jwt 1.5.1 → 2.1.0

data/spec/fixtures/certs/ec384-wrong-public.pem

@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEMF5MeARQRi1285ecla38Su3q/IUot/Ig
+xCtvu3Ha0dd+1p+SVJy+Fk8F085MlIHwTi97BzaM8H4FNNxg/xDlBCqs7CCYs9nG
+z2xQC3eIUvvE+LMwy1QvSZdVupNAgLZj
+-----END PUBLIC KEY-----

data/spec/fixtures/certs/ec512-private.pem

@@ -0,0 +1,10 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQAIw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIB0/+ffxEj7j62xvGaB5pvzk888e412ESO/EK/K0QlS9dSF8+Rj1rG
+zqpRB8fvDnoe8xdmkW/W5GKzojMyv7YQYumgBwYFK4EEACOhgYkDgYYABAEw74Yw
+aTbPY6TtWmxx6LJDzCX2nKWCPnKdZcEH9Ncu8g5RjRBRq2yacja3OoS6nA2YeDng
+reBJxZr376P6Ns6XcQFWDA6K/MCTrEBCsPxXZNxd8KR9vMGWhgNtWRrcKzwJfQkr
+suyehZkbbYyFnAWyARKHZuV7VUXmeEmRS/f93MPqVA==
+-----END EC PRIVATE KEY-----

data/spec/fixtures/certs/ec512-public.pem

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBMO+GMGk2z2Ok7VpsceiyQ8wl9pyl
+gj5ynWXBB/TXLvIOUY0QUatsmnI2tzqEupwNmHg54K3gScWa9++j+jbOl3EBVgwO
+ivzAk6xAQrD8V2TcXfCkfbzBloYDbVka3Cs8CX0JK7LsnoWZG22MhZwFsgESh2bl
+e1VF5nhJkUv3/dzD6lQ=
+-----END PUBLIC KEY-----

data/spec/fixtures/certs/ec512-wrong-private.pem

@@ -0,0 +1,10 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQAIw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MIHbAgEBBEG/KbA2oCbiCT6L3V8XSz2WKBy0XhGvIFbl/ZkXIXnkYt+1B7wViSVo
+KCHuMFsi6xU/5nE1EuDG2UsQJmKeAMkIOKAHBgUrgQQAI6GBiQOBhgAEAG0TFWe5
+cZ5DZIyfuysrCoQySTNxd+aT8sPIxsx7mW6YBTsuO6rEgxyegd2Auy4xtikxpzKv
+soMXR02999Aaus2jAAt/wxrhhr41BDP4MV0b6Zngb72hna0pcGqit5OyU8AbOJUZ
++rdyowRGsOY+aPbOyVhdNcsEdxYC8GdIyCQLBC1H
+-----END EC PRIVATE KEY-----

data/spec/fixtures/certs/ec512-wrong-public.pem

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAbRMVZ7lxnkNkjJ+7KysKhDJJM3F3
+5pPyw8jGzHuZbpgFOy47qsSDHJ6B3YC7LjG2KTGnMq+ygxdHTb330Bq6zaMAC3/D
+GuGGvjUEM/gxXRvpmeBvvaGdrSlwaqK3k7JTwBs4lRn6t3KjBEaw5j5o9s7JWF01
+ywR3FgLwZ0jIJAsELUc=
+-----END PUBLIC KEY-----

data/spec/fixtures/certs/rsa-1024-private.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDO/ahgFDvniFoQ1dm+MdnkBi+Ts5W9AtQNgw4ZHIdPnqEzSgW7
+0opKEu8hnlLqsIyU2BC2op/xOanipdbXObuFlA6bth1cYRI+YJlR3BbPGOIL6YbJ
+ud9m0gIsBlCDLm4e/E45ZS+emudISP7/SF7zxvxZlnr1z7HTm7nIIVBvuQIDAQAB
+AoGBAMzFQAccvU6GI6O4C5sOsiHUxMh3xtCftaxQVGgfQvVPVuXoeteep1Q0ewFl
+IV4vnkO5pH8pTtVTWG9x5KIy6QCql4qvr2jkOm4mo9uogrpNklvBl2lN4Lxubj0N
+mGRXaM3hckZl8+JT6uzfBfjy+pd8AOigJGPQCOZn4gmANW7pAkEA82Nh4wpj6ZRU
+NBiBq3ONZuH4xJm59MI2FWRJsGUFUYdSaFwyKKim52/13d8iUb7v9utWQFRatCXz
+Lqw9fQyVrwJBANm3dBOVxpUPrYEQsG0q2rdP+u6U3woylxwtQgJxImZKZmmJlPr8
+9v23rhydvCe1ERPYe7EjF4RGWVPN3KLdExcCQDdzNfL3BApMS97OkoRQQC/nXbjU
+2SPlN1MqVQuGCG8pqGG0V40h11y1CkvxMS10ldEojq77SOrwFnZUsXGS82sCQQC6
+XdO7QCaxSq5XIRYlHN4EtS40NLOIYy3/LK6osHel4GIyTVd+UjSLk0QzssJxqwln
+V5TqWQO0cxPcLQiFUYEZAkEA2G84ilb9QXOgbNyoE1VifNk49hhodbSskLb86uwY
+Vgtzq1ZsqoPBCasr4WRiXt270n+mo5dNYRlZwiUn9lH78Q==
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/certs/rsa-1024-public.pem

