jwt 2.2.1 → 2.7.1

data/lib/jwt/algos/ecdsa.rb

@@ -1,34 +1,75 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Ecdsa
       module_function
 
-      SUPPORTED = %w[ES256 ES384 ES512].freeze
       NAMED_CURVES = {
-        'prime256v1' => 'ES256',
-        'secp384r1' => 'ES384',
-        'secp521r1' => 'ES512'
+        'prime256v1' => {
+          algorithm: 'ES256',
+          digest: 'sha256'
+        },
+        'secp256r1' => { # alias for prime256v1
+          algorithm: 'ES256',
+          digest: 'sha256'
+        },
+        'secp384r1' => {
+          algorithm: 'ES384',
+          digest: 'sha384'
+        },
+        'secp521r1' => {
+          algorithm: 'ES512',
+          digest: 'sha512'
+        },
+        'secp256k1' => {
+          algorithm: 'ES256K',
+          digest: 'sha256'
+        }
       }.freeze
 
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        key_algorithm = NAMED_CURVES[key.group.curve_name]
+      SUPPORTED = NAMED_CURVES.map { |_, c| c[:algorithm] }.uniq.freeze
+
+      def sign(algorithm, msg, key)
+        curve_definition = curve_by_name(key.group.curve_name)
+        key_algorithm = curve_definition[:algorithm]
         if algorithm != key_algorithm
           raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} signing key was provided"
         end
 
-        digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
-        SecurityUtils.asn1_to_raw(key.dsa_sign_asn1(digest.digest(msg)), key)
+        digest = OpenSSL::Digest.new(curve_definition[:digest])
+        asn1_to_raw(key.dsa_sign_asn1(digest.digest(msg)), key)
       end
 
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
-        key_algorithm = NAMED_CURVES[public_key.group.curve_name]
+      def verify(algorithm, public_key, signing_input, signature)
+        curve_definition = curve_by_name(public_key.group.curve_name)
+        key_algorithm = curve_definition[:algorithm]
         if algorithm != key_algorithm
           raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided"
         end
-        digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
-        public_key.dsa_verify_asn1(digest.digest(signing_input), SecurityUtils.raw_to_asn1(signature, public_key))
+
+        digest = OpenSSL::Digest.new(curve_definition[:digest])
+        public_key.dsa_verify_asn1(digest.digest(signing_input), raw_to_asn1(signature, public_key))
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::VerificationError, 'Signature verification raised'
+      end
+
+      def curve_by_name(name)
+        NAMED_CURVES.fetch(name) do
+          raise UnsupportedEcdsaCurve, "The ECDSA curve '#{name}' is not supported"
+        end
+      end
+
+      def raw_to_asn1(signature, private_key)
+        byte_size = (private_key.group.degree + 7) / 8
+        sig_bytes = signature[0..(byte_size - 1)]
+        sig_char = signature[byte_size..-1] || ''
+        OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+      end
+
+      def asn1_to_raw(signature, public_key)
+        byte_size = (public_key.group.degree + 7) / 8
+        OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
       end
     end
   end

data/lib/jwt/algos/eddsa.rb

@@ -1,22 +1,32 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Eddsa
       module_function
 
-      SUPPORTED = %w[ED25519].freeze
+      SUPPORTED = %w[ED25519 EdDSA].freeze
+
+      def sign(algorithm, msg, key)
+        if key.class != RbNaCl::Signatures::Ed25519::SigningKey
+          raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey"
+        end
+        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
+        end
 
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey" if key.class != RbNaCl::Signatures::Ed25519::SigningKey
-        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"  if algorithm.downcase.to_sym != key.primitive
         key.sign(msg)
       end
 
