jwt 2.0.0 → 2.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.ebert.yml +2 -1
- data/.gitignore +1 -1
- data/.travis.yml +18 -3
- data/AUTHORS +84 -0
- data/Appraisals +18 -0
- data/CHANGELOG.md +223 -18
- data/README.md +136 -81
- data/lib/jwt.rb +9 -40
- data/lib/jwt/algos/ecdsa.rb +35 -0
- data/lib/jwt/algos/eddsa.rb +23 -0
- data/lib/jwt/algos/hmac.rb +34 -0
- data/lib/jwt/algos/ps.rb +43 -0
- data/lib/jwt/algos/rsa.rb +19 -0
- data/lib/jwt/algos/unsupported.rb +16 -0
- data/lib/jwt/base64.rb +19 -0
- data/lib/jwt/claims_validator.rb +33 -0
- data/lib/jwt/decode.rb +83 -25
- data/lib/jwt/default_options.rb +2 -1
- data/lib/jwt/encode.rb +42 -25
- data/lib/jwt/error.rb +4 -0
- data/lib/jwt/json.rb +18 -0
- data/lib/jwt/jwk.rb +31 -0
- data/lib/jwt/jwk/key_finder.rb +57 -0
- data/lib/jwt/jwk/rsa.rb +54 -0
- data/lib/jwt/security_utils.rb +6 -1
- data/lib/jwt/signature.rb +27 -79
- data/lib/jwt/verify.rb +5 -8
- data/lib/jwt/version.rb +2 -2
- data/ruby-jwt.gemspec +7 -4
- metadata +54 -63
- data/.reek.yml +0 -40
- data/Manifest +0 -8
- data/spec/fixtures/certs/ec256-private.pem +0 -8
- data/spec/fixtures/certs/ec256-public.pem +0 -4
- data/spec/fixtures/certs/ec256-wrong-private.pem +0 -8
- data/spec/fixtures/certs/ec256-wrong-public.pem +0 -4
- data/spec/fixtures/certs/ec384-private.pem +0 -9
- data/spec/fixtures/certs/ec384-public.pem +0 -5
- data/spec/fixtures/certs/ec384-wrong-private.pem +0 -9
- data/spec/fixtures/certs/ec384-wrong-public.pem +0 -5
- data/spec/fixtures/certs/ec512-private.pem +0 -10
- data/spec/fixtures/certs/ec512-public.pem +0 -6
- data/spec/fixtures/certs/ec512-wrong-private.pem +0 -10
- data/spec/fixtures/certs/ec512-wrong-public.pem +0 -6
- data/spec/fixtures/certs/rsa-1024-private.pem +0 -15
- data/spec/fixtures/certs/rsa-1024-public.pem +0 -6
- data/spec/fixtures/certs/rsa-2048-private.pem +0 -27
- data/spec/fixtures/certs/rsa-2048-public.pem +0 -9
- data/spec/fixtures/certs/rsa-2048-wrong-private.pem +0 -27
- data/spec/fixtures/certs/rsa-2048-wrong-public.pem +0 -9
- data/spec/fixtures/certs/rsa-4096-private.pem +0 -51
- data/spec/fixtures/certs/rsa-4096-public.pem +0 -14
- data/spec/integration/readme_examples_spec.rb +0 -202
- data/spec/jwt/verify_spec.rb +0 -219
- data/spec/jwt_spec.rb +0 -257
- data/spec/spec_helper.rb +0 -28
data/lib/jwt/error.rb
CHANGED
@@ -3,6 +3,8 @@
|
|
3
3
|
module JWT
|
4
4
|
class EncodeError < StandardError; end
|
5
5
|
class DecodeError < StandardError; end
|
6
|
+
class RequiredDependencyError < StandardError; end
|
7
|
+
|
6
8
|
class VerificationError < DecodeError; end
|
7
9
|
class ExpiredSignature < DecodeError; end
|
8
10
|
class IncorrectAlgorithm < DecodeError; end
|
@@ -13,4 +15,6 @@ module JWT
|
|
13
15
|
class InvalidSubError < DecodeError; end
|
14
16
|
class InvalidJtiError < DecodeError; end