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO/ahgFDvniFoQ1dm+MdnkBi+T
+s5W9AtQNgw4ZHIdPnqEzSgW70opKEu8hnlLqsIyU2BC2op/xOanipdbXObuFlA6b
+th1cYRI+YJlR3BbPGOIL6YbJud9m0gIsBlCDLm4e/E45ZS+emudISP7/SF7zxvxZ
+lnr1z7HTm7nIIVBvuQIDAQAB
+-----END PUBLIC KEY-----

data/spec/fixtures/certs/rsa-2048-private.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4GzZTLU48c4WbyvHi+QKrB71x+T0eq5hqDbQqnlYjhD1Ika7
+io1iplsdJWJuyxfYbUkb2Ol0fj4koZ/GS6lgCZr4+8UHbr1qf0Eu5HZSpszs2YxY
+8U5RHnrpw67co7hlgAR9HbyNf5XIYgLV9ldHH/eazwnc3F/hgNsV0xjScVilejgo
+cJ4zcsyymvW8t42lteM7bI867ZuJhGop/V+Y0HFyrMsPoQyLuCUpr6ulOfrkr7ZO
+dhAIG8r1HcjOp/AUjM15vfXcbUZjkM/VloifX1YitU3upMGJ8/DpFGffMOImrn5r
+6BT494V8rRyN2qvQoAkLJpqZ0avLxwiR2lgVQQIDAQABAoIBAEH0Ozgr2fxWEInD
+V/VooypKPvjr9F1JejGxSkmPN9MocKIOH3dsbZ1uEXa3ItBUxan4XlK06SNgp+tH
+xULfF/Y6sQlsse59hBq50Uoa69dRShn1AP6JgZVvkduMPBNxUYL5zrs6emsQXb9Q
+DglDRQfEAJ7vyxSIqQDxYcyT8uSUF70dqFe+E9B2VE3D6ccHc98k41pJrAFAUFH1
+wwvDhfyYr7/Ultut9wzpZvU1meF3Vna3GOUHfxrG6wu1G+WIWHGjouzThsc1qiVI
+BtMCJxuCt5fOXRbU4STbMqhB6sZHiOh6J/dZU6JwRYt+IS8FB6kCNFSEWZWQledJ
+XqtYSQECgYEA9nmnFTRj3fTBq9zMXfCRujkSy6X2bOb39ftNXzHFuc+I6xmv/3Bs
+P9tDdjueP/SnCb7i/9hXkpEIcxjrjiqgcvD2ym1hE4q+odMzRAXYMdnmzI34SVZE
+U5hYJcYsXNKrTTleba7QgqdORmyJ9FwqLO40udvmrZMY223XDwgRkOkCgYEA6RkO
+5wjjrWWp/G1YN3KXZTS1m2/eGrUThohXKAfAjbWWiouNLW2msXrxEWsPRL6xKiHu
+X9cwZwzi3MstAgk+bphUGUVUkGKNDjWHJA25tDYjbPtkd6xbL4eCHsKpNL3HNYr9
+N0CIvgn7qjaHRBem0iK7T6keY4axaSVddEwYapkCgYEA13K5qaB1F4Smcpt8DTWH
+vPe8xUUaZlFzOJLmLCsuwmB2N8Ppg2j7RspcaxJsH021YaB5ftjWm+ipMSr8ZPY/
+8JlPsNzxuYpTXtNmAbT2KYVm6THEch61dTk6/DIBf1YrpUJbl5by7vJeStL/uBmE
+SGgksL5XIyzs0opuLdaIvFkCgYAyBLWE8AxjFfCvAQuwAj/ocLITo6KmWnrRIIqL
+RXaVMgUWv7FQsTnW1cnK8g05tC2yG8vZ9wQk6Mf5lwOWb0NdWgSZ0528ydj41pWk
+L+nMeN2LMjqxz2NVxJ8wWJcUgTCxFZ0WcRumo9/D+6V1ABpE9zz4cBLcSnfhVypB
+nV6T6QKBgQCSZNCQ9HPxjAgYcsqc5sjNwuN1GHQZSav3Tye3k6zHENe1lsteT9K8
+xciGIuhybKZBvB4yImIIHCtnH+AS+mHAGqHarjNDMfvjOq0dMibPx4+bkIiHdBIH
+Xz+j5kmntvFiUnzr0Z/Tcqo+r8FvyCo1YWgwqGP8XoFrswD7gy7cZw==
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/certs/rsa-2048-public.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GzZTLU48c4WbyvHi+QK
+rB71x+T0eq5hqDbQqnlYjhD1Ika7io1iplsdJWJuyxfYbUkb2Ol0fj4koZ/GS6lg
+CZr4+8UHbr1qf0Eu5HZSpszs2YxY8U5RHnrpw67co7hlgAR9HbyNf5XIYgLV9ldH
+H/eazwnc3F/hgNsV0xjScVilejgocJ4zcsyymvW8t42lteM7bI867ZuJhGop/V+Y
+0HFyrMsPoQyLuCUpr6ulOfrkr7ZOdhAIG8r1HcjOp/AUjM15vfXcbUZjkM/Vloif
+X1YitU3upMGJ8/DpFGffMOImrn5r6BT494V8rRyN2qvQoAkLJpqZ0avLxwiR2lgV
+QQIDAQAB
+-----END PUBLIC KEY-----

