jwt 1.5.0 → 2.5.0

data/lib/jwt/json.rb

@@ -1,29 +1,17 @@
-module JWT
-  module Json
-    if RUBY_VERSION >= '1.9' && !defined?(MultiJson)
-      require 'json'
-
-      def decode_json(encoded)
-        JSON.parse(encoded)
-      rescue JSON::ParserError
-        raise JWT::DecodeError.new('Invalid segment encoding')
-      end
+# frozen_string_literal: true
 
-      def encode_json(raw)
-        JSON.generate(raw)
-      end
-
-    else
-      require 'multi_json'
+require 'json'
 
-      def decode_json(encoded)
-        MultiJson.decode(encoded)
-      rescue MultiJson::LoadError
-        raise JWT::DecodeError.new('Invalid segment encoding')
+module JWT
+  # JSON wrapper
+  class JSON
+    class << self
+      def generate(data)
+        ::JSON.generate(data)
       end
 
-      def encode_json(raw)
-        MultiJson.encode(raw)
+      def parse(data)
+        ::JSON.parse(data)
       end
     end
   end

data/lib/jwt/jwk/ec.rb

@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module JWT
+  module JWK
+    class EC < KeyBase # rubocop:disable Metrics/ClassLength
+      extend Forwardable
+      def_delegators :keypair, :public_key
+
+      KTY    = 'EC'
+      KTYS   = [KTY, OpenSSL::PKey::EC].freeze
+      BINARY = 2
+
+      attr_reader :keypair
+
+      def initialize(keypair, options = {})
+        raise ArgumentError, 'keypair must be of type OpenSSL::PKey::EC' unless keypair.is_a?(OpenSSL::PKey::EC)
+
+        @keypair = keypair
+
+        super(options)
+      end
+
+      def private?
+        @keypair.private_key?
+      end
+
+      def members
+        crv, x_octets, y_octets = keypair_components(keypair)
+        {
+          kty: KTY,
+          crv: crv,
+          x: encode_octets(x_octets),
+          y: encode_octets(y_octets)
+        }
+      end
+
+      def export(options = {})
+        exported_hash = members.merge(kid: kid)
+
+        return exported_hash unless private? && options[:include_private] == true
+
+        append_private_parts(exported_hash)
+      end
+
+      def key_digest
+        _crv, x_octets, y_octets = keypair_components(keypair)
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(x_octets, BINARY)),
+                                            OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(y_octets, BINARY))])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      private
+
+      def append_private_parts(the_hash)
+        octets = keypair.private_key.to_bn.to_s(BINARY)
+        the_hash.merge(
+          d: encode_octets(octets)
+        )
+      end
+
+      def keypair_components(ec_keypair)
+        encoded_point = ec_keypair.public_key.to_bn.to_s(BINARY)
+        case ec_keypair.group.curve_name
+        when 'prime256v1'
+          crv = 'P-256'
+          x_octets, y_octets = encoded_point.unpack('xa32a32')
+        when 'secp256k1'
+          crv = 'P-256K'
+          x_octets, y_octets = encoded_point.unpack('xa32a32')
+        when 'secp384r1'
+          crv = 'P-384'
+          x_octets, y_octets = encoded_point.unpack('xa48a48')
+        when 'secp521r1'
+          crv = 'P-521'
+          x_octets, y_octets = encoded_point.unpack('xa66a66')
+        else
+          raise JWT::JWKError, "Unsupported curve '#{ec_keypair.group.curve_name}'"
+        end
+        [crv, x_octets, y_octets]
+      end
+
+      def encode_octets(octets)
+        ::JWT::Base64.url_encode(octets)
+      end
+
+      def encode_open_ssl_bn(key_part)
+        ::JWT::Base64.url_encode(key_part.to_s(BINARY))
+      end
+
+      class << self
+        def import(jwk_data)
+          # See https://tools.ietf.org/html/rfc7518#section-6.2.1 for an
+          # explanation of the relevant parameters.
+
+          jwk_crv, jwk_x, jwk_y, jwk_d, jwk_kid = jwk_attrs(jwk_data, %i[crv x y d kid])
+          raise JWT::JWKError, 'Key format is invalid for EC' unless jwk_crv && jwk_x && jwk_y
+
+          new(ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d), kid: jwk_kid)
+        end
+
+        def to_openssl_curve(crv)
+          # The JWK specs and OpenSSL use different names for the same curves.
+          # See https://tools.ietf.org/html/rfc5480#section-2.1.1.1 for some
+          # pointers on different names for common curves.
+          case crv
+          when 'P-256' then 'prime256v1'
+          when 'P-384' then 'secp384r1'
+          when 'P-521' then 'secp521r1'
+          when 'P-256K' then 'secp256k1'
+          else raise JWT::JWKError, 'Invalid curve provided'
+          end
+        end
+
+        private
+
+        def jwk_attrs(jwk_data, attrs)
+          attrs.map do |attr|
+            jwk_data[attr] || jwk_data[attr.to_s]
+          end
+        end
+
+        if ::JWT.openssl_3?
+          def ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d) # rubocop:disable Metrics/MethodLength
+            curve = to_openssl_curve(jwk_crv)
+
+            x_octets = decode_octets(jwk_x)
+            y_octets = decode_octets(jwk_y)
+
+            point = OpenSSL::PKey::EC::Point.new(
+              OpenSSL::PKey::EC::Group.new(curve),
