jwt 1.5.6 → 2.2.2

data/lib/jwt.rb

@@ -1,192 +1,30 @@
 # frozen_string_literal: true
-require 'base64'
-require 'openssl'
+
+require 'jwt/base64'
+require 'jwt/json'
 require 'jwt/decode'
+require 'jwt/default_options'
+require 'jwt/encode'
 require 'jwt/error'
-require 'jwt/json'
+require 'jwt/jwk'
 
 # JSON Web Token implementation
 #
 # Should be up to date with the latest spec:
-# https://tools.ietf.org/html/rfc7519#section-4.1.5
+# https://tools.ietf.org/html/rfc7519
 module JWT
-  extend JWT::Json
-
-  NAMED_CURVES = {
-    'prime256v1' => 'ES256',
-    'secp384r1' => 'ES384',
-    'secp521r1' => 'ES512'
-  }.freeze
-
-  DEFAULT_OPTIONS = {
-    verify_expiration: true,
-    verify_not_before: true,
-    verify_iss: false,
-    verify_iat: false,
-    verify_jti: false,
-    verify_aud: false,
-    verify_sub: false,
-    leeway: 0
-  }.freeze
+  include JWT::DefaultOptions
 
   module_function
 
-  def sign(algorithm, msg, key)
-    if %w(HS256 HS384 HS512).include?(algorithm)
-      sign_hmac(algorithm, msg, key)
-    elsif %w(RS256 RS384 RS512).include?(algorithm)
-      sign_rsa(algorithm, msg, key)
-    elsif %w(ES256 ES384 ES512).include?(algorithm)
-      sign_ecdsa(algorithm, msg, key)
-    else
-      raise NotImplementedError, 'Unsupported signing method'
-    end
-  end
-
-  def sign_rsa(algorithm, msg, private_key)
-    private_key.sign(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), msg)
-  end
-
-  def sign_ecdsa(algorithm, msg, private_key)
-    key_algorithm = NAMED_CURVES[private_key.group.curve_name]
-    if algorithm != key_algorithm
-      raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} signing key was provided"
-    end
-
-    digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
-    asn1_to_raw(private_key.dsa_sign_asn1(digest.digest(msg)), private_key)
-  end
-
-  def verify_rsa(algorithm, public_key, signing_input, signature)
-    public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
-  end
-
-  def verify_ecdsa(algorithm, public_key, signing_input, signature)
-    key_algorithm = NAMED_CURVES[public_key.group.curve_name]
-    if algorithm != key_algorithm
-      raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided"
-    end
-
-    digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
-    public_key.dsa_verify_asn1(digest.digest(signing_input), raw_to_asn1(signature, public_key))
-  end
-
-  def sign_hmac(algorithm, msg, key)
-    OpenSSL::HMAC.digest(OpenSSL::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
-  end
-
-  def base64url_encode(str)
-    Base64.encode64(str).tr('+/', '-_').gsub(/[\n=]/, '')
-  end
-
-  def encoded_header(algorithm = 'HS256', header_fields = {})
-    header = { 'typ' => 'JWT', 'alg' => algorithm }.merge(header_fields)
-    base64url_encode(encode_json(header))
-  end
-
-  def encoded_payload(payload)
-    raise InvalidPayload, 'exp claim must be an integer' if payload['exp'] && payload['exp'].is_a?(Time)
-    base64url_encode(encode_json(payload))
-  end
-
-  def encoded_signature(signing_input, key, algorithm)
-    if algorithm == 'none'
-      ''
-    else
-      signature = sign(algorithm, signing_input, key)
-      base64url_encode(signature)
-    end
-  end
-
   def encode(payload, key, algorithm = 'HS256', header_fields = {})
-    algorithm ||= 'none'
-    segments = []
-    segments << encoded_header(algorithm, header_fields)
-    segments << encoded_payload(payload)
-    segments << encoded_signature(segments.join('.'), key, algorithm)
-    segments.join('.')
-  end
-
-  def decoded_segments(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
-    raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
-
-    merged_options = DEFAULT_OPTIONS.merge(custom_options)
-
-    decoder = Decode.new jwt, key, verify, merged_options, &keyfinder
-    decoder.decode_segments
-  end
-
-  def decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
-    raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
-
-    merged_options = DEFAULT_OPTIONS.merge(custom_options)
-    decoder = Decode.new jwt, key, verify, merged_options, &keyfinder
-    header, payload, signature, signing_input = decoder.decode_segments
-    decode_verify_signature(key, header, signature, signing_input, merged_options, &keyfinder) if verify
-    decoder.verify
-
-    raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
-
-    [payload, header]
-  end
-
-  def decode_verify_signature(key, header, signature, signing_input, options, &keyfinder)
-    algo, key = signature_algorithm_and_key(header, key, &keyfinder)
-    if options[:algorithm] && algo != options[:algorithm]
-      raise JWT::IncorrectAlgorithm, 'Expected a different algorithm'
-    end
-    verify_signature(algo, key, signing_input, signature)
-  end
-
-  def signature_algorithm_and_key(header, key, &keyfinder)
-    key = yield(header) if keyfinder
-    [header['alg'], key]
-  end
-
-  def verify_signature(algo, key, signing_input, signature)
-    verify_signature_algo(algo, key, signing_input, signature)
-  rescue OpenSSL::PKey::PKeyError
-    raise JWT::VerificationError, 'Signature verification raised'
-  ensure
-    OpenSSL.errors.clear
-  end
-
-  def verify_signature_algo(algo, key, signing_input, signature)
-    if %w(HS256 HS384 HS512).include?(algo)
-      raise(JWT::VerificationError, 'Signature verification raised') unless secure_compare(signature, sign_hmac(algo, signing_input, key))
-    elsif %w(RS256 RS384 RS512).include?(algo)
-      raise(JWT::VerificationError, 'Signature verification raised') unless verify_rsa(algo, key, signing_input, signature)
-    elsif %w(ES256 ES384 ES512).include?(algo)
-      raise(JWT::VerificationError, 'Signature verification raised') unless verify_ecdsa(algo, key, signing_input, signature)
-    else
-      raise JWT::VerificationError, 'Algorithm not supported'
-    end
-  end
-
-  # From devise
-  # constant-time comparison algorithm to prevent timing attacks
-  def secure_compare(a, b)
-    return false if a.nil? || b.nil? || a.empty? || b.empty? || a.bytesize != b.bytesize
-    l = a.unpack "C#{a.bytesize}"
-
-    res = 0
-    b.each_byte { |byte| res |= byte ^ l.shift }
-    res.zero?
-  end
-
-  def raw_to_asn1(signature, private_key)
-    byte_size = (private_key.group.degree + 7) / 8
-    r = signature[0..(byte_size - 1)]
-    s = signature[byte_size..-1]
-    OpenSSL::ASN1::Sequence.new([r, s].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
-  end
-
-  def asn1_to_raw(signature, public_key)
-    byte_size = (public_key.group.degree + 7) / 8
-    OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
+    Encode.new(payload: payload,
+               key: key,
+               algorithm: algorithm,
+               headers: header_fields).segments
   end
 