data/spec/fixtures/certs/rsa-2048-wrong-private.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzHAVGaW9j4l3/b4ngcjjoIoIcnsQEWOMqErb5VhLZMGIq1gE
+O5qxPDAwooKsNotzcAOB3ZyLn7p5D+dmOrNUYkYWgYITNGeSifrnVqQugd5Fh1L8
+K7zOGltUo2UtjbN4uJ56tzxBMZp2wejs2/Qu0eu0xZK3To+YkDcWOk92rmNgmUSQ
+C/kNyIOj+yBvOo3wTk6HvbhoIarCgJ6Lay1v/hMLyQLzwRY/Qfty1FTIDyTv2dch
+47FsfkZ1KAL+MbUnHuCBPzGxRjXa8Iy9Z7YGxrYasUt1b0um64bscxoIiCu8yLL8
+jlg01Rwrjr/MTwKRhwXlMp8B7HTonwtaG6arJwIDAQABAoIBAGFR4dmJusl/qW1T
+fj8cQLAFxaupxaZhe24J5NAyzgEy2Dqo9ariIwkB78UM66ozjEqAgOvcP+NTw5m8
+kD/VapA1yTTxlO7XdzzUAhiOo80S4IphCMZRZNPLMmluGtdf3lIUr1pXBrn0TCBX
+H5o9jaREzpNXGof9d6T/dEdh2J9+uE/p1xE5GSxQfaPheZzCG7636La/DcArg/UR
++TusPqp62BEmk96pE/KKJRmEeH+WnPfSh6sMpLxi3hkEU7AynpliGT6Z6xV4csBI
+S/rdpkcj5DWpbnQzkwdrnL2Q+POEq/vlx5/NlezvtQPNLvQWDyY4yBCoMKGb3EbX
+xrxP7MECgYEA/kwe4P0Mqk+087IyhjDBGPfcMt8gfYc9nzNfIYSWdSwuSag/hqHq
+I4GwHQzUV9ix3iM6w5hin10yAzWxCYZg9hquV+lSvNNpGB76FX6oOqwuAhyQMRwv
+eW+VUyfFXeJugwL5JuIaNTvwPpQVDHYtELLifie+uzJ5HC6dhg/XchcCgYEAzc5/
++IXjOlExd/mBgFk/5Y87ifA0ZOgbaJXifYgU0aNSgz1piHxU3n2p4jJ9lSdwwCl2
+Fb5EN7666t20PL5QcXJ5ZdaTRLzRlYiqTWzfYHBgttbB1Jl3Ed9GsKuzRgaRqGFC
+ANJSqZlKG0NZ3keRtuKdFwq+IVOnsQr9g0TZiXECgYEAqUgtCiMKCloTIGMQpSnR
+cXiWWjsUmturls4Q1vQ3YHrvuVLKLyqb/dT4Uu5WcMAs765OESThCit0/pQAbVHK
+PCpYwubskAzAGjGM00BEZwJ1gixXhIm5xMIWCowgI7Z3ULlq+IptXeCvtkjHlksZ
+BtO+WLLGkkEwRCV38WWcSzMCgYA/Xxqgl/mD94RYAQgTUWgPc69Nph08BQyLg7ue
+E8z1UGkT6FEaqc4oRGGPOSTaTK63PQ0TXOb8k0pTD7l0CtYSWMFwzkXCoLGYbeCi
+vqd5tqDRLAe7QxYa9rl5pSUqptMrGeeNATZa6sya4H5Hp5oCyny8n54z/OJh7ZRq
+W0TwwQKBgQDDP7ksm2pcqadaVAmODdOlaDHbaEcxp8wN7YVz0lM3UpJth96ukbj7
+S39eJhXYWOn6oJQb/lN9fGOYqjg3y6IchGZDp67ATvWYvn/NY0R7mt4K4oHx5TuN
+rSQlP3WmOGv8Kemw892uRfW/jZyBEHhsfS213WDttVPn9F635GdNWw==
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/certs/rsa-2048-wrong-public.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHAVGaW9j4l3/b4ngcjj
+oIoIcnsQEWOMqErb5VhLZMGIq1gEO5qxPDAwooKsNotzcAOB3ZyLn7p5D+dmOrNU
+YkYWgYITNGeSifrnVqQugd5Fh1L8K7zOGltUo2UtjbN4uJ56tzxBMZp2wejs2/Qu
+0eu0xZK3To+YkDcWOk92rmNgmUSQC/kNyIOj+yBvOo3wTk6HvbhoIarCgJ6Lay1v
+/hMLyQLzwRY/Qfty1FTIDyTv2dch47FsfkZ1KAL+MbUnHuCBPzGxRjXa8Iy9Z7YG
+xrYasUt1b0um64bscxoIiCu8yLL8jlg01Rwrjr/MTwKRhwXlMp8B7HTonwtaG6ar
+JwIDAQAB
+-----END PUBLIC KEY-----

