jwt 2.1.0 → 2.2.3

data/lib/jwt/security_utils.rb

@@ -20,6 +20,12 @@ module JWT
       public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
     end
 
+    def verify_ps(algorithm, public_key, signing_input, signature)
+      formatted_algorithm = algorithm.sub('PS', 'sha')
+
+      public_key.verify_pss(formatted_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: formatted_algorithm)
+    end
+
     def asn1_to_raw(signature, public_key)
       byte_size = (public_key.group.degree + 7) / 8
       OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join

data/lib/jwt/signature.rb

@@ -2,11 +2,7 @@
 
 require 'jwt/security_utils'
 require 'openssl'
-require 'jwt/algos/hmac'
-require 'jwt/algos/eddsa'
-require 'jwt/algos/ecdsa'
-require 'jwt/algos/rsa'
-require 'jwt/algos/unsupported'
+require 'jwt/algos'
 begin
   require 'rbnacl'
 rescue LoadError
@@ -18,28 +14,21 @@ module JWT
   # Signature logic for JWT
   module Signature
     extend self
-    ALGOS = [
-      Algos::Hmac,
-      Algos::Ecdsa,
-      Algos::Rsa,
-      Algos::Eddsa,
-      Algos::Unsupported
-    ].freeze
     ToSign = Struct.new(:algorithm, :msg, :key)
     ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
 
     def sign(algorithm, msg, key)
-      algo = ALGOS.find do |alg|
-        alg.const_get(:SUPPORTED).include? algorithm
-      end
-      algo.sign ToSign.new(algorithm, msg, key)
+      algo, code = Algos.find(algorithm)
+      algo.sign ToSign.new(code, msg, key)
     end
 
     def verify(algorithm, key, signing_input, signature)
-      algo = ALGOS.find do |alg|
-        alg.const_get(:SUPPORTED).include? algorithm
-      end
-      verified = algo.verify(ToVerify.new(algorithm, key, signing_input, signature))
+      return true if algorithm.casecmp('none').zero?
+
+      raise JWT::DecodeError, 'No verification key available' unless key
+
+      algo, code = Algos.find(algorithm)
+      verified = algo.verify(ToVerify.new(code, key, signing_input, signature))
       raise(JWT::VerificationError, 'Signature verification raised') unless verified
     rescue OpenSSL::PKey::PKeyError
       raise JWT::VerificationError, 'Signature verification raised'

data/lib/jwt/verify.rb

@@ -45,7 +45,7 @@ module JWT
       return unless @payload.include?('iat')
 
       iat = @payload['iat']
-      raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > (Time.now.to_f + iat_leeway)
+      raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
     end
 
     def verify_iss
@@ -91,10 +91,6 @@ module JWT
       @options[:exp_leeway] || global_leeway
     end
 
-    def iat_leeway
-      @options[:iat_leeway] || global_leeway
-    end
-
     def nbf_leeway
       @options[:nbf_leeway] || global_leeway
     end

data/lib/jwt/version.rb

@@ -12,9 +12,9 @@ module JWT
     # major version
     MAJOR = 2
     # minor version
-    MINOR = 1
+    MINOR = 2
     # tiny version
-    TINY  = 0
+    TINY  = 3
     # alpha, beta, etc. tag
     PRE   = nil
 

data/ruby-jwt.gemspec

@@ -11,21 +11,18 @@ Gem::Specification.new do |spec|
   spec.email = 'timrudat@gmail.com'
   spec.summary = 'JSON Web Token implementation in Ruby'
   spec.description = 'A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.'
-  spec.homepage = 'http://github.com/jwt/ruby-jwt'
+  spec.homepage = 'https://github.com/jwt/ruby-jwt'
   spec.license = 'MIT'
   spec.required_ruby_version = '>= 2.1'
 
-  spec.files = `git ls-files -z`.split("\x0")
-  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|gemfiles|coverage|bin)/}) }
+  spec.executables = []
   spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = %w[lib]
 