|
15
17
|
class InvalidPayload < DecodeError; end
|
18
|
+
|
19
|
+
class JWKError < DecodeError; end
|
16
20
|
end
|
data/lib/jwt/json.rb
ADDED
data/lib/jwt/jwk.rb
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'jwk/rsa'
|
4
|
+
require_relative 'jwk/key_finder'
|
5
|
+
|
6
|
+
module JWT
|
7
|
+
module JWK
|
8
|
+
MAPPINGS = {
|
9
|
+
'RSA' => ::JWT::JWK::RSA,
|
10
|
+
OpenSSL::PKey::RSA => ::JWT::JWK::RSA
|
11
|
+
}.freeze
|
12
|
+
|
13
|
+
class << self
|
14
|
+
def import(jwk_data)
|
15
|
+
raise JWT::JWKError, 'Key type (kty) not provided' unless jwk_data[:kty]
|
16
|
+
|
17
|
+
MAPPINGS.fetch(jwk_data[:kty].to_s) do |kty|
|
18
|
+
raise JWT::JWKError, "Key type #{kty} not supported"
|
19
|
+
end.import(jwk_data)
|
20
|
+
end
|
21
|
+
|
22
|
+
def create_from(keypair)
|
23
|
+
MAPPINGS.fetch(keypair.class) do |klass|
|
24
|
+
raise JWT::JWKError, "Cannot create JWK from a #{klass.name}"
|
25
|
+
end.new(keypair)
|
26
|
+
end
|
27
|
+
|
28
|
+
alias new create_from
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module JWT
|
4
|
+
module JWK
|
5
|
+
class KeyFinder
|
6
|
+
def initialize(options)
|
7
|
+
jwks_or_loader = options[:jwks]
|
8
|
+
@jwks = jwks_or_loader if jwks_or_loader.is_a?(Hash)
|
9
|
+
@jwk_loader = jwks_or_loader if jwks_or_loader.respond_to?(:call)
|
10
|
+
end
|
11
|
+
|
12
|
+
def key_for(kid)
|
13
|
+
raise ::JWT::DecodeError, 'No key id (kid) found from token headers' unless kid
|
14
|
+
|
15
|
+
jwk = resolve_key(kid)
|
16
|
+
|
17
|
+
raise ::JWT::DecodeError, "Could not find public key for kid #{kid}" unless jwk
|
18
|
+
|
19
|
+
::JWT::JWK.import(jwk).keypair
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
|
24
|
+
def resolve_key(kid)
|
25
|
+
jwk = find_key(kid)
|
26
|
+
|
27
|
+
return jwk if jwk
|
28
|
+
|
29
|
+
if reloadable?
|
30
|
+
load_keys(invalidate: true)
|
31
|
+
return find_key(kid)
|
32
|
+
end
|
33
|
+
|
34
|
+
nil
|
35
|
+
end
|
36
|
+
|
37
|
+
def jwks
|
38
|
+
return @jwks if @jwks
|
39
|
+
|
40
|
+
load_keys
|
41
|
+
@jwks
|
42
|
+
end
|
43
|
+
|
44
|
+
def load_keys(opts = {})
|
45
|
+
@jwks = @jwk_loader.call(opts)
|
46
|
+
end
|
47
|
+
|
48
|
+
def find_key(kid)
|
49
|
+
Array(jwks[:keys]).find { |key| key[:kid] == kid }
|
50
|
+
end
|
51
|
+
|
52
|
+
def reloadable?
|
53
|
+
@jwk_loader
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
data/lib/jwt/jwk/rsa.rb
ADDED
@@ -0,0 +1,54 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module JWT
|
4
|
+
module JWK
|
5
|
+
class RSA
|
6
|
+
attr_reader :keypair
|
7
|
+
|
8
|
+
BINARY = 2
|
9
|
+
KTY = 'RSA'.freeze
|
10
|
+
|
11
|
+
def initialize(keypair)
|
12
|
+
raise ArgumentError, 'keypair must be of type OpenSSL::PKey::RSA' unless keypair.is_a?(OpenSSL::PKey::RSA)
|
13
|
+
|
14
|
+
@keypair = keypair
|
15
|
+
end
|
16
|
+
|
17
|
+
def private?