data/spec/fixtures/certs/rsa-4096-private.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAqETmgWBi5rCmb7euJplA/9xs65+bncc9Yvs5zjyycXSW82Jf
+RuyguGm0OvA2wog24dR4N2kT/87DcGtp5JqJWADVFNr+2V2r6i57/OMLruRpn3p2
+r95dmo0COE+BxPFl7XEBT8JbH57ZtpgcB3/xkS14nLOWFf96hrXPlXJC+VMVKVZm
+A8k2LRh42vT5wUf4U0Doy/p7yFNSFFa6Q8wwe4TBy/z/f+rhFD1w8rxlYjallee/
+ocm7bjZCwbJGMm7orLViqWfsFX3O35PeoJ5h/7uJ7iRwvTFERkTdwWP/0BeKBeIt
+BR3YFc2mut+V9W+WKRkMSL6Crc+oVSx3p8aB7j9SZFzQiRtes4BYETpX1xl2mgIq
+5hvsFbLw7ESrlIodiwUMTrSIid2DQ6q80kv1zXPr4+Id6L0sJLxPCaXnTmNtasSw
+yedJJYxLjwhHJwtzFAeaq18H3O791YKhjAJ6YxK3zJ59jTE6Pkvqjq183f2PGHVR
+vgSN7aCmI6MBUUB5wDP2K8zX2sh40/uPDVSd6ei1vl3DpPk+h8iExx6AzbohfqZ+
+5RUUNx127L3MaQvOVC5TxV+R99gwKW++wzcVuO3m2KqVUj+K1uYBy3KBCUMBbckp
+EWGbN++jcdV5oJX6fsC66nOmKlntYwCL/pRww+oLsbzF8J3dxeDbKNF9JDsCAwEA
+AQKCAgBJF8TZJjlP5CQoGy227pNhkSpvH6HFY6qyuFZf09XfmrmHd4/Tiy41bRUx
+FO90iR7t8hFWYHqjf/k9eCtDdi164MGukYJqgVoQG6kYLLgCfI21DMlJk9otLFtu
+gnroRcP05EWhk9dpYONJgcGLMHSKj6n4x7nGTHe41HkbfcrB6ukiT7l4o4q5BAxb
+cFadMtoXr/ZvxJrIZgkddJ7snGHjBcP5DCkgM7MZy6aoilWv1/UNrOF9MdgNA9zz
+rrD3b136x7/XvqC6pS+bxuvJ8YK4R4qeu42NYT07GOcK/pk8lz0JWTodIt2eevqV
+6lGFj7c2mv7PCpJRVgbVGL/RTVVap/+jbcRVLdnYKsII/dANG7iXnfwRgkLWet5D
+OOsPuvIuyiSaJIwcdRE3SSO+tZhKLt+gh/oLxBPw5Ex0FwsVTtYn3Q/X3EAx+Wph
+eFcRr3TVkDg0MfdWWkgk16DvYB5cWc29coTaH1g+2juadNHbtVAigwJorKc6sxH3
+QGsW0WQJ8ZRZgJkSUuu3nr7QD3ZrgHptONQAh1RWGnIWi6OlMfaPdMo+SDnnL5SG
+mpOPjWadDc1XvMFnKQYMYB5GWU/ZNmnZmDLyg1Pc0Y+qRUc0s83nZFHN60KnUrSz
+0MZDspSFtr0fMx0b2/EB4EbuXd3QjQURF6P6HtWBu6oFnzu1AQKCAQEA2R9BKJgJ
+vNP+DUu8NBzwmi0cKlAiaxt+w90i5DWq1XWPKgi+RVLkaQSJqHoYQVNgEwL/cWxp
+s2r3GCMNIdOrGdcm8dX/6UYFpRaFcViTycVEA7cwZOMppgqr2Q+ZYX42K7HObUVL
+JGvdEWWWfSsynUGsrG87DC1gl94ANxCdqkZdbW5d3X0w5v7M/1tlrmAeskZSZpeT
+8BwwM6REb0U/B4/i8TLtLi/PGmMTOIxW41uKS/S6kq/gwyv+jNNO0ljhPt25iSbV
+K5ZHS4YuPKLl0tZMaOkPco9s6t4ES/Y317zQoTzUkAAkkFO4QPzRZL0ESqVBNR0h
+Ao7FLmFZzFHpoQKCAQEAxmZBn0UrJLXkD7bw66y4RwzjQYmxLlkEl3uvjrvVSuL1
+mAHDW58aGIpFFZ8QSTtNewIBQYNifp/cdFHAagqtl/iMGEegaOpJAKu/ykrkfZUp
+7mYDNng4ZWpypeKaGMAQoNzZiUpF+BDnqbeb/kgYu6sNlh9gRHR79rgAuZQxZ/1B
+tE8WcUFi4CnTq2QLqX4LwMuZHWXAJQoMoW3K5av+J544lIM6GdMJuIONtBBkKVQD
+ErrJ0bqYeykrFS6pKl/NBCZLGo5xFFRiYEdZ1GlA3uW3EGKppz6PS7194+x5UVts
+xZPUfkgdFjWCczkl4JDoWfaNn5sgXtiVbGh1n3gYWwKCAQB7vHEg1kyuXU4qe5/d
+PyTraIvlnVeQHNJIgy0QS3l5Pw8A0IzG6y+anehpqHNMP1zAWPQEytkOVAZPriIc
+xgl7p37dUa0PX0V2SPhxmR5YXeCeEXc197PTmb9H67jos8nhauqOoW/qaMJK2M9D
+tCubLUNf3eAT14R16CHNP93qnUE/TSeXQ3JsIofne0neb47u4F6zcuzvaNEbjSEn
+HJqID7sw5GoA6WQo0I+yqWAXICMXmHf/gtYfxGHEFeSUwexULH5BKG1R8sncw7J0
+Ag3h8xkGrNON4SkcTLy8Iay/eS6YxRcKndo4mk2mU65tr77TX4xi3Z/jWkQLY5WO
+eJwhAoIBABO17wkSxyGDjJ/fDfpsE3bDmgRV2KuBHoqqOBvXH26sM7ghXLZKjT4o
+5ooqXmTYJm91GIjYs71exnkr8hDW9L4nbEuxOgeSVyRg69H+NMshOaQ8sE8GDJxO
+wgsnAyY4Vq6UomwYW/E0RL/AxRezM/nZGaVzgo3qgLJXP4MwbOQm7hMq1FD2LQuW
+PDhH3Ty+kA5ca97W0Asd/3k+Pi0pNDvdZUOj8e7E369cKoTcKAdPGGsQ8aILhsCd
+q3EUTKwwDl8+KrH9utBJPejQzeTjfBVo/xH6q145QeVFcy9ku/zQN3M9p5vQMEuX
+j1lBMTkpTFw7uYBE2idyHw5BJoZsWQcCggEADfZTChqnOncItSflzGoaAACrr4/x
+KyT/4A+cPMCs11JN9J+EWsCezya2o1l/NF7YPcBR4qjCmFMEiq5GxH5fGLQp0aa7
+V13mHA8XBQ25OW2K7BGJhMHdbuvTnl6jsOfC4+t7P2bUAYxoP6/ncxTzZ5OlBN5k
+aMv9firWl1kSKK75ww9DWn6j0rQ4dBetwX45EMcs+iKIdydg0fmJxR2EJ+uQsCFy
+xcWBEDqV7qLUi6UrAPL3v/DXUv9wKcKOTbKw/aNE8+YTWMUO330GCJ5cVU1eTL5t
+UrcNKOJkFIj7jJUCzv6vcy++hMJEbNXnnTVRnky6e9C2vwzMl33njntapg==
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/certs/rsa-4096-public.pem