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
-        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{public_key.primitive} verification key was provided" if algorithm.downcase.to_sym != public_key.primitive
+      def verify(algorithm, public_key, signing_input, signature)
+        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
+        end
         raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey" if public_key.class != RbNaCl::Signatures::Ed25519::VerifyKey
+
         public_key.verify(signature, signing_input)
+      rescue RbNaCl::CryptoError
+        false
       end
     end
   end

data/lib/jwt/algos/hmac.rb

@@ -1,33 +1,73 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Hmac
       module_function
 
-      SUPPORTED = %w[HS256 HS512256 HS384 HS512].freeze
+      MAPPING = {
+        'HS256' => OpenSSL::Digest::SHA256,
+        'HS384' => OpenSSL::Digest::SHA384,
+        'HS512' => OpenSSL::Digest::SHA512
+      }.freeze
 
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, key)
-        if authenticator && padded_key
-          authenticator.auth(padded_key, msg.encode('binary'))
-        else
-          OpenSSL::HMAC.digest(OpenSSL::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
+      SUPPORTED = MAPPING.keys
+
+      def sign(algorithm, msg, key)
+        key ||= ''
+
+        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+        OpenSSL::HMAC.digest(MAPPING[algorithm].new, key, msg)
+      rescue OpenSSL::HMACError => e
+        if key == '' && e.message == 'EVP_PKEY_new_mac_key: malloc failure'
+          raise JWT::DecodeError, 'OpenSSL 3.0 does not support nil or empty hmac_secret'
         end
+
+        raise e
+      end
+
+      def verify(algorithm, key, signing_input, signature)
+        SecurityUtils.secure_compare(signature, sign(algorithm, signing_input, key))
       end
 
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
-        authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, public_key)
-        if authenticator && padded_key
-          begin
-            authenticator.verify(padded_key, signature.encode('binary'), signing_input.encode('binary'))
-          rescue RbNaCl::BadAuthenticatorError
-            false
+      # Copy of https://github.com/rails/rails/blob/v7.0.3.1/activesupport/lib/active_support/security_utils.rb
+      # rubocop:disable Naming/MethodParameterName, Style/StringLiterals, Style/NumericPredicate
+      module SecurityUtils
+        # Constant time string comparison, for fixed length strings.
+        #
+        # The values compared should be of fixed length, such as strings
+        # that have already been processed by HMAC. Raises in case of length mismatch.
+
+        if defined?(OpenSSL.fixed_length_secure_compare)
+          def fixed_length_secure_compare(a, b)
+            OpenSSL.fixed_length_secure_compare(a, b)
           end
         else
-          SecurityUtils.secure_compare(signature, sign(JWT::Signature::ToSign.new(algorithm, signing_input, public_key)))
+          def fixed_length_secure_compare(a, b)
+            raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
+
+            l = a.unpack "C#{a.bytesize}"
+
+            res = 0
+            b.each_byte { |byte| res |= byte ^ l.shift }
+            res == 0
+          end
+        end
+        module_function :fixed_length_secure_compare
+
+        # Secure string comparison for strings of variable length.
+        #
+        # While a timing attack would not be able to discern the content of
+        # a secret compared via secure_compare, it is possible to determine
+        # the secret length. This should be considered when using secure_compare
+        # to compare weak, short secrets to user input.
+        def secure_compare(a, b)
+          a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
         end
+        module_function :secure_compare
       end
+      # rubocop:enable Naming/MethodParameterName, Style/StringLiterals, Style/NumericPredicate
     end
   end
 end