|
18
|
+
keypair.private?
|
19
|
+
end
|
20
|
+
|
21
|
+
def public_key
|
22
|
+
keypair.public_key
|
23
|
+
end
|
24
|
+
|
25
|
+
def kid
|
26
|
+
sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(public_key.n),
|
27
|
+
OpenSSL::ASN1::Integer.new(public_key.e)])
|
28
|
+
OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
|
29
|
+
end
|
30
|
+
|
31
|
+
def export
|
32
|
+
{
|
33
|
+
kty: KTY,
|
34
|
+
n: ::Base64.urlsafe_encode64(public_key.n.to_s(BINARY), padding: false),
|
35
|
+
e: ::Base64.urlsafe_encode64(public_key.e.to_s(BINARY), padding: false),
|
36
|
+
kid: kid
|
37
|
+
}
|
38
|
+
end
|
39
|
+
|
40
|
+
def self.import(jwk_data)
|
41
|
+
imported_key = OpenSSL::PKey::RSA.new
|
42
|
+
if imported_key.respond_to?(:set_key)
|
43
|
+
imported_key.set_key(OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:n]), BINARY),
|
44
|
+
OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:e]), BINARY),
|
45
|
+
nil)
|
46
|
+
else
|
47
|
+
imported_key.n = OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:n]), BINARY)
|
48
|
+
imported_key.e = OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:e]), BINARY)
|
49
|
+
end
|
50
|
+
self.new(imported_key)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
data/lib/jwt/security_utils.rb
CHANGED
@@ -3,7 +3,6 @@ module JWT
|
|
3
3
|
#
|
4
4
|
# @see: https://github.com/rails/rails/blob/master/activesupport/lib/active_support/security_utils.rb
|
5
5
|
module SecurityUtils
|
6
|
-
|
7
6
|
module_function
|
8
7
|
|
9
8
|
def secure_compare(left, right)
|
@@ -21,6 +20,12 @@ module JWT
|
|
21
20
|
public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
|
22
21
|
end
|
23
22
|
|
23
|
+
def verify_ps(algorithm, public_key, signing_input, signature)
|
24
|
+
formatted_algorithm = algorithm.sub('PS', 'sha')
|
25
|
+
|
26
|
+
public_key.verify_pss(formatted_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: formatted_algorithm)
|
27
|
+
end
|
28
|
+
|
24
29
|
def asn1_to_raw(signature, public_key)
|
25
30
|
byte_size = (public_key.group.degree + 7) / 8
|
26
31
|
OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
|
data/lib/jwt/signature.rb
CHANGED
@@ -2,10 +2,16 @@
|
|
2
2
|
|
3
3
|
require 'jwt/security_utils'
|
4
4
|
require 'openssl'
|
5
|
+
require 'jwt/algos/hmac'
|
6
|
+
require 'jwt/algos/eddsa'
|
7
|
+
require 'jwt/algos/ecdsa'
|
8
|
+
require 'jwt/algos/rsa'
|
9
|
+
require 'jwt/algos/ps'
|
10
|
+
require 'jwt/algos/unsupported'
|
5
11
|
begin
|
6
12
|
require 'rbnacl'
|
7
|
-
rescue LoadError
|
8
|
-
|
13
|
+
rescue LoadError
|
14
|
+
raise if defined?(RbNaCl)
|
9
15
|
end
|
10
16
|
|
11
17
|
# JWT::Signature module
|
@@ -13,94 +19,36 @@ module JWT
|
|
13
19
|
# Signature logic for JWT
|
14
20
|
module Signature
|
15
21
|
extend self
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
22
|
+