@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqETmgWBi5rCmb7euJplA
+/9xs65+bncc9Yvs5zjyycXSW82JfRuyguGm0OvA2wog24dR4N2kT/87DcGtp5JqJ
+WADVFNr+2V2r6i57/OMLruRpn3p2r95dmo0COE+BxPFl7XEBT8JbH57ZtpgcB3/x
+kS14nLOWFf96hrXPlXJC+VMVKVZmA8k2LRh42vT5wUf4U0Doy/p7yFNSFFa6Q8ww
+e4TBy/z/f+rhFD1w8rxlYjallee/ocm7bjZCwbJGMm7orLViqWfsFX3O35PeoJ5h
+/7uJ7iRwvTFERkTdwWP/0BeKBeItBR3YFc2mut+V9W+WKRkMSL6Crc+oVSx3p8aB
+7j9SZFzQiRtes4BYETpX1xl2mgIq5hvsFbLw7ESrlIodiwUMTrSIid2DQ6q80kv1
+zXPr4+Id6L0sJLxPCaXnTmNtasSwyedJJYxLjwhHJwtzFAeaq18H3O791YKhjAJ6
+YxK3zJ59jTE6Pkvqjq183f2PGHVRvgSN7aCmI6MBUUB5wDP2K8zX2sh40/uPDVSd
+6ei1vl3DpPk+h8iExx6AzbohfqZ+5RUUNx127L3MaQvOVC5TxV+R99gwKW++wzcV
+uO3m2KqVUj+K1uYBy3KBCUMBbckpEWGbN++jcdV5oJX6fsC66nOmKlntYwCL/pRw
+w+oLsbzF8J3dxeDbKNF9JDsCAwEAAQ==
+-----END PUBLIC KEY-----

