jwt 2.1.0 → 2.5.0

data/lib/jwt/jwk.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require_relative 'jwk/key_finder'
+
+module JWT
+  module JWK
+    class << self
+      def import(jwk_data)
+        jwk_kty = jwk_data[:kty] || jwk_data['kty']
+        raise JWT::JWKError, 'Key type (kty) not provided' unless jwk_kty
+
+        mappings.fetch(jwk_kty.to_s) do |kty|
+          raise JWT::JWKError, "Key type #{kty} not supported"
+        end.import(jwk_data)
+      end
+
+      def create_from(keypair, kid = nil)
+        mappings.fetch(keypair.class) do |klass|
+          raise JWT::JWKError, "Cannot create JWK from a #{klass.name}"
+        end.new(keypair, kid)
+      end
+
+      def classes
+        @mappings = nil # reset the cached mappings
+        @classes ||= []
+      end
+
+      alias new create_from
+
+      private
+
+      def mappings
+        @mappings ||= generate_mappings
+      end
+
+      def generate_mappings
+        classes.each_with_object({}) do |klass, hash|
+          next unless klass.const_defined?('KTYS')
+
+          Array(klass::KTYS).each do |kty|
+            hash[kty] = klass
+          end
+        end
+      end
+    end
+  end
+end
+
+require_relative 'jwk/key_base'
+require_relative 'jwk/ec'
+require_relative 'jwk/rsa'
+require_relative 'jwk/hmac'

data/lib/jwt/security_utils.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module JWT
   # Collection of security methods
   #
@@ -20,6 +22,12 @@ module JWT
       public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
     end
 
+    def verify_ps(algorithm, public_key, signing_input, signature)
+      formatted_algorithm = algorithm.sub('PS', 'sha')
+
+      public_key.verify_pss(formatted_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: formatted_algorithm)
+    end
+
     def asn1_to_raw(signature, public_key)
       byte_size = (public_key.group.degree + 7) / 8
       OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join

data/lib/jwt/signature.rb

@@ -2,11 +2,7 @@
 
 require 'jwt/security_utils'
 require 'openssl'
-require 'jwt/algos/hmac'
-require 'jwt/algos/eddsa'
-require 'jwt/algos/ecdsa'
-require 'jwt/algos/rsa'
-require 'jwt/algos/unsupported'
+require 'jwt/algos'
 begin
   require 'rbnacl'
 rescue LoadError
@@ -17,30 +13,19 @@ end
 module JWT
   # Signature logic for JWT
   module Signature
-    extend self
-    ALGOS = [
-      Algos::Hmac,
-      Algos::Ecdsa,
-      Algos::Rsa,
-      Algos::Eddsa,
-      Algos::Unsupported
-    ].freeze
+    module_function
+
     ToSign = Struct.new(:algorithm, :msg, :key)
     ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
 
     def sign(algorithm, msg, key)
-      algo = ALGOS.find do |alg|
-        alg.const_get(:SUPPORTED).include? algorithm
-      end
-      algo.sign ToSign.new(algorithm, msg, key)
+      algo, code = Algos.find(algorithm)
+      algo.sign ToSign.new(code, msg, key)
     end
 
     def verify(algorithm, key, signing_input, signature)
-      algo = ALGOS.find do |alg|
-        alg.const_get(:SUPPORTED).include? algorithm
-      end
-      verified = algo.verify(ToVerify.new(algorithm, key, signing_input, signature))
-      raise(JWT::VerificationError, 'Signature verification raised') unless verified
+      algo, code = Algos.find(algorithm)
+      algo.verify(ToVerify.new(code, key, signing_input, signature))
     rescue OpenSSL::PKey::PKeyError
       raise JWT::VerificationError, 'Signature verification raised'
     ensure