ALGOS = [
|
23
|
+
Algos::Hmac,
|
24
|
+
Algos::Ecdsa,
|
25
|
+
Algos::Rsa,
|
26
|
+
Algos::Eddsa,
|
27
|
+
Algos::Ps,
|
28
|
+
Algos::Unsupported
|
29
|
+
].freeze
|
30
|
+
ToSign = Struct.new(:algorithm, :msg, :key)
|
31
|
+
ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
|
26
32
|
|
27
33
|
def sign(algorithm, msg, key)
|
28
|
-
|
29
|
-
|
30
|
-
elsif RSA_ALGORITHMS.include?(algorithm)
|
31
|
-
sign_rsa(algorithm, msg, key)
|
32
|
-
elsif ECDSA_ALGORITHMS.include?(algorithm)
|
33
|
-
sign_ecdsa(algorithm, msg, key)
|
34
|
-
else
|
35
|
-
raise NotImplementedError, 'Unsupported signing method'
|
34
|
+
algo = ALGOS.find do |alg|
|
35
|
+
alg.const_get(:SUPPORTED).include? algorithm
|
36
36
|
end
|
37
|
+
algo.sign ToSign.new(algorithm, msg, key)
|
37
38
|
end
|
38
39
|
|
39
|
-
def verify(
|
40
|
-
|
41
|
-
verify_hmac(algo, key, signing_input, signature)
|
42
|
-
elsif RSA_ALGORITHMS.include?(algo)
|
43
|
-
SecurityUtils.verify_rsa(algo, key, signing_input, signature)
|
44
|
-
elsif ECDSA_ALGORITHMS.include?(algo)
|
45
|
-
verify_ecdsa(algo, key, signing_input, signature)
|
46
|
-
else
|
47
|
-
raise JWT::VerificationError, 'Algorithm not supported'
|
48
|
-
end
|
40
|
+
def verify(algorithm, key, signing_input, signature)
|
41
|
+
raise JWT::DecodeError, 'No verification key available' unless key
|
49
42
|
|
43
|
+
algo = ALGOS.find do |alg|
|
44
|
+
alg.const_get(:SUPPORTED).include? algorithm
|
45
|
+
end
|
46
|
+
verified = algo.verify(ToVerify.new(algorithm, key, signing_input, signature))
|
50
47
|
raise(JWT::VerificationError, 'Signature verification raised') unless verified
|
51
48
|
rescue OpenSSL::PKey::PKeyError
|
52
49
|
raise JWT::VerificationError, 'Signature verification raised'
|
53
50
|
ensure
|
54
51
|
OpenSSL.errors.clear
|
55
52
|
end
|
56
|
-
|
57
|
-
private
|
58
|
-
|
59
|
-
def sign_rsa(algorithm, msg, private_key)
|
60
|
-
raise EncodeError, "The given key is a #{private_key.class}. It has to be an OpenSSL::PKey::RSA instance." if private_key.class == String
|
61
|
-
private_key.sign(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), msg)
|
62
|
-
end
|
63
|
-
|
64
|
-
def sign_ecdsa(algorithm, msg, private_key)
|
65
|
-
key_algorithm = NAMED_CURVES[private_key.group.curve_name]
|
66
|
-
if algorithm != key_algorithm
|
67
|
-
raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} signing key was provided"
|
68
|
-
end
|
69
|
-
|
70
|
-
digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
|
71
|
-
SecurityUtils.asn1_to_raw(private_key.dsa_sign_asn1(digest.digest(msg)), private_key)
|
72
|
-
end
|
73
|
-
|
74
|
-
def sign_hmac(algorithm, msg, key)
|
75
|
-
authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, key)
|
76
|
-
if authenticator && padded_key
|
77
|
-
authenticator.auth(padded_key, msg.encode('binary'))
|
78
|