data/spec/integration/readme_examples_spec.rb

@@ -0,0 +1,202 @@
+# frozen_string_literal: true
+
+require_relative '../spec_helper'
+require 'jwt'
+
+describe 'README.md code test' do
+  context 'algorithm usage' do
+    let(:payload) { { data: 'test' } }
+
+    it 'NONE' do
+      token = JWT.encode payload, nil, 'none'
+      decoded_token = JWT.decode token, nil, false
+
+      expect(token).to eq 'eyJhbGciOiJub25lIn0.eyJkYXRhIjoidGVzdCJ9.'
+      expect(decoded_token).to eq [
+        { 'data' => 'test' },
+        { 'alg' => 'none' }
+      ]
+    end
+
+    it 'HMAC' do
+      token = JWT.encode payload, 'my$ecretK3y', 'HS256'
+      decoded_token = JWT.decode token, 'my$ecretK3y', false
+
+      expect(token).to eq 'eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.pNIWIL34Jo13LViZAJACzK6Yf0qnvT_BuwOxiMCPE-Y'
+      expect(decoded_token).to eq [
+        { 'data' => 'test' },
+        { 'alg' => 'HS256' }
+      ]
+    end
+
+    it 'RSA' do
+      rsa_private = OpenSSL::PKey::RSA.generate 2048
+      rsa_public = rsa_private.public_key
+
+      token = JWT.encode payload, rsa_private, 'RS256'
+      decoded_token = JWT.decode token, rsa_public, true, algorithm: 'RS256'
+
+      expect(decoded_token).to eq [
+        { 'data' => 'test' },
+        { 'alg' => 'RS256' }
+      ]
+    end
+
+    it 'ECDSA' do
+      ecdsa_key = OpenSSL::PKey::EC.new 'prime256v1'
+      ecdsa_key.generate_key
+      ecdsa_public = OpenSSL::PKey::EC.new ecdsa_key
+      ecdsa_public.private_key = nil
+
+      token = JWT.encode payload, ecdsa_key, 'ES256'
+      decoded_token = JWT.decode token, ecdsa_public, true, algorithm: 'ES256'
+
+      expect(decoded_token).to eq [
+        { 'data' => 'test' },
+        { 'alg' => 'ES256' }
+      ]
+    end
+  end
+
+  context 'claims' do
+    let(:hmac_secret) { 'MyP4ssW0rD' }
+
+    context 'exp' do
+      it 'without leeway' do
+        exp = Time.now.to_i + 4 * 3600
+        exp_payload = { data: 'data', exp: exp }
+
+        token = JWT.encode exp_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+
+      it 'with leeway' do
+        exp = Time.now.to_i - 10
+        leeway = 30 # seconds
+
+        exp_payload = { data: 'data', exp: exp }
+
+        token = JWT.encode exp_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, leeway: leeway, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+    end
+
+    context 'nbf' do
+      it 'without leeway' do
+        nbf = Time.now.to_i - 3600
+        nbf_payload = { data: 'data', nbf: nbf }
+        token = JWT.encode nbf_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+
+      it 'with leeway' do
+        nbf = Time.now.to_i + 10
+        leeway = 30
+        nbf_payload = { data: 'data', nbf: nbf }
+        token = JWT.encode nbf_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, leeway: leeway, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+    end
+
+    it 'iss' do
+      iss = 'My Awesome Company Inc. or https://my.awesome.website/'
+      iss_payload = { data: 'data', iss: iss }
+
+      token = JWT.encode iss_payload, hmac_secret, 'HS256'
+
+      expect do
+        JWT.decode token, hmac_secret, true, iss: iss, algorithm: 'HS256'
+      end.not_to raise_error
+    end
+
+    context 'aud' do
+      it 'array' do
+        aud = %w[Young Old]
+        aud_payload = { data: 'data', aud: aud }
+
+        token = JWT.encode aud_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, aud: %w[Old Young], verify_aud: true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+
+      it 'string' do
+        expect do
+        end.not_to raise_error
+      end
+    end
+
+    it 'jti' do
+      iat = Time.now.to_i
+      hmac_secret = 'test'
+      jti_raw = [hmac_secret, iat].join(':').to_s
+      jti = Digest::MD5.hexdigest(jti_raw)
+      jti_payload = { data: 'data', iat: iat, jti: jti }
+
+      token = JWT.encode jti_payload, hmac_secret, 'HS256'
+
+      expect do
+        JWT.decode token, hmac_secret, true, verify_jti: true, algorithm: 'HS256'
+      end.not_to raise_error
+    end
+
+    context 'iat' do
+      it 'without leeway' do
+        iat = Time.now.to_i
+        iat_payload = { data: 'data', iat: iat }
+
+        token = JWT.encode iat_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, verify_iat: true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+
+      it 'with leeway' do
+        iat = Time.now.to_i - 7
+        iat_payload = { data: 'data', iat: iat, leeway: 10 }
+
+        token = JWT.encode iat_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, verify_iat: true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+    end
+
+    context 'custom header fields' do
+      it 'with custom field' do
+        payload = { data: 'test' }
+
+        token = JWT.encode payload, nil, 'none', typ: 'JWT'
+        _, header = JWT.decode token, nil, false
+
+        expect(header['typ']).to eq 'JWT'
+      end
+    end
+
+    it 'sub' do
+      sub = 'Subject'
+      sub_payload = { data: 'data', sub: sub }
+
+      token = JWT.encode sub_payload, hmac_secret, 'HS256'
+
+      expect do
+        JWT.decode token, hmac_secret, true, 'sub' => sub, :verify_sub => true, :algorithm => 'HS256'
+      end.not_to raise_error
+    end
+  end
+end

