @payload
   end
-  
+
+  it "encodes and decodes JWTs with custom header fields" do
+    private_key = OpenSSL::PKey::RSA.generate(512)
+    jwt = JWT.encode(@payload, private_key, "RS256", {"kid" => 'default'})
+    decoded_payload = JWT.decode(jwt) do |header|
+      header["kid"].should == 'default'
+      private_key.public_key
+    end
+    decoded_payload.should == @payload
+  end
+
   it "decodes valid JWTs" do
     example_payload = {"hello" => "world"}
     example_secret = 'secret'
@@ -40,7 +50,7 @@ describe JWT do
     jwt = JWT.encode(@payload, right_private_key, "RS256")
     lambda { JWT.decode(jwt, bad_private_key.public_key) }.should raise_error(JWT::DecodeError)
   end
-  
+
   it "allows decoding without key" do
     right_secret = 'foo'
     bad_secret = 'bar'
@@ -48,15 +58,40 @@ describe JWT do
     decoded_payload = JWT.decode(jwt, bad_secret, false)
     decoded_payload.should == @payload
   end
-  
+
   it "raises exception on unsupported crypto algorithm" do
     lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
   end
-  
+
   it "encodes and decodes plaintext JWTs" do
     jwt = JWT.encode(@payload, nil, nil)
     jwt.split('.').length.should == 2
     decoded_payload = JWT.decode(jwt, nil, nil)
     decoded_payload.should == @payload
   end
+
+  it "raise exception on invalid signature" do
+    pubkey = OpenSSL::PKey::RSA.new(<<-PUBKEY)
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCaY7425h964bjaoLeUm
+SlZ8sK7VtVk9zHbGmZh2ygGYwfuUf2bmMye2Ofv99yDE/rd4loVIAcu7RVvDRgHq
+3/CZTnIrSvHsiJQsHBNa3d+F1ihPfzURzf1M5k7CFReBj2SBXhDXd57oRfBQj12w
+CVhhwP6kGTAWuoppbIIIBfNF2lE/Nvm7lVVYQqL9xOrP/AQ4xRbpQlB8Ll9sO9Or
+SvbWhCDa/LMOWxHdmrcJi6XoSg1vnOyCoKbyAoauTt/XqdkHbkDdQ6HFbJieu9il
+LDZZNliPhfENuKeC2MCGVXTEu8Cqhy1w6e4axavLlXoYf4laJIZ/e7au8SqDbY0B
+xwIDAQAB
+-----END PUBLIC KEY-----
+PUBKEY
+    jwt = (
+      'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiY' +
+      'XVkIjoiMTA2MDM1Nzg5MTY4OC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSI' +
+      'sImNpZCI6IjEwNjAzNTc4OTE2ODguYXBwcy5nb29nbGV1c2VyY29udGVudC5jb' +
+      '20iLCJpZCI6IjExNjQ1MjgyNDMwOTg1Njc4MjE2MyIsInRva2VuX2hhc2giOiJ' +
+      '0Z2hEOUo4bjhWME4ydmN3NmVNaWpnIiwiaWF0IjoxMzIwNjcwOTc4LCJleHAiO' +
+      'jEzMjA2NzQ4Nzh9.D8x_wirkxDElqKdJBcsIws3Ogesk38okz6MN7zqC7nEAA7' +
+      'wcy1PxsROY1fmBvXSer0IQesAqOW-rPOCNReSn-eY8d53ph1x2HAF-AzEi3GOl' +
+      '6hFycH8wj7Su6JqqyEbIVLxE7q7DkAZGaMPkxbTHs1EhSd5_oaKQ6O4xO3ZnnT4'
+    )
+    lambda { JWT.decode(jwt, pubkey, true) }.should raise_error(JWT::DecodeError)
+  end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: jwt
 version: !ruby/object:Gem::Version 
-  hash: 19
+  hash: 17
   prerelease: 
   segments: 
   - 0
   - 1
-  - 4
-  version: 0.1.4
+  - 5
+  version: 0.1.5
 platform: ruby
 authors: 
 - Jeff Lindsay
@@ -15,26 +15,41 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-11-11 00:00:00 Z
+date: 2012-07-20 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: json
+  name: multi_json
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 23
+        hash: 15
         segments: 
         - 1
-        - 2
-        - 4
-        version: 1.2.4
+        - 0
+        version: "1.0"
   type: :runtime
   version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: echoe
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 33
+        segments: 
+        - 4
+        - 6
+        - 3
+        version: 4.6.3
+  type: :development
+  version_requirements: *id002
 description: JSON Web Token implementation in Ruby
-email: jeff.lindsay@twilio.com
+email: progrium@gmail.com
 executables: []
 
 extensions: []
@@ -44,7 +59,8 @@ extra_rdoc_files:
 files: 
 - Rakefile
 - lib/jwt.rb
-- spec/jwt.rb
+- spec/helper.rb
+- spec/jwt_spec.rb
 - Manifest
 - jwt.gemspec
 homepage: http://github.com/progrium/ruby-jwt
@@ -82,7 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: jwt
-rubygems_version: 1.8.5
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: JSON Web Token implementation in Ruby