data/lib/jwt/verify.rb

@@ -10,7 +10,7 @@ module JWT
     }.freeze
 
     class << self
-      %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub].each do |method_name|
+      %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub verify_required_claims].each do |method_name|
         define_method method_name do |payload, options|
           new(payload, options).send(method_name)
         end
@@ -19,6 +19,7 @@ module JWT
       def verify_claims(payload, options)
         options.each do |key, val|
           next unless key.to_s =~ /verify/
+
           Verify.send(key, payload, options) if val
         end
       end
@@ -45,7 +46,7 @@ module JWT
       return unless @payload.include?('iat')
 
       iat = @payload['iat']
-      raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > (Time.now.to_f + iat_leeway)
+      raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
     end
 
     def verify_iss
@@ -53,9 +54,14 @@ module JWT
 
       iss = @payload['iss']
 
-      return if Array(options_iss).map(&:to_s).include?(iss.to_s)
+      options_iss = Array(options_iss).map { |item| item.is_a?(Symbol) ? item.to_s : item }
 
-      raise(JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{iss || '<none>'}")
+      case iss
+      when *options_iss
+        nil
+      else
+        raise(JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{iss || '<none>'}")
+      end
     end
 
     def verify_jti
@@ -77,10 +83,19 @@ module JWT
 
     def verify_sub
       return unless (options_sub = @options[:sub])
+
       sub = @payload['sub']
       raise(JWT::InvalidSubError, "Invalid subject. Expected #{options_sub}, received #{sub || '<none>'}") unless sub.to_s == options_sub.to_s
     end
 
+    def verify_required_claims
+      return unless (options_required_claims = @options[:required_claims])
+
+      options_required_claims.each do |required_claim|
+        raise(JWT::MissingRequiredClaim, "Missing required claim #{required_claim}") unless @payload.include?(required_claim)
+      end
+    end
+
     private
 
     def global_leeway
@@ -91,10 +106,6 @@ module JWT
       @options[:exp_leeway] || global_leeway
     end
 
-    def iat_leeway
-      @options[:iat_leeway] || global_leeway
-    end
-
     def nbf_leeway
       @options[:nbf_leeway] || global_leeway
     end

data/lib/jwt/version.rb

@@ -1,4 +1,3 @@
-# encoding: utf-8
 # frozen_string_literal: true
 
 # Moments version builder module
@@ -12,7 +11,7 @@ module JWT
     # major version
     MAJOR = 2
     # minor version
-    MINOR = 1
+    MINOR = 5
     # tiny version
     TINY  = 0
     # alpha, beta, etc. tag
@@ -21,4 +20,9 @@ module JWT
     # Build version string
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
   end
+
+  def self.openssl_3?
+    return false if OpenSSL::OPENSSL_VERSION.include?('LibreSSL')
+    return true if OpenSSL::OPENSSL_VERSION_NUMBER >= 3 * 0x10000000
+  end
 end

data/lib/jwt/x5c_key_finder.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'base64'
+require 'jwt/error'
+
+module JWT
+  # If the x5c header certificate chain can be validated by trusted root
+  # certificates, and none of the certificates are revoked, returns the public
+  # key from the first certificate.
+  # See https://tools.ietf.org/html/rfc7515#section-4.1.6
+  class X5cKeyFinder
+    def initialize(root_certificates, crls = nil)
+      raise(ArgumentError, 'Root certificates must be specified') unless root_certificates
+
+      @store = build_store(root_certificates, crls)
+    end
+
+    def from(x5c_header_or_certificates)
+      signing_certificate, *certificate_chain = parse_certificates(x5c_header_or_certificates)
+      store_context = OpenSSL::X509::StoreContext.new(@store, signing_certificate, certificate_chain)
+
+      if store_context.verify
+        signing_certificate.public_key
+      else
+        error = "Certificate verification failed: #{store_context.error_string}."
+        if (current_cert = store_context.current_cert)
+          error = "#{error} Certificate subject: #{current_cert.subject}."
+        end
+
+        raise(JWT::VerificationError, error)
+      end
+    end
+
+    private
+
+    def build_store(root_certificates, crls)
+      store = OpenSSL::X509::Store.new
+      store.purpose = OpenSSL::X509::PURPOSE_ANY
+      store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK | OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+      root_certificates.each { |certificate| store.add_cert(certificate) }
+      crls&.each { |crl| store.add_crl(crl) }
+      store
+    end
+
+    def parse_certificates(x5c_header_or_certificates)
+      if x5c_header_or_certificates.all? { |obj| obj.is_a?(OpenSSL::X509::Certificate) }
+        x5c_header_or_certificates
+      else
+        x5c_header_or_certificates.map do |encoded|
+          OpenSSL::X509::Certificate.new(::JWT::Base64.url_decode(encoded))
+        end
+      end
+    end
+  end
+end