data/spec/jwt/verify_spec.rb

@@ -0,0 +1,232 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'jwt/verify'
+
+module JWT
+  RSpec.describe Verify do
+    let(:base_payload) { { 'user_id' => 'some@user.tld' } }
+    let(:options) { { leeway: 0 } }
+
+    context '.verify_aud(payload, options)' do
+      let(:scalar_aud) { 'ruby-jwt-aud' }
+      let(:array_aud) { %w[ruby-jwt-aud test-aud ruby-ruby-ruby] }
+      let(:scalar_payload) { base_payload.merge('aud' => scalar_aud) }
+      let(:array_payload) { base_payload.merge('aud' => array_aud) }
+
+      it 'must raise JWT::InvalidAudError when the singular audience does not match' do
+        expect do
+          Verify.verify_aud(scalar_payload, options.merge(aud: 'no-match'))
+        end.to raise_error JWT::InvalidAudError
+      end
+
+      it 'must raise JWT::InvalidAudError when the payload has an array and none match the supplied value' do
+        expect do
+          Verify.verify_aud(array_payload, options.merge(aud: 'no-match'))
+        end.to raise_error JWT::InvalidAudError
+      end
+
+      it 'must allow a matching singular audience to pass' do
+        Verify.verify_aud(scalar_payload, options.merge(aud: scalar_aud))
+      end
+
+      it 'must allow an array with any value matching the one in the options' do
+        Verify.verify_aud(array_payload, options.merge(aud: array_aud.first))
+      end
+
+      it 'must allow an array with any value matching any value in the options array' do
+        Verify.verify_aud(array_payload, options.merge(aud: array_aud))
+      end
+
+      it 'must allow a singular audience payload matching any value in the options array' do
+        Verify.verify_aud(scalar_payload, options.merge(aud: array_aud))
+      end
+    end
+
+    context '.verify_expiration(payload, options)' do
+      let(:payload) { base_payload.merge('exp' => (Time.now.to_i - 5)) }
+
+      it 'must raise JWT::ExpiredSignature when the token has expired' do
+        expect do
+          Verify.verify_expiration(payload, options)
+        end.to raise_error JWT::ExpiredSignature
+      end
+
+      it 'must allow some leeway in the expiration when global leeway is configured' do
+        Verify.verify_expiration(payload, options.merge(leeway: 10))
+      end
+
+      it 'must allow some leeway in the expiration when exp_leeway is configured' do
+        Verify.verify_expiration(payload, options.merge(exp_leeway: 10))
+      end
+
+      it 'must be expired if the exp claim equals the current time' do
+        payload['exp'] = Time.now.to_i
+
+        expect do
+          Verify.verify_expiration(payload, options)
+        end.to raise_error JWT::ExpiredSignature
+      end
+
+      context 'when leeway is not specified' do
+        let(:options) { {} }
+
+        it 'used a default leeway of 0' do
+          expect do
+            Verify.verify_expiration(payload, options)
+          end.to raise_error JWT::ExpiredSignature
+        end
+      end
+    end
+
+    context '.verify_iat(payload, options)' do
+      let(:iat) { Time.now.to_f }
+      let(:payload) { base_payload.merge('iat' => iat) }
+
+      it 'must allow a valid iat' do
+        Verify.verify_iat(payload, options)
+      end
+
+      it 'must allow configured leeway' do
+        Verify.verify_iat(payload.merge('iat' => (iat + 60)), options.merge(leeway: 70))
+      end
+
+      it 'must allow configured iat_leeway' do
+        Verify.verify_iat(payload.merge('iat' => (iat + 60)), options.merge(iat_leeway: 70))
+      end
+
+      it 'must properly handle integer times' do
+        Verify.verify_iat(payload.merge('iat' => Time.now.to_i), options)
+      end
+
+      it 'must raise JWT::InvalidIatError when the iat value is not Numeric' do
+        expect do
+          Verify.verify_iat(payload.merge('iat' => 'not a number'), options)
+        end.to raise_error JWT::InvalidIatError
+      end
+
+      it 'must raise JWT::InvalidIatError when the iat value is in the future' do
+        expect do
+          Verify.verify_iat(payload.merge('iat' => (iat + 120)), options)
+        end.to raise_error JWT::InvalidIatError
+      end
+    end
+
+    context '.verify_iss(payload, options)' do
+      let(:iss) { 'ruby-jwt-gem' }
+      let(:payload) { base_payload.merge('iss' => iss) }
+
+      let(:invalid_token) { JWT.encode base_payload, payload[:secret] }