-  def base64url_decode(str)
-    Decode.base64url_decode(str)
+  def decode(jwt, key = nil, verify = true, options = {}, &keyfinder)
+    Decode.new(jwt, key, verify, DEFAULT_OPTIONS.merge(options), &keyfinder).decode_segments
   end
 end

data/lib/jwt/algos/ecdsa.rb

@@ -0,0 +1,35 @@
+module JWT
+  module Algos
+    module Ecdsa
+      module_function
+
+      SUPPORTED = %w[ES256 ES384 ES512].freeze
+      NAMED_CURVES = {
+        'prime256v1' => 'ES256',
+        'secp384r1' => 'ES384',
+        'secp521r1' => 'ES512'
+      }.freeze
+
+      def sign(to_sign)
+        algorithm, msg, key = to_sign.values
+        key_algorithm = NAMED_CURVES[key.group.curve_name]
+        if algorithm != key_algorithm
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} signing key was provided"
+        end
+
+        digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
+        SecurityUtils.asn1_to_raw(key.dsa_sign_asn1(digest.digest(msg)), key)
+      end
+
+      def verify(to_verify)
+        algorithm, public_key, signing_input, signature = to_verify.values
+        key_algorithm = NAMED_CURVES[public_key.group.curve_name]
+        if algorithm != key_algorithm
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided"
+        end
+        digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
+        public_key.dsa_verify_asn1(digest.digest(signing_input), SecurityUtils.raw_to_asn1(signature, public_key))
+      end
+    end
+  end
+end

data/lib/jwt/algos/eddsa.rb

@@ -0,0 +1,23 @@
+module JWT
+  module Algos
+    module Eddsa
+      module_function
+
+      SUPPORTED = %w[ED25519].freeze
+
+      def sign(to_sign)
+        algorithm, msg, key = to_sign.values
+        raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey" if key.class != RbNaCl::Signatures::Ed25519::SigningKey
+        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"  if algorithm.downcase.to_sym != key.primitive
+        key.sign(msg)
+      end
+
+      def verify(to_verify)
+        algorithm, public_key, signing_input, signature = to_verify.values
+        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{public_key.primitive} verification key was provided" if algorithm.downcase.to_sym != public_key.primitive
+        raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey" if public_key.class != RbNaCl::Signatures::Ed25519::VerifyKey
+        public_key.verify(signature, signing_input)
+      end
+    end
+  end
+end