-
else
|
79
|
-
OpenSSL::HMAC.digest(OpenSSL::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
|
-
def verify_ecdsa(algorithm, public_key, signing_input, signature)
|
84
|
-
key_algorithm = NAMED_CURVES[public_key.group.curve_name]
|
85
|
-
if algorithm != key_algorithm
|
86
|
-
raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided"
|
87
|
-
end
|
88
|
-
|
89
|
-
digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
|
90
|
-
public_key.dsa_verify_asn1(digest.digest(signing_input), SecurityUtils.raw_to_asn1(signature, public_key))
|
91
|
-
end
|
92
|
-
|
93
|
-
def verify_hmac(algorithm, public_key, signing_input, signature)
|
94
|
-
authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, public_key)
|
95
|
-
if authenticator && padded_key
|
96
|
-
begin
|
97
|
-
authenticator.verify(padded_key, signature.encode('binary'), signing_input.encode('binary'))
|
98
|
-
rescue RbNaCl::BadAuthenticatorError
|
99
|
-
false
|
100
|
-
end
|
101
|
-
else
|
102
|
-
SecurityUtils.secure_compare(signature, sign_hmac(algorithm, signing_input, public_key))
|
103
|
-
end
|
104
|
-
end
|
105
53
|
end
|
106
54
|
end
|
data/lib/jwt/verify.rb
CHANGED
@@ -45,16 +45,16 @@ module JWT
|
|
45
45
|
return unless @payload.include?('iat')
|
46
46
|
|
47
47
|
iat = @payload['iat']
|
48
|
-
raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f >
|
48
|
+
raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
|
49
49
|
end
|
50
50
|
|
51
51
|
def verify_iss
|
52
52
|
return unless (options_iss = @options[:iss])
|
53
53
|
|
54
54
|
iss = @payload['iss']
|
55
|
-
|
55
|
+
|
56
56
|
return if Array(options_iss).map(&:to_s).include?(iss.to_s)
|
57
|
-
|
57
|
+
|
58
58
|
raise(JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{iss || '<none>'}")
|
59
59
|
end
|
60
60
|
|
@@ -63,7 +63,8 @@ module JWT
|
|
63
63
|
jti = @payload['jti']
|
64
64
|
|
65
65
|
if options_verify_jti.respond_to?(:call)
|
66
|
-
|
66
|
+
verified = options_verify_jti.arity == 2 ? options_verify_jti.call(jti, @payload) : options_verify_jti.call(jti)
|
67
|
+
raise(JWT::InvalidJtiError, 'Invalid jti') unless verified
|
67
68
|
elsif jti.to_s.strip.empty?
|
68
69
|
raise(JWT::InvalidJtiError, 'Missing jti')
|
69
70
|
end
|
@@ -90,10 +91,6 @@ module JWT
|
|
90
91
|
@options[:exp_leeway] || global_leeway
|
91
92
|
end
|
92
93
|
|
93
|
-
def iat_leeway
|
94
|
-
@options[:iat_leeway] || global_leeway
|
95
|
-
end
|
96
|
-
|
97
94
|
def nbf_leeway
|
98
95
|
@options[:nbf_leeway] || global_leeway
|
99
96
|
end
|
data/lib/jwt/version.rb
CHANGED
data/ruby-jwt.gemspec
CHANGED
@@ -11,21 +11,24 @@ Gem::Specification.new do |spec|
|
|
11
11
|
spec.email = 'timrudat@gmail.com'
|
12
12
|
spec.summary = 'JSON Web Token implementation in Ruby'
|
13
13
|
spec.description = 'A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.'