data/lib/jwt/algos/hmac_rbnacl.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module JWT
+  module Algos
+    module HmacRbNaCl
+      module_function
+
+      MAPPING = {
+        'HS256' => ::RbNaCl::HMAC::SHA256,
+        'HS512256' => ::RbNaCl::HMAC::SHA512256,
+        'HS384' => nil,
+        'HS512' => ::RbNaCl::HMAC::SHA512
+      }.freeze
+
+      SUPPORTED = MAPPING.keys
+
+      def sign(algorithm, msg, key)
+        if (hmac = resolve_algorithm(algorithm))
+          hmac.auth(key_for_rbnacl(hmac, key).encode('binary'), msg.encode('binary'))
+        else
+          Hmac.sign(algorithm, msg, key)
+        end
+      end
+
+      def verify(algorithm, key, signing_input, signature)
+        if (hmac = resolve_algorithm(algorithm))
+          hmac.verify(key_for_rbnacl(hmac, key).encode('binary'), signature.encode('binary'), signing_input.encode('binary'))
+        else
+          Hmac.verify(algorithm, key, signing_input, signature)
+        end
+      rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
+        false
+      end
+
+      def key_for_rbnacl(hmac, key)
+        key ||= ''
+        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+        return padded_empty_key(hmac.key_bytes) if key == ''
+
+        key
+      end
+
+      def resolve_algorithm(algorithm)
+        MAPPING.fetch(algorithm)
+      end
+
+      def padded_empty_key(length)
+        Array.new(length, 0x0).pack('C*').encode('binary')
+      end
+    end
+  end
+end

data/lib/jwt/algos/hmac_rbnacl_fixed.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module JWT
+  module Algos
+    module HmacRbNaClFixed
+      module_function
+
+      MAPPING = {
+        'HS256' => ::RbNaCl::HMAC::SHA256,
+        'HS512256' => ::RbNaCl::HMAC::SHA512256,
+        'HS384' => nil,
+        'HS512' => ::RbNaCl::HMAC::SHA512
+      }.freeze
+
+      SUPPORTED = MAPPING.keys
+
+      def sign(algorithm, msg, key)
+        key ||= ''
+
+        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+        if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
+          hmac.auth(padded_key_bytes(key, hmac.key_bytes), msg.encode('binary'))
+        else
+          Hmac.sign(algorithm, msg, key)
+        end
+      end
+
+      def verify(algorithm, key, signing_input, signature)
+        key ||= ''
+
+        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+        if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
+          hmac.verify(padded_key_bytes(key, hmac.key_bytes), signature.encode('binary'), signing_input.encode('binary'))
+        else
+          Hmac.verify(algorithm, key, signing_input, signature)
+        end
+      rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
+        false
+      end
+
+      def resolve_algorithm(algorithm)
+        MAPPING.fetch(algorithm)
+      end
+
+      def padded_key_bytes(key, bytesize)
+        key.bytes.fill(0, key.bytesize...bytesize).pack('C*')
+      end
+    end
+  end
+end

data/lib/jwt/algos/none.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module JWT
+  module Algos
+    module None
+      module_function
+
+      SUPPORTED = %w[none].freeze
+
+      def sign(*)
+        ''
+      end
+
+      def verify(*)
+        true
+      end
+    end
+  end
+end

data/lib/jwt/algos/ps.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Ps
@@ -7,31 +9,27 @@ module JWT
 
       SUPPORTED = %w[PS256 PS384 PS512].freeze
 
-      def sign(to_sign)
+      def sign(algorithm, msg, key)
         require_openssl!
 
-        algorithm, msg, key = to_sign.values
-
-        key_class = key.class
-
-        raise EncodeError, "The given key is a #{key_class}. It has to be an OpenSSL::PKey::RSA instance." if key_class == String
+        raise EncodeError, "The given key is a #{key_class}. It has to be an OpenSSL::PKey::RSA instance." if key.is_a?(String)
 
         translated_algorithm = algorithm.sub('PS', 'sha')
 
         key.sign_pss(translated_algorithm, msg, salt_length: :digest, mgf1_hash: translated_algorithm)
       end
 