data/lib/jwt/algos/hmac.rb

@@ -0,0 +1,34 @@
+module JWT
+  module Algos
+    module Hmac
+      module_function
+
+      SUPPORTED = %w[HS256 HS512256 HS384 HS512].freeze
+
+      def sign(to_sign)
+        algorithm, msg, key = to_sign.values
+        key ||= ''
+        authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, key)
+        if authenticator && padded_key
+          authenticator.auth(padded_key, msg.encode('binary'))
+        else
+          OpenSSL::HMAC.digest(OpenSSL::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
+        end
+      end
+
+      def verify(to_verify)
+        algorithm, public_key, signing_input, signature = to_verify.values
+        authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, public_key)
+        if authenticator && padded_key
+          begin
+            authenticator.verify(padded_key, signature.encode('binary'), signing_input.encode('binary'))
+          rescue RbNaCl::BadAuthenticatorError
+            false
+          end
+        else
+          SecurityUtils.secure_compare(signature, sign(JWT::Signature::ToSign.new(algorithm, signing_input, public_key)))
+        end
+      end
+    end
+  end
+end

data/lib/jwt/algos/ps.rb

@@ -0,0 +1,43 @@
+module JWT
+  module Algos
+    module Ps
+      # RSASSA-PSS signing algorithms
+
+      module_function
+
+      SUPPORTED = %w[PS256 PS384 PS512].freeze
+
+      def sign(to_sign)
+        require_openssl!
+
+        algorithm, msg, key = to_sign.values
+
+        key_class = key.class
+
+        raise EncodeError, "The given key is a #{key_class}. It has to be an OpenSSL::PKey::RSA instance." if key_class == String
+
+        translated_algorithm = algorithm.sub('PS', 'sha')
+
+        key.sign_pss(translated_algorithm, msg, salt_length: :digest, mgf1_hash: translated_algorithm)
+      end
+
+      def verify(to_verify)
+        require_openssl!
+
+        SecurityUtils.verify_ps(to_verify.algorithm, to_verify.public_key, to_verify.signing_input, to_verify.signature)
+      end
+
+      def require_openssl!
+        if Object.const_defined?('OpenSSL')
+          major, minor = OpenSSL::VERSION.split('.').first(2)
+
+          unless major.to_i >= 2 && minor.to_i >= 1
+            raise JWT::RequiredDependencyError, "You currently have OpenSSL #{OpenSSL::VERSION}. PS support requires >= 2.1"
+          end
+        else
+          raise JWT::RequiredDependencyError, 'PS signing requires OpenSSL +2.1'
+        end
+      end
+    end
+  end
+end

data/lib/jwt/algos/rsa.rb

@@ -0,0 +1,19 @@
+module JWT
+  module Algos
+    module Rsa
+      module_function
+
+      SUPPORTED = %w[RS256 RS384 RS512].freeze
+
+      def sign(to_sign)
+        algorithm, msg, key = to_sign.values
+        raise EncodeError, "The given key is a #{key.class}. It has to be an OpenSSL::PKey::RSA instance." if key.class == String
+        key.sign(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), msg)
+      end
+
+      def verify(to_verify)
+        SecurityUtils.verify_rsa(to_verify.algorithm, to_verify.public_key, to_verify.signing_input, to_verify.signature)
+      end
+    end
+  end
+end

data/lib/jwt/algos/unsupported.rb

@@ -0,0 +1,16 @@
+module JWT
+  module Algos
+    module Unsupported
+      module_function
+
+      SUPPORTED = Object.new.tap { |object| object.define_singleton_method(:include?) { |*| true } }
+      def verify(*)
+        raise JWT::VerificationError, 'Algorithm not supported'
+      end
+
+      def sign(*)
+        raise NotImplementedError, 'Unsupported signing method'
+      end
+    end
+  end
+end

data/lib/jwt/base64.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'base64'
+
+module JWT
+  # Base64 helpers
+  class Base64
+    class << self
+      def url_encode(str)
+        ::Base64.encode64(str).tr('+/', '-_').gsub(/[\n=]/, '')
+      end
+
+      def url_decode(str)
+        str += '=' * (4 - str.length.modulo(4))
+        ::Base64.decode64(str.tr('-_', '+/'))
+      end
+    end
+  end
+end