|
14
|
-
spec.homepage = '
|
14
|
+
spec.homepage = 'https://github.com/jwt/ruby-jwt'
|
15
15
|
spec.license = 'MIT'
|
16
16
|
spec.required_ruby_version = '>= 2.1'
|
17
17
|
|
18
|
-
spec.files = `git ls-files -z`.split("\x0")
|
19
|
-
spec.executables =
|
18
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|gemfiles|coverage|bin)/}) }
|
19
|
+
spec.executables = []
|
20
20
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
21
21
|
spec.require_paths = %w[lib]
|
22
22
|
|
23
|
+
spec.add_development_dependency 'appraisal'
|
23
24
|
spec.add_development_dependency 'bundler'
|
24
25
|
spec.add_development_dependency 'rake'
|
25
26
|
spec.add_development_dependency 'rspec'
|
26
|
-
spec.add_development_dependency 'simplecov'
|
27
|
+
spec.add_development_dependency 'simplecov', '< 0.18'
|
27
28
|
spec.add_development_dependency 'simplecov-json'
|
28
29
|
spec.add_development_dependency 'codeclimate-test-reporter'
|
29
30
|
spec.add_development_dependency 'codacy-coverage'
|
30
31
|
spec.add_development_dependency 'rbnacl'
|
32
|
+
# RSASSA-PSS support provided by OpenSSL +2.1
|
33
|
+
spec.add_development_dependency 'openssl', '~> 2.1'
|
31
34
|
end
|
metadata
CHANGED
@@ -1,17 +1,17 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Rudat
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-08-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: appraisal
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
@@ -25,7 +25,7 @@ dependencies:
|
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
28
|
+
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - ">="
|
@@ -39,7 +39,7 @@ dependencies:
|
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
42
|
+
name: rake
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - ">="
|
@@ -53,7 +53,7 @@ dependencies:
|
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
56
|
+
name: rspec
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - ">="
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: simplecov
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "<"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0.18'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "<"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0.18'
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
84
|
name: simplecov-json
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -122,6 +136,20 @@ dependencies:
|
|
122
136
|
- - ">="
|
123
137
|
- !ruby/object:Gem::Version
|
124
138
|
version: '0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: openssl
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '2.1'
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '2.1'
|
125
153
|
description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT)
|
126
154
|
standard.
|
127
155
|
email: timrudat@gmail.com
|
@@ -132,55 +160,43 @@ files:
|
|
132
160
|
- ".codeclimate.yml"
|
133
161
|
- ".ebert.yml"
|
134
162
|
- ".gitignore"
|
135
|
-
- ".reek.yml"
|
136
163
|
- ".rspec"
|
137
164
|
- ".rubocop.yml"
|
138
165
|
- ".travis.yml"
|
166
|
+
- AUTHORS
|
167
|
+
- Appraisals
|
139
168
|
- CHANGELOG.md
|
140
169
|
- Gemfile
|
141
170
|
- LICENSE
|
142
|
-
- Manifest
|
143
171
|
- README.md
|
144
172
|
- Rakefile
|
145
173
|
- lib/jwt.rb
|
174
|
+
- lib/jwt/algos/ecdsa.rb
|
175
|
+
- lib/jwt/algos/eddsa.rb
|
176
|
+
- lib/jwt/algos/hmac.rb
|
177
|
+
- lib/jwt/algos/ps.rb
|
178
|
+
- lib/jwt/algos/rsa.rb
|
179
|
+
- lib/jwt/algos/unsupported.rb
|
180
|
+
- lib/jwt/base64.rb
|
181
|
+
- lib/jwt/claims_validator.rb
|
146
182