+              OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+            )
+
+            sequence = if jwk_d
+              # https://datatracker.ietf.org/doc/html/rfc5915.html
+              # ECPrivateKey ::= SEQUENCE {
+              #   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+              #   privateKey     OCTET STRING,
+              #   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+              #   publicKey  [1] BIT STRING OPTIONAL
+              # }
+
+              OpenSSL::ASN1::Sequence([
+                                        OpenSSL::ASN1::Integer(1),
+                                        OpenSSL::ASN1::OctetString(OpenSSL::BN.new(decode_octets(jwk_d), 2).to_s(2)),
+                                        OpenSSL::ASN1::ObjectId(curve, 0, :EXPLICIT),
+                                        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
+                                      ])
+            else
+              OpenSSL::ASN1::Sequence([
+                                        OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
+                                        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+                                      ])
+            end
+
+            OpenSSL::PKey::EC.new(sequence.to_der)
+          end
+        else
+          def ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d)
+            curve = to_openssl_curve(jwk_crv)
+
+            x_octets = decode_octets(jwk_x)
+            y_octets = decode_octets(jwk_y)
+
+            key = OpenSSL::PKey::EC.new(curve)
+
+            # The details of the `Point` instantiation are covered in:
+            # - https://docs.ruby-lang.org/en/2.4.0/OpenSSL/PKey/EC.html
+            # - https://www.openssl.org/docs/manmaster/man3/EC_POINT_new.html
+            # - https://tools.ietf.org/html/rfc5480#section-2.2
+            # - https://www.secg.org/SEC1-Ver-1.0.pdf
+            # Section 2.3.3 of the last of these references specifies that the
+            # encoding of an uncompressed point consists of the byte `0x04` followed
+            # by the x value then the y value.
+            point = OpenSSL::PKey::EC::Point.new(
+              OpenSSL::PKey::EC::Group.new(curve),
+              OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+            )
+
+            key.public_key = point
+            key.private_key = OpenSSL::BN.new(decode_octets(jwk_d), 2) if jwk_d
+
+            key
+          end
+        end
+
+        def decode_octets(jwk_data)
+          ::JWT::Base64.url_decode(jwk_data)
+        end
+
+        def decode_open_ssl_bn(jwk_data)
+          OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY)
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwk/hmac.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class HMAC < KeyBase
+      KTY  = 'oct'
+      KTYS = [KTY, String].freeze
+
+      attr_reader :signing_key
+
+      def initialize(signing_key, options = {})
+        raise ArgumentError, 'signing_key must be of type String' unless signing_key.is_a?(String)
+
+        @signing_key = signing_key
+        super(options)
+      end
+
+      def private?
+        true
+      end
+
+      def public_key
+        nil
+      end
+
+      # See https://tools.ietf.org/html/rfc7517#appendix-A.3
+      def export(options = {})
+        exported_hash = {
+          kty: KTY,
+          kid: kid
+        }
+
+        return exported_hash unless private? && options[:include_private] == true
+
+        exported_hash.merge(
+          k: signing_key
+        )
+      end
+
+      def members
+        {
+          kty: KTY,
+          k: signing_key
+        }
+      end
+
+      alias keypair signing_key # for backwards compatibility
+
+      def key_digest
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::UTF8String.new(signing_key),
+                                            OpenSSL::ASN1::UTF8String.new(KTY)])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      class << self
+        def import(jwk_data)
+          jwk_k = jwk_data[:k] || jwk_data['k']
+          jwk_kid = jwk_data[:kid] || jwk_data['kid']
+
+          raise JWT::JWKError, 'Key format is invalid for HMAC' unless jwk_k
+
+          new(jwk_k, kid: jwk_kid)
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwk/key_base.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class KeyBase
+      def self.inherited(klass)
+        super
+        ::JWT::JWK.classes << klass
+      end
+
+      def initialize(options)
+        options ||= {}
+
+        if options.is_a?(String) # For backwards compatibility when kid was a String
+          options = { kid: options }
+        end
+
+        @kid           = options[:kid]
+        @kid_generator = options[:kid_generator] || ::JWT.configuration.jwk.kid_generator
+      end
+
+      def kid
+        @kid ||= generate_kid
+      end
+
+      private
+
+      attr_reader :kid_generator
+
+      def generate_kid
+        kid_generator.new(self).generate
+      end
+    end
+  end
+end