data/lib/jwt.rb

@@ -1,63 +1,31 @@
 # frozen_string_literal: true
 
-require 'base64'
+require 'jwt/version'
+require 'jwt/base64'
+require 'jwt/json'
 require 'jwt/decode'
-require 'jwt/default_options'
+require 'jwt/configuration'
 require 'jwt/encode'
 require 'jwt/error'
-require 'jwt/signature'
-require 'jwt/verify'
+require 'jwt/jwk'
 
 # JSON Web Token implementation
 #
 # Should be up to date with the latest spec:
 # https://tools.ietf.org/html/rfc7519
 module JWT
-  include JWT::DefaultOptions
+  extend ::JWT::Configuration
 
   module_function
 
   def encode(payload, key, algorithm = 'HS256', header_fields = {})
-    encoder = Encode.new payload, key, algorithm, header_fields
-    encoder.segments
+    Encode.new(payload: payload,
+               key: key,
+               algorithm: algorithm,
+               headers: header_fields).segments
   end
 
-  def decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
-    raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
-
-    merged_options = DEFAULT_OPTIONS.merge(custom_options)
-
-    decoder = Decode.new jwt, verify
-    header, payload, signature, signing_input = decoder.decode_segments
-    decode_verify_signature(key, header, payload, signature, signing_input, merged_options, &keyfinder) if verify
-
-    Verify.verify_claims(payload, merged_options) if verify
-
-    raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
-
-    [payload, header]
-  end
-
-  def decode_verify_signature(key, header, payload, signature, signing_input, options, &keyfinder)
-    algo, key = signature_algorithm_and_key(header, payload, key, &keyfinder)
-
-    raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms(options).empty?
-    raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless allowed_algorithms(options).include?(algo)
-
-    Signature.verify(algo, key, signing_input, signature)
-  end
-
-  def signature_algorithm_and_key(header, payload, key, &keyfinder)
-    key = (keyfinder.arity == 2 ? yield(header, payload) : yield(header)) if keyfinder
-    raise JWT::DecodeError, 'No verification key available' unless key
-    [header['alg'], key]
-  end
-
-  def allowed_algorithms(options)
-    if options.key?(:algorithm)
-      [options[:algorithm]]
-    else
-      options[:algorithms] || []
-    end
+  def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
+    Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
   end
 end

data/ruby-jwt.gemspec

@@ -1,4 +1,6 @@
-lib = File.expand_path('../lib/', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'jwt/version'
 
@@ -11,21 +13,23 @@ Gem::Specification.new do |spec|
   spec.email = 'timrudat@gmail.com'
   spec.summary = 'JSON Web Token implementation in Ruby'
   spec.description = 'A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.'
-  spec.homepage = 'http://github.com/jwt/ruby-jwt'
+  spec.homepage = 'https://github.com/jwt/ruby-jwt'
   spec.license = 'MIT'
-  spec.required_ruby_version = '>= 2.1'
+  spec.required_ruby_version = '>= 2.5'
+  spec.metadata = {
+    'bug_tracker_uri' => 'https://github.com/jwt/ruby-jwt/issues',
+    'changelog_uri' => "https://github.com/jwt/ruby-jwt/blob/v#{JWT.gem_version}/CHANGELOG.md"
+  }
 