-      def verify(to_verify)
+      def verify(algorithm, public_key, signing_input, signature)
         require_openssl!
-
-        SecurityUtils.verify_ps(to_verify.algorithm, to_verify.public_key, to_verify.signing_input, to_verify.signature)
+        translated_algorithm = algorithm.sub('PS', 'sha')
+        public_key.verify_pss(translated_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: translated_algorithm)
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::VerificationError, 'Signature verification raised'
       end
 
       def require_openssl!
         if Object.const_defined?('OpenSSL')
-          major, minor = OpenSSL::VERSION.split('.').first(2)
-
-          unless major.to_i >= 2 && minor.to_i >= 1
+          if ::Gem::Version.new(OpenSSL::VERSION) < ::Gem::Version.new('2.1')
             raise JWT::RequiredDependencyError, "You currently have OpenSSL #{OpenSSL::VERSION}. PS support requires >= 2.1"
           end
         else

data/lib/jwt/algos/rsa.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Rsa
@@ -5,14 +7,16 @@ module JWT
 
       SUPPORTED = %w[RS256 RS384 RS512].freeze
 
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        raise EncodeError, "The given key is a #{key.class}. It has to be an OpenSSL::PKey::RSA instance." if key.class == String
+      def sign(algorithm, msg, key)
+        raise EncodeError, "The given key is a #{key.class}. It has to be an OpenSSL::PKey::RSA instance." if key.instance_of?(String)
+
         key.sign(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), msg)
       end
 
-      def verify(to_verify)
-        SecurityUtils.verify_rsa(to_verify.algorithm, to_verify.public_key, to_verify.signing_input, to_verify.signature)
+      def verify(algorithm, public_key, signing_input, signature)
+        public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::VerificationError, 'Signature verification raised'
       end
     end
   end

data/lib/jwt/algos/unsupported.rb

@@ -1,16 +1,19 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Unsupported
       module_function
 
-      SUPPORTED = Object.new.tap { |object| object.define_singleton_method(:include?) { |*| true } }
-      def verify(*)
-        raise JWT::VerificationError, 'Algorithm not supported'
-      end
+      SUPPORTED = [].freeze
 
       def sign(*)
         raise NotImplementedError, 'Unsupported signing method'
       end
+
+      def verify(*)
+        raise JWT::VerificationError, 'Algorithm not supported'
+      end
     end
   end
 end

data/lib/jwt/algos.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+begin
+  require 'rbnacl'
+rescue LoadError
+  raise if defined?(RbNaCl)
+end
+require 'openssl'
+
+require 'jwt/algos/hmac'
+require 'jwt/algos/eddsa'
+require 'jwt/algos/ecdsa'
+require 'jwt/algos/rsa'
+require 'jwt/algos/ps'
+require 'jwt/algos/none'
+require 'jwt/algos/unsupported'
+require 'jwt/algos/algo_wrapper'
+
+module JWT
+  module Algos
+    extend self
+
+    ALGOS = [Algos::Ecdsa,
+             Algos::Rsa,
+             Algos::Eddsa,
+             Algos::Ps,
+             Algos::None,
+             Algos::Unsupported].tap do |l|
+      if ::JWT.rbnacl_6_or_greater?
+        require_relative 'algos/hmac_rbnacl'
+        l.unshift(Algos::HmacRbNaCl)
+      elsif ::JWT.rbnacl?
+        require_relative 'algos/hmac_rbnacl_fixed'
+        l.unshift(Algos::HmacRbNaClFixed)
+      else
+        l.unshift(Algos::Hmac)
+      end
+    end.freeze
+
+    def find(algorithm)
+      indexed[algorithm && algorithm.downcase]
+    end
+
+    def create(algorithm)
+      Algos::AlgoWrapper.new(*find(algorithm))
+    end
+
+    def implementation?(algorithm)
+      (algorithm.respond_to?(:valid_alg?) && algorithm.respond_to?(:verify)) ||
+        (algorithm.respond_to?(:alg) && algorithm.respond_to?(:sign))
+    end
+
+    private
+
+    def indexed
+      @indexed ||= begin
+        fallback = [nil, Algos::Unsupported]
+        ALGOS.each_with_object(Hash.new(fallback)) do |cls, hash|
+          cls.const_get(:SUPPORTED).each do |alg|
+            hash[alg.downcase] = [alg, cls]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/jwt/claims_validator.rb