data/lib/jwt/jwk/key_finder.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class KeyFinder
+      def initialize(options)
+        jwks_or_loader = options[:jwks]
+        @jwks          = jwks_or_loader if jwks_or_loader.is_a?(Hash)
+        @jwk_loader    = jwks_or_loader if jwks_or_loader.respond_to?(:call)
+      end
+
+      def key_for(kid)
+        raise ::JWT::DecodeError, 'No key id (kid) found from token headers' unless kid
+
+        jwk = resolve_key(kid)
+
+        raise ::JWT::DecodeError, 'No keys found in jwks' if jwks_keys.empty?
+        raise ::JWT::DecodeError, "Could not find public key for kid #{kid}" unless jwk
+
+        ::JWT::JWK.import(jwk).keypair
+      end
+
+      private
+
+      def resolve_key(kid)
+        jwk = find_key(kid)
+
+        return jwk if jwk
+
+        if reloadable?
+          load_keys(invalidate: true, kid_not_found: true, kid: kid) # invalidate for backwards compatibility
+          return find_key(kid)
+        end
+
+        nil
+      end
+
+      def jwks
+        return @jwks if @jwks
+
+        load_keys
+        @jwks
+      end
+
+      def load_keys(opts = {})
+        @jwks = @jwk_loader.call(opts)
+      end
+
+      def jwks_keys
+        Array(jwks[:keys] || jwks['keys'])
+      end
+
+      def find_key(kid)
+        jwks_keys.find { |key| (key[:kid] || key['kid']) == kid }
+      end
+
+      def reloadable?
+        @jwk_loader
+      end
+    end
+  end
+end

data/lib/jwt/jwk/kid_as_key_digest.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class KidAsKeyDigest
+      def initialize(jwk)
+        @jwk = jwk
+      end
+
+      def generate
+        @jwk.key_digest
+      end
+    end
+  end
+end