data/lib/jwt/claims_validator.rb

@@ -0,0 +1,33 @@
+require_relative './error'
+
+module JWT
+  class ClaimsValidator
+    INTEGER_CLAIMS = %i[
+      exp
+      iat
+      nbf
+    ].freeze
+
+    def initialize(payload)
+      @payload = payload.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }
+    end
+
+    def validate!
+      validate_int_claims
+
+      true
+    end
+
+    private
+
+    def validate_int_claims
+      INTEGER_CLAIMS.each do |claim|
+        validate_is_int(claim) if @payload.key?(claim)
+      end
+    end
+
+    def validate_is_int(claim)
+      raise InvalidPayload, "#{claim} claim must be an Integer but it is a #{@payload[claim].class}" unless @payload[claim].is_a?(Integer)
+    end
+  end
+end

data/lib/jwt/decode.rb

@@ -1,57 +1,107 @@
 # frozen_string_literal: true
-require 'jwt/json'
-require 'jwt/verify'
 
+require 'json'
+
+require 'jwt/signature'
+require 'jwt/verify'
 # JWT::Decode module
 module JWT
-  extend JWT::Json
-
   # Decoding logic for JWT
   class Decode
-    attr_reader :header, :payload, :signature
-
     def initialize(jwt, key, verify, options, &keyfinder)
+      raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
       @jwt = jwt
       @key = key
-      @verify = verify
       @options = options
+      @segments = jwt.split('.')
+      @verify = verify
+      @signature = ''
       @keyfinder = keyfinder
     end
 
     def decode_segments
-      header_segment, payload_segment, crypto_segment = raw_segments(@jwt, @verify)
-      @header, @payload = decode_header_and_payload(header_segment, payload_segment)
-      @signature = Decode.base64url_decode(crypto_segment.to_s) if @verify
-      signing_input = [header_segment, payload_segment].join('.')
-      [@header, @payload, @signature, signing_input]
+      validate_segment_count!
+      if @verify
+        decode_crypto
+        verify_signature
+        verify_claims
+      end
+      raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
+      [payload, header]
     end
 
-    def raw_segments(jwt, verify)
-      segments = jwt.split('.')
-      required_num_segments = verify ? [3] : [2, 3]
-      raise(JWT::DecodeError, 'Not enough or too many segments') unless required_num_segments.include? segments.length
-      segments
+    private
+
+    def verify_signature
+      raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
+      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
+
+      @key = find_key(&@keyfinder) if @keyfinder
+      @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
+
+      Signature.verify(header['alg'], @key, signing_input, @signature)
     end
-    private :raw_segments
 
-    def decode_header_and_payload(header_segment, payload_segment)
-      header = JWT.decode_json(Decode.base64url_decode(header_segment))
-      payload = JWT.decode_json(Decode.base64url_decode(payload_segment))
-      [header, payload]
+    def options_includes_algo_in_header?
+      allowed_algorithms.include? header['alg']
     end
-    private :decode_header_and_payload
 
-    def self.base64url_decode(str)
-      str += '=' * (4 - str.length.modulo(4))
-      Base64.decode64(str.tr('-_', '+/'))
+    def allowed_algorithms
+      # Order is very important - first check for string keys, next for symbols
+      if @options.key?('algorithm')
+        [@options['algorithm']]
+      elsif @options.key?(:algorithm)
+        [@options[:algorithm]]
+      elsif @options.key?('algorithms')
+        @options['algorithms'] || []
+      elsif @options.key?(:algorithms)
+        @options[:algorithms] || []
+      else
+        []
+      end
     end
 
-    def verify
-      @options.each do |key, val|
-        next unless key.to_s =~ /verify/
+    def find_key(&keyfinder)
+      key = (keyfinder.arity == 2 ? yield(header, payload) : yield(header))
+      raise JWT::DecodeError, 'No verification key available' unless key
+      key
+    end
 
-        Verify.send(key, payload, @options) if val
-      end
+    def verify_claims
+      Verify.verify_claims(payload, @options)
+    end
+
+    def validate_segment_count!
+      return if segment_length == 3
+      return if !@verify && segment_length == 2 # If no verifying required, the signature is not needed
+
+      raise(JWT::DecodeError, 'Not enough or too many segments')
+    end
+
+    def segment_length
+      @segments.count
+    end
+
+    def decode_crypto
+      @signature = JWT::Base64.url_decode(@segments[2])
+    end
+
+    def header
+      @header ||= parse_and_decode @segments[0]
+    end
+
+    def payload
+      @payload ||= parse_and_decode @segments[1]
+    end
+
+    def signing_input
+      @segments.first(2).join('.')
+    end
+
+    def parse_and_decode(segment)
+      JWT::JSON.parse(JWT::Base64.url_decode(segment))
+    rescue ::JSON::ParserError
+      raise JWT::DecodeError, 'Invalid segment encoding'
     end
   end
 end