@@ -1,33 +1,37 @@
+# frozen_string_literal: true
+
 require_relative './error'
 
 module JWT
   class ClaimsValidator
-    INTEGER_CLAIMS = %i[
+    NUMERIC_CLAIMS = %i[
       exp
       iat
       nbf
     ].freeze
 
     def initialize(payload)
-      @payload = payload.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }
+      @payload = payload.transform_keys(&:to_sym)
     end
 
     def validate!
-      validate_int_claims
+      validate_numeric_claims
 
       true
     end
 
     private
 
-    def validate_int_claims
-      INTEGER_CLAIMS.each do |claim|
-        validate_is_int(claim) if @payload.key?(claim)
+    def validate_numeric_claims
+      NUMERIC_CLAIMS.each do |claim|
+        validate_is_numeric(claim) if @payload.key?(claim)
       end
     end
 
-    def validate_is_int(claim)
-      raise InvalidPayload, "#{claim} claim must be an Integer but it is a #{@payload[claim].class}" unless @payload[claim].is_a?(Integer)
+    def validate_is_numeric(claim)
+      return if @payload[claim].is_a?(Numeric)
+
+      raise InvalidPayload, "#{claim} claim must be a Numeric value but it is a #{@payload[claim].class}"
     end
   end
 end

data/lib/jwt/configuration/container.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require_relative 'decode_configuration'
+require_relative 'jwk_configuration'
+
+module JWT
+  module Configuration
+    class Container
+      attr_accessor :decode, :jwk
+
+      def initialize
+        reset!
+      end
+
+      def reset!
+        @decode = DecodeConfiguration.new
+        @jwk    = JwkConfiguration.new
+      end
+    end
+  end
+end

data/lib/jwt/configuration/decode_configuration.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module JWT
+  module Configuration
+    class DecodeConfiguration
+      attr_accessor :verify_expiration,
+                    :verify_not_before,
+                    :verify_iss,
+                    :verify_iat,
+                    :verify_jti,
+                    :verify_aud,
+                    :verify_sub,
+                    :leeway,
+                    :algorithms,
+                    :required_claims
+
+      def initialize
+        @verify_expiration = true
+        @verify_not_before = true
+        @verify_iss = false
+        @verify_iat = false
+        @verify_jti = false
+        @verify_aud = false
+        @verify_sub = false
+        @leeway = 0
+        @algorithms = ['HS256']
+        @required_claims = []
+      end
+
+      def to_h
+        {
+          verify_expiration: verify_expiration,
+          verify_not_before: verify_not_before,
+          verify_iss: verify_iss,
+          verify_iat: verify_iat,
+          verify_jti: verify_jti,
+          verify_aud: verify_aud,
+          verify_sub: verify_sub,
+          leeway: leeway,
+          algorithms: algorithms,
+          required_claims: required_claims
+        }
+      end
+    end
+  end
+end

data/lib/jwt/configuration/jwk_configuration.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require_relative '../jwk/kid_as_key_digest'
+require_relative '../jwk/thumbprint'
+
+module JWT
+  module Configuration
+    class JwkConfiguration
+      def initialize
+        self.kid_generator_type = :key_digest
+      end
+
+      def kid_generator_type=(value)
+        self.kid_generator = case value
+                             when :key_digest
+                               JWT::JWK::KidAsKeyDigest
+                             when :rfc7638_thumbprint
+                               JWT::JWK::Thumbprint
+                             else
+                               raise ArgumentError, "#{value} is not a valid kid generator type."
+        end
+      end
+
+      attr_accessor :kid_generator
+    end
+  end
+end

data/lib/jwt/configuration.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative 'configuration/container'
+
+module JWT
+  module Configuration
+    def configure
+      yield(configuration)
+    end
+
+    def configuration
+      @configuration ||= ::JWT::Configuration::Container.new
+    end
+  end
+end