data/lib/jwt/jwk/rsa.rb

@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class RSA < KeyBase
+      BINARY = 2
+      KTY    = 'RSA'
+      KTYS   = [KTY, OpenSSL::PKey::RSA].freeze
+      RSA_KEY_ELEMENTS = %i[n e d p q dp dq qi].freeze
+
+      attr_reader :keypair
+
+      def initialize(keypair, options = {})
+        raise ArgumentError, 'keypair must be of type OpenSSL::PKey::RSA' unless keypair.is_a?(OpenSSL::PKey::RSA)
+
+        @keypair = keypair
+
+        super(options)
+      end
+
+      def private?
+        keypair.private?
+      end
+
+      def public_key
+        keypair.public_key
+      end
+
+      def export(options = {})
+        exported_hash = members.merge(kid: kid)
+
+        return exported_hash unless private? && options[:include_private] == true
+
+        append_private_parts(exported_hash)
+      end
+
+      def members
+        {
+          kty: KTY,
+          n: encode_open_ssl_bn(public_key.n),
+          e: encode_open_ssl_bn(public_key.e)
+        }
+      end
+
+      def key_digest
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(public_key.n),
+                                            OpenSSL::ASN1::Integer.new(public_key.e)])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      private
+
+      def append_private_parts(the_hash)
+        the_hash.merge(
+          d: encode_open_ssl_bn(keypair.d),
+          p: encode_open_ssl_bn(keypair.p),
+          q: encode_open_ssl_bn(keypair.q),
+          dp: encode_open_ssl_bn(keypair.dmp1),
+          dq: encode_open_ssl_bn(keypair.dmq1),
+          qi: encode_open_ssl_bn(keypair.iqmp)
+        )
+      end
+
+      def encode_open_ssl_bn(key_part)
+        ::JWT::Base64.url_encode(key_part.to_s(BINARY))
+      end
+
+      class << self
+        def import(jwk_data)
+          pkey_params = jwk_attributes(jwk_data, *RSA_KEY_ELEMENTS) do |value|
+            decode_open_ssl_bn(value)
+          end
+          new(rsa_pkey(pkey_params), kid: jwk_attributes(jwk_data, :kid)[:kid])
+        end
+
+        private
+
+        def jwk_attributes(jwk_data, *attributes)
+          attributes.each_with_object({}) do |attribute, hash|
+            value = jwk_data[attribute] || jwk_data[attribute.to_s]
+            value = yield(value) if block_given?
+            hash[attribute] = value
+          end
+        end
+
+        def rsa_pkey(rsa_parameters)
+          raise JWT::JWKError, 'Key format is invalid for RSA' unless rsa_parameters[:n] && rsa_parameters[:e]
+
+          create_rsa_key(rsa_parameters)
+        end
+
+        if ::JWT.openssl_3?
+          ASN1_SEQUENCE = %i[n e d p q dp dq qi].freeze
+          def create_rsa_key(rsa_parameters)
+            sequence = ASN1_SEQUENCE.each_with_object([]) do |key, arr|
+              next if rsa_parameters[key].nil?
+
+              arr << OpenSSL::ASN1::Integer.new(rsa_parameters[key])
+            end
+
+            if sequence.size > 2 # For a private key
+              sequence.unshift(OpenSSL::ASN1::Integer.new(0))
+            end
+
+            OpenSSL::PKey::RSA.new(OpenSSL::ASN1::Sequence(sequence).to_der)
+          end
+        elsif OpenSSL::PKey::RSA.new.respond_to?(:set_key)
+          def create_rsa_key(rsa_parameters)
+            OpenSSL::PKey::RSA.new.tap do |rsa_key|
+              rsa_key.set_key(rsa_parameters[:n], rsa_parameters[:e], rsa_parameters[:d])
+              rsa_key.set_factors(rsa_parameters[:p], rsa_parameters[:q]) if rsa_parameters[:p] && rsa_parameters[:q]
+              rsa_key.set_crt_params(rsa_parameters[:dp], rsa_parameters[:dq], rsa_parameters[:qi]) if rsa_parameters[:dp] && rsa_parameters[:dq] && rsa_parameters[:qi]
+            end
+          end
+        else
+          def create_rsa_key(rsa_parameters) # rubocop:disable Metrics/AbcSize
+            OpenSSL::PKey::RSA.new.tap do |rsa_key|
+              rsa_key.n = rsa_parameters[:n]
+              rsa_key.e = rsa_parameters[:e]
+              rsa_key.d = rsa_parameters[:d] if rsa_parameters[:d]
+              rsa_key.p = rsa_parameters[:p] if rsa_parameters[:p]
+              rsa_key.q = rsa_parameters[:q] if rsa_parameters[:q]
+              rsa_key.dmp1 = rsa_parameters[:dp] if rsa_parameters[:dp]
+              rsa_key.dmq1 = rsa_parameters[:dq] if rsa_parameters[:dq]
+              rsa_key.iqmp = rsa_parameters[:qi] if rsa_parameters[:qi]
+            end
+          end
+        end
+
+        def decode_open_ssl_bn(jwk_data)
+          return nil unless jwk_data
+
+          OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY)
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwk/thumbprint.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    # https://tools.ietf.org/html/rfc7638
+    class Thumbprint
+      attr_reader :jwk
+
+      def initialize(jwk)
+        @jwk = jwk
+      end
+
+      def generate
+        ::Base64.urlsafe_encode64(
+          Digest::SHA256.digest(
+            JWT::JSON.generate(
+              jwk.members.sort.to_h
+            )
+          ), padding: false
+        )
+      end
+
+      alias to_s generate
+    end
+  end
+end