|
- lib/jwt/decode.rb
|
147
183
|
- lib/jwt/default_options.rb
|
148
184
|
- lib/jwt/encode.rb
|
149
185
|
- lib/jwt/error.rb
|
186
|
+
- lib/jwt/json.rb
|
187
|
+
- lib/jwt/jwk.rb
|
188
|
+
- lib/jwt/jwk/key_finder.rb
|
189
|
+
- lib/jwt/jwk/rsa.rb
|
150
190
|
- lib/jwt/security_utils.rb
|
151
191
|
- lib/jwt/signature.rb
|
152
192
|
- lib/jwt/verify.rb
|
153
193
|
- lib/jwt/version.rb
|
154
194
|
- ruby-jwt.gemspec
|
155
|
-
|
156
|
-
- spec/fixtures/certs/ec256-public.pem
|
157
|
-
- spec/fixtures/certs/ec256-wrong-private.pem
|
158
|
-
- spec/fixtures/certs/ec256-wrong-public.pem
|
159
|
-
- spec/fixtures/certs/ec384-private.pem
|
160
|
-
- spec/fixtures/certs/ec384-public.pem
|
161
|
-
- spec/fixtures/certs/ec384-wrong-private.pem
|
162
|
-
- spec/fixtures/certs/ec384-wrong-public.pem
|
163
|
-
- spec/fixtures/certs/ec512-private.pem
|
164
|
-
- spec/fixtures/certs/ec512-public.pem
|
165
|
-
- spec/fixtures/certs/ec512-wrong-private.pem
|
166
|
-
- spec/fixtures/certs/ec512-wrong-public.pem
|
167
|
-
- spec/fixtures/certs/rsa-1024-private.pem
|
168
|
-
- spec/fixtures/certs/rsa-1024-public.pem
|
169
|
-
- spec/fixtures/certs/rsa-2048-private.pem
|
170
|
-
- spec/fixtures/certs/rsa-2048-public.pem
|
171
|
-
- spec/fixtures/certs/rsa-2048-wrong-private.pem
|
172
|
-
- spec/fixtures/certs/rsa-2048-wrong-public.pem
|
173
|
-
- spec/fixtures/certs/rsa-4096-private.pem
|
174
|
-
- spec/fixtures/certs/rsa-4096-public.pem
|
175
|
-
- spec/integration/readme_examples_spec.rb
|
176
|
-
- spec/jwt/verify_spec.rb
|
177
|
-
- spec/jwt_spec.rb
|
178
|
-
- spec/spec_helper.rb
|
179
|
-
homepage: http://github.com/jwt/ruby-jwt
|
195
|
+
homepage: https://github.com/jwt/ruby-jwt
|
180
196
|
licenses:
|
181
197
|
- MIT
|
182
198
|
metadata: {}
|
183
|
-
post_install_message:
|
199
|
+
post_install_message:
|
184
200
|
rdoc_options: []
|
185
201
|
require_paths:
|
186
202
|
- lib
|
@@ -195,33 +211,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
195
211
|
- !ruby/object:Gem::Version
|
196
212
|
version: '0'
|
197
213
|
requirements: []
|
198
|
-
|
199
|
-
|
200
|
-
signing_key:
|
214
|
+
rubygems_version: 3.1.2
|
215
|
+
signing_key:
|
201
216
|
specification_version: 4
|
202
217
|
summary: JSON Web Token implementation in Ruby
|
203
|
-
test_files:
|
204
|
-
- spec/fixtures/certs/ec256-private.pem
|
205
|
-
- spec/fixtures/certs/ec256-public.pem
|
206
|
-
- spec/fixtures/certs/ec256-wrong-private.pem
|
207
|
-
- spec/fixtures/certs/ec256-wrong-public.pem
|
208
|
-
- spec/fixtures/certs/ec384-private.pem
|
209
|
-
- spec/fixtures/certs/ec384-public.pem
|
210
|
-
- spec/fixtures/certs/ec384-wrong-private.pem
|
211
|
-
- spec/fixtures/certs/ec384-wrong-public.pem
|
212
|
-
- spec/fixtures/certs/ec512-private.pem
|
213
|
-
- spec/fixtures/certs/ec512-public.pem
|
214
|
-
- spec/fixtures/certs/ec512-wrong-private.pem
|
215
|
-
- spec/fixtures/certs/ec512-wrong-public.pem
|
216
|
-
- spec/fixtures/certs/rsa-1024-private.pem
|
217
|
-
- spec/fixtures/certs/rsa-1024-public.pem
|
218
|
-
- spec/fixtures/certs/rsa-2048-private.pem
|
219
|
-
- spec/fixtures/certs/rsa-2048-public.pem
|
220
|
-
- spec/fixtures/certs/rsa-2048-wrong-private.pem
|
221
|
-
- spec/fixtures/certs/rsa-2048-wrong-public.pem
|
222
|
-
- spec/fixtures/certs/rsa-4096-private.pem
|
223
|
-
- spec/fixtures/certs/rsa-4096-public.pem
|
224
|
-
- spec/integration/readme_examples_spec.rb
|
225
|
-
- spec/jwt/verify_spec.rb
|
226
|
-
- spec/jwt_spec.rb
|
227
|
-
- spec/spec_helper.rb
|
218
|
+
test_files: []
|