+  spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'simplecov'
-  spec.add_development_dependency 'simplecov-json'
-  spec.add_development_dependency 'codeclimate-test-reporter'
-  spec.add_development_dependency 'codacy-coverage'
-  spec.add_development_dependency 'rbnacl'
 end

metadata

@@ -1,31 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.3
 platform: ruby
 authors:
 - Tim Rudat
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-06 00:00:00.000000000 Z
+date: 2021-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -39,35 +25,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov-json
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: codacy-coverage
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -109,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rbnacl
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -129,63 +87,51 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".codeclimate.yml"
-- ".ebert.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
-- ".reek.yml"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
+- ".rubocop_todo.yml"
+- ".sourcelevel.yml"
+- AUTHORS
+- Appraisals
 - CHANGELOG.md
 - Gemfile
 - LICENSE
-- Manifest
 - README.md
 - Rakefile
 - lib/jwt.rb
+- lib/jwt/algos.rb
 - lib/jwt/algos/ecdsa.rb
 - lib/jwt/algos/eddsa.rb
 - lib/jwt/algos/hmac.rb
+- lib/jwt/algos/none.rb
+- lib/jwt/algos/ps.rb
 - lib/jwt/algos/rsa.rb
 - lib/jwt/algos/unsupported.rb
+- lib/jwt/base64.rb
+- lib/jwt/claims_validator.rb
 - lib/jwt/decode.rb
 - lib/jwt/default_options.rb
 - lib/jwt/encode.rb
 - lib/jwt/error.rb
+- lib/jwt/json.rb
+- lib/jwt/jwk.rb
+- lib/jwt/jwk/ec.rb
+- lib/jwt/jwk/hmac.rb
+- lib/jwt/jwk/key_base.rb
+- lib/jwt/jwk/key_finder.rb
+- lib/jwt/jwk/rsa.rb
 - lib/jwt/security_utils.rb
 - lib/jwt/signature.rb
 - lib/jwt/verify.rb
 - lib/jwt/version.rb
 - ruby-jwt.gemspec
-- spec/fixtures/certs/ec256-private.pem
-- spec/fixtures/certs/ec256-public.pem
-- spec/fixtures/certs/ec256-wrong-private.pem
-- spec/fixtures/certs/ec256-wrong-public.pem
-- spec/fixtures/certs/ec384-private.pem
-- spec/fixtures/certs/ec384-public.pem
-- spec/fixtures/certs/ec384-wrong-private.pem
-- spec/fixtures/certs/ec384-wrong-public.pem
-- spec/fixtures/certs/ec512-private.pem
-- spec/fixtures/certs/ec512-public.pem
-- spec/fixtures/certs/ec512-wrong-private.pem
-- spec/fixtures/certs/ec512-wrong-public.pem
-- spec/fixtures/certs/rsa-1024-private.pem
-- spec/fixtures/certs/rsa-1024-public.pem
-- spec/fixtures/certs/rsa-2048-private.pem
-- spec/fixtures/certs/rsa-2048-public.pem
-- spec/fixtures/certs/rsa-2048-wrong-private.pem
-- spec/fixtures/certs/rsa-2048-wrong-public.pem
-- spec/fixtures/certs/rsa-4096-private.pem
-- spec/fixtures/certs/rsa-4096-public.pem
-- spec/integration/readme_examples_spec.rb
-- spec/jwt/verify_spec.rb
-- spec/jwt_spec.rb
-- spec/spec_helper.rb
-homepage: http://github.com/jwt/ruby-jwt
+homepage: https://github.com/jwt/ruby-jwt
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -200,33 +146,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
-signing_key: 
+rubygems_version: 3.2.16
+signing_key:
 specification_version: 4
 summary: JSON Web Token implementation in Ruby
-test_files:
-- spec/fixtures/certs/ec256-private.pem
-- spec/fixtures/certs/ec256-public.pem
-- spec/fixtures/certs/ec256-wrong-private.pem
-- spec/fixtures/certs/ec256-wrong-public.pem
-- spec/fixtures/certs/ec384-private.pem
-- spec/fixtures/certs/ec384-public.pem
-- spec/fixtures/certs/ec384-wrong-private.pem
-- spec/fixtures/certs/ec384-wrong-public.pem
-- spec/fixtures/certs/ec512-private.pem
-- spec/fixtures/certs/ec512-public.pem
-- spec/fixtures/certs/ec512-wrong-private.pem
-- spec/fixtures/certs/ec512-wrong-public.pem
-- spec/fixtures/certs/rsa-1024-private.pem
-- spec/fixtures/certs/rsa-1024-public.pem
-- spec/fixtures/certs/rsa-2048-private.pem
-- spec/fixtures/certs/rsa-2048-public.pem
-- spec/fixtures/certs/rsa-2048-wrong-private.pem
-- spec/fixtures/certs/rsa-2048-wrong-public.pem
-- spec/fixtures/certs/rsa-4096-private.pem
-- spec/fixtures/certs/rsa-4096-public.pem
-- spec/integration/readme_examples_spec.rb
-- spec/jwt/verify_spec.rb
-- spec/jwt_spec.rb
-- spec/spec_helper.rb
+test_files: []