data/lib/jwt/jwk.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require_relative 'jwk/key_finder'
+
+module JWT
+  module JWK
+    class << self
+      def import(jwk_data)
+        jwk_kty = jwk_data[:kty] || jwk_data['kty']
+        raise JWT::JWKError, 'Key type (kty) not provided' unless jwk_kty
+
+        mappings.fetch(jwk_kty.to_s) do |kty|
+          raise JWT::JWKError, "Key type #{kty} not supported"
+        end.import(jwk_data)
+      end
+
+      def create_from(keypair, kid = nil)
+        mappings.fetch(keypair.class) do |klass|
+          raise JWT::JWKError, "Cannot create JWK from a #{klass.name}"
+        end.new(keypair, kid)
+      end
+
+      def classes
+        @mappings = nil # reset the cached mappings
+        @classes ||= []
+      end
+
+      alias new create_from
+
+      private
+
+      def mappings
+        @mappings ||= generate_mappings
+      end
+
+      def generate_mappings
+        classes.each_with_object({}) do |klass, hash|
+          next unless klass.const_defined?('KTYS')
+
+          Array(klass::KTYS).each do |kty|
+            hash[kty] = klass
+          end
+        end
+      end
+    end
+  end
+end
+
+require_relative 'jwk/key_base'
+require_relative 'jwk/ec'
+require_relative 'jwk/rsa'
+require_relative 'jwk/hmac'

data/lib/jwt/security_utils.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module JWT
+  # Collection of security methods
+  #
+  # @see: https://github.com/rails/rails/blob/master/activesupport/lib/active_support/security_utils.rb
+  module SecurityUtils
+    module_function
+
+    def secure_compare(left, right)
+      left_bytesize = left.bytesize
+
+      return false unless left_bytesize == right.bytesize
+
+      unpacked_left = left.unpack "C#{left_bytesize}"
+      result = 0
+      right.each_byte { |byte| result |= byte ^ unpacked_left.shift }
+      result.zero?
+    end
+
+    def verify_rsa(algorithm, public_key, signing_input, signature)
+      public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
+    end
+
+    def verify_ps(algorithm, public_key, signing_input, signature)
+      formatted_algorithm = algorithm.sub('PS', 'sha')
+
+      public_key.verify_pss(formatted_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: formatted_algorithm)
+    end
+
+    def asn1_to_raw(signature, public_key)
+      byte_size = (public_key.group.degree + 7) / 8
+      OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
+    end
+
+    def raw_to_asn1(signature, private_key)
+      byte_size = (private_key.group.degree + 7) / 8
+      sig_bytes = signature[0..(byte_size - 1)]
+      sig_char = signature[byte_size..-1] || ''
+      OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+    end
+
+    def rbnacl_fixup(algorithm, key)
+      algorithm = algorithm.sub('HS', 'SHA').to_sym
+
+      return [] unless defined?(RbNaCl) && RbNaCl::HMAC.constants(false).include?(algorithm)
+
+      authenticator = RbNaCl::HMAC.const_get(algorithm)
+
+      # Fall back to OpenSSL for keys larger than 32 bytes.
+      return [] if key.bytesize > authenticator.key_bytes
+
+      [
+        authenticator,
+        key.bytes.fill(0, key.bytesize...authenticator.key_bytes).pack('C*')
+      ]
+    end
+  end
+end