-  spec.files = `git ls-files -z`.split("\x0")
-  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|gemfiles|coverage|bin)/}) }
+  spec.executables = []
   spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = %w[lib]
 
+  spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'reek'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'simplecov'
-  spec.add_development_dependency 'simplecov-json'
-  spec.add_development_dependency 'codeclimate-test-reporter'
-  spec.add_development_dependency 'codacy-coverage'
-  spec.add_development_dependency 'rbnacl'
 end

metadata

@@ -1,45 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.5.0
 platform: ruby
 authors:
 - Tim Rudat
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-06 00:00:00.000000000 Z
+date: 2022-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +25,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: simplecov-json
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
+  name: reek
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: codacy-coverage
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -109,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rbnacl
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -130,62 +102,62 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".codeclimate.yml"
-- ".ebert.yml"
+- ".github/workflows/coverage.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".reek.yml"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
+- ".sourcelevel.yml"
+- AUTHORS
+- Appraisals
 - CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
 - Gemfile
 - LICENSE
-- Manifest
 - README.md
 - Rakefile
 - lib/jwt.rb
+- lib/jwt/algos.rb
 - lib/jwt/algos/ecdsa.rb
 - lib/jwt/algos/eddsa.rb
 - lib/jwt/algos/hmac.rb
+- lib/jwt/algos/none.rb
+- lib/jwt/algos/ps.rb
 - lib/jwt/algos/rsa.rb
 - lib/jwt/algos/unsupported.rb
+- lib/jwt/base64.rb
+- lib/jwt/claims_validator.rb
+- lib/jwt/configuration.rb
+- lib/jwt/configuration/container.rb
+- lib/jwt/configuration/decode_configuration.rb
+- lib/jwt/configuration/jwk_configuration.rb
 - lib/jwt/decode.rb
-- lib/jwt/default_options.rb
 - lib/jwt/encode.rb
 - lib/jwt/error.rb
+- lib/jwt/json.rb
+- lib/jwt/jwk.rb
+- lib/jwt/jwk/ec.rb
+- lib/jwt/jwk/hmac.rb
+- lib/jwt/jwk/key_base.rb
+- lib/jwt/jwk/key_finder.rb
+- lib/jwt/jwk/kid_as_key_digest.rb
+- lib/jwt/jwk/rsa.rb
+- lib/jwt/jwk/thumbprint.rb
 - lib/jwt/security_utils.rb
 - lib/jwt/signature.rb
 - lib/jwt/verify.rb
 - lib/jwt/version.rb
+- lib/jwt/x5c_key_finder.rb
 - ruby-jwt.gemspec
-- spec/fixtures/certs/ec256-private.pem
-- spec/fixtures/certs/ec256-public.pem
-- spec/fixtures/certs/ec256-wrong-private.pem
-- spec/fixtures/certs/ec256-wrong-public.pem
-- spec/fixtures/certs/ec384-private.pem
-- spec/fixtures/certs/ec384-public.pem
-- spec/fixtures/certs/ec384-wrong-private.pem
-- spec/fixtures/certs/ec384-wrong-public.pem
-- spec/fixtures/certs/ec512-private.pem
-- spec/fixtures/certs/ec512-public.pem
-- spec/fixtures/certs/ec512-wrong-private.pem
-- spec/fixtures/certs/ec512-wrong-public.pem
-- spec/fixtures/certs/rsa-1024-private.pem
-- spec/fixtures/certs/rsa-1024-public.pem
-- spec/fixtures/certs/rsa-2048-private.pem
-- spec/fixtures/certs/rsa-2048-public.pem
-- spec/fixtures/certs/rsa-2048-wrong-private.pem
-- spec/fixtures/certs/rsa-2048-wrong-public.pem
-- spec/fixtures/certs/rsa-4096-private.pem
-- spec/fixtures/certs/rsa-4096-public.pem
-- spec/integration/readme_examples_spec.rb
-- spec/jwt/verify_spec.rb
-- spec/jwt_spec.rb
-- spec/spec_helper.rb
-homepage: http://github.com/jwt/ruby-jwt
+homepage: https://github.com/jwt/ruby-jwt
 licenses:
 - MIT
-metadata: {}
-post_install_message: 
+metadata:
+  bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.5.0/CHANGELOG.md
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -193,40 +165,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.1'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
-signing_key: 
+rubygems_version: 3.3.21
+signing_key:
 specification_version: 4
 summary: JSON Web Token implementation in Ruby
-test_files:
-- spec/fixtures/certs/ec256-private.pem
-- spec/fixtures/certs/ec256-public.pem
-- spec/fixtures/certs/ec256-wrong-private.pem
-- spec/fixtures/certs/ec256-wrong-public.pem
-- spec/fixtures/certs/ec384-private.pem
-- spec/fixtures/certs/ec384-public.pem
-- spec/fixtures/certs/ec384-wrong-private.pem
-- spec/fixtures/certs/ec384-wrong-public.pem
-- spec/fixtures/certs/ec512-private.pem
-- spec/fixtures/certs/ec512-public.pem
-- spec/fixtures/certs/ec512-wrong-private.pem
-- spec/fixtures/certs/ec512-wrong-public.pem
-- spec/fixtures/certs/rsa-1024-private.pem
-- spec/fixtures/certs/rsa-1024-public.pem
-- spec/fixtures/certs/rsa-2048-private.pem
-- spec/fixtures/certs/rsa-2048-public.pem
-- spec/fixtures/certs/rsa-2048-wrong-private.pem
-- spec/fixtures/certs/rsa-2048-wrong-public.pem
-- spec/fixtures/certs/rsa-4096-private.pem
-- spec/fixtures/certs/rsa-4096-public.pem
-- spec/integration/readme_examples_spec.rb
-- spec/jwt/verify_spec.rb
-- spec/jwt_spec.rb
-- spec/spec_helper.rb
+test_files: []