data/.codeclimate.yml

@@ -1,20 +0,0 @@
-engines:
-  rubocop:
-    enabled: true
-  golint:
-    enabled: false
-  gofmt:
-    enabled: false
-  eslint:
-    enabled: false
-  csslint:
-    enabled: false
-
-ratings:
-  paths:
-    - lib/**
-    - "**.rb"
-
-exclude_paths:
-  - spec/**/*
-  - vendor/**/*

data/.reek.yml

@@ -1,40 +0,0 @@
----
-TooManyStatements:
-  max_statements: 10
-UncommunicativeMethodName:
-  reject:
-  - !ruby/regexp /^[a-z]$/
-  - !ruby/regexp /[0-9]$/
-UncommunicativeParameterName:
-  reject:
-  - !ruby/regexp /^.$/
-  - !ruby/regexp /[0-9]$/
-  - !ruby/regexp /^_/
-UncommunicativeVariableName:
-  reject:
-  - !ruby/regexp /^.$/
-  - !ruby/regexp /[0-9]$/
-UtilityFunction:
-  enabled: false
-LongParameterList:
-  enabled: false
-DuplicateMethodCall:
-  max_calls: 2
-IrresponsibleModule:
-  enabled: false
-NestedIterators:
-  max_allowed_nesting: 2
-PrimaDonnaMethod:
-  enabled: false
-UnusedParameters:
-  enabled: false
-FeatureEnvy:
-  enabled: false
-ControlParameter:
-  enabled: false
-UnusedPrivateMethod:
-  enabled: false
-InstanceVariableAssumption:
-  exclude:
-    - !ruby/regexp /Controller$/
-    - !ruby/regexp /Mailer$/s

data/.travis.yml

@@ -1,14 +0,0 @@
-sudo: required
-cache: bundler
-dist: trusty
-language: ruby
-rvm:
-  - 2.2.0
-  - 2.3.0
-  - 2.4.0
-script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
-before_install:
-  - sudo add-apt-repository ppa:chris-lea/libsodium -y
-  - sudo apt-get update -q
-  - sudo apt-get install libsodium-dev -y
-  - gem install bundler

data/Manifest

@@ -1,8 +0,0 @@
-Rakefile
-README.md
-LICENSE
-lib/jwt.rb
-lib/jwt/json.rb
-spec/spec_helper.rb
-spec/jwt_spec.rb
-Manifest

data/spec/fixtures/certs/ec256-private.pem

@@ -1,8 +0,0 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIJmVse5uPfj6B4TcXrUAvf9/8pJh+KrKKYLNcmOnp/vPoAoGCCqGSM49
-AwEHoUQDQgAEAr+WbDE5VtIDGhtYMxvEc6cMsDBc/DX1wuhIMu8dQzOLSt0tpqK9
-MVfXbVfrKdayVFgoWzs8MilcYq0QIhKx/w==
------END EC PRIVATE KEY-----

data/spec/fixtures/certs/ec256-public.pem

@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAr+WbDE5VtIDGhtYMxvEc6cMsDBc
-/DX1wuhIMu8dQzOLSt0tpqK9MVfXbVfrKdayVFgoWzs8MilcYq0QIhKx/w==
------END PUBLIC KEY-----