+
+      context 'when iss is a String' do
+        it 'must raise JWT::InvalidIssuerError when the configured issuer does not match the payload issuer' do
+          expect do
+            Verify.verify_iss(payload, options.merge(iss: 'mismatched-issuer'))
+          end.to raise_error JWT::InvalidIssuerError
+        end
+
+        it 'must raise JWT::InvalidIssuerError when the payload does not include an issuer' do
+          expect do
+            Verify.verify_iss(base_payload, options.merge(iss: iss))
+          end.to raise_error(JWT::InvalidIssuerError, /received <none>/)
+        end
+
+        it 'must allow a matching issuer to pass' do
+          Verify.verify_iss(payload, options.merge(iss: iss))
+        end
+      end
+      context 'when iss is an Array' do
+        it 'must raise JWT::InvalidIssuerError when no matching issuers in array' do
+          expect do
+            Verify.verify_iss(payload, options.merge(iss: %w[first second]))
+          end.to raise_error JWT::InvalidIssuerError
+        end
+
+        it 'must raise JWT::InvalidIssuerError when the payload does not include an issuer' do
+          expect do
+            Verify.verify_iss(base_payload, options.merge(iss: %w[first second]))
+          end.to raise_error(JWT::InvalidIssuerError, /received <none>/)
+        end
+
+        it 'must allow an array with matching issuer to pass' do
+          Verify.verify_iss(payload, options.merge(iss: ['first', iss, 'third']))
+        end
+      end
+    end
+
+    context '.verify_jti(payload, options)' do
+      let(:payload) { base_payload.merge('jti' => 'some-random-uuid-or-whatever') }
+
+      it 'must allow any jti when the verfy_jti key in the options is truthy but not a proc' do
+        Verify.verify_jti(payload, options.merge(verify_jti: true))
+      end
+
+      it 'must raise JWT::InvalidJtiError when the jti is missing' do
+        expect do
+          Verify.verify_jti(base_payload, options)
+        end.to raise_error JWT::InvalidJtiError, /missing/i
+      end
+
+      it 'must raise JWT::InvalidJtiError when the jti is an empty string' do
+        expect do
+          Verify.verify_jti(base_payload.merge('jti' => '   '), options)
+        end.to raise_error JWT::InvalidJtiError, /missing/i
+      end
+
+      it 'must raise JWT::InvalidJtiError when verify_jti proc returns false' do
+        expect do
+          Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti) { false }))
+        end.to raise_error JWT::InvalidJtiError, /invalid/i
+      end
+
+      it 'true proc should not raise JWT::InvalidJtiError' do
+        Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti) { true }))
+      end
+
+      it 'it should not throw arguement error with 2 args' do
+        expect do
+          Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti, pl) {
+            true
+          }))
+        end.to_not raise_error
+      end
+      it 'should have payload as second param in proc' do
+        Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti, pl) {
+          expect(pl).to eq(payload)
+        }))
+      end
+    end
+
+    context '.verify_not_before(payload, options)' do
+      let(:payload) { base_payload.merge('nbf' => (Time.now.to_i + 5)) }
+
+      it 'must raise JWT::ImmatureSignature when the nbf in the payload is in the future' do
+        expect do
+          Verify.verify_not_before(payload, options)
+        end.to raise_error JWT::ImmatureSignature
+      end
+
+      it 'must allow some leeway in the token age when global leeway is configured' do
+        Verify.verify_not_before(payload, options.merge(leeway: 10))
+      end
+
+      it 'must allow some leeway in the token age when nbf_leeway is configured' do
+        Verify.verify_not_before(payload, options.merge(nbf_leeway: 10))
+      end
+    end
+
+    context '.verify_sub(payload, options)' do
+      let(:sub) { 'ruby jwt subject' }
+
+      it 'must raise JWT::InvalidSubError when the subjects do not match' do
+        expect do
+          Verify.verify_sub(base_payload.merge('sub' => 'not-a-match'), options.merge(sub: sub))
+        end.to raise_error JWT::InvalidSubError
+      end
+
+      it 'must allow a matching sub' do
+        Verify.verify_sub(base_payload.merge('sub' => sub), options.merge(sub: sub))
+      end
+    end
+  end
+end