data/.travis.yml

@@ -1,14 +0,0 @@
-sudo: required
-cache: bundler
-dist: trusty
-language: ruby
-rvm:
-  - 2.2.0
-  - 2.3.0
-  - 2.4.0
-script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
-before_install:
-  - sudo add-apt-repository ppa:chris-lea/libsodium -y
-  - sudo apt-get update -q
-  - sudo apt-get install libsodium-dev -y
-  - gem install bundler

data/Manifest

@@ -1,8 +0,0 @@
-Rakefile
-README.md
-LICENSE
-lib/jwt.rb
-lib/jwt/json.rb
-spec/spec_helper.rb
-spec/jwt_spec.rb
-Manifest

data/lib/jwt/default_options.rb

@@ -1,15 +0,0 @@
-module JWT
-  module DefaultOptions
-    DEFAULT_OPTIONS = {
-      verify_expiration: true,
-      verify_not_before: true,
-      verify_iss: false,
-      verify_iat: false,
-      verify_jti: false,
-      verify_aud: false,
-      verify_sub: false,
-      leeway: 0,
-      algorithms: ['HS256']
-    }.freeze
-  end
-end

data/spec/fixtures/certs/ec256-private.pem

@@ -1,8 +0,0 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIJmVse5uPfj6B4TcXrUAvf9/8pJh+KrKKYLNcmOnp/vPoAoGCCqGSM49
-AwEHoUQDQgAEAr+WbDE5VtIDGhtYMxvEc6cMsDBc/DX1wuhIMu8dQzOLSt0tpqK9
-MVfXbVfrKdayVFgoWzs8MilcYq0QIhKx/w==
------END EC PRIVATE KEY-----

data/spec/fixtures/certs/ec256-public.pem

@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAr+WbDE5VtIDGhtYMxvEc6cMsDBc
-/DX1wuhIMu8dQzOLSt0tpqK9MVfXbVfrKdayVFgoWzs8MilcYq0QIhKx/w==
------END PUBLIC KEY-----