jwt 2.2.1 → 2.7.1

data/lib/jwt/decode.rb

@@ -2,14 +2,16 @@
 
 require 'json'
 
-require 'jwt/signature'
 require 'jwt/verify'
+require 'jwt/x5c_key_finder'
+
 # JWT::Decode module
 module JWT
   # Decoding logic for JWT
   class Decode
     def initialize(jwt, key, verify, options, &keyfinder)
       raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
+
       @jwt = jwt
       @key = key
       @options = options
@@ -22,51 +24,109 @@ module JWT
     def decode_segments
       validate_segment_count!
       if @verify
-        decode_crypto
+        decode_signature
+        verify_algo
+        set_key
         verify_signature
         verify_claims
       end
       raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
+
       [payload, header]
     end
 
     private
 
     def verify_signature
-      @key = find_key(&@keyfinder) if @keyfinder
-      @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
+      return unless @key || @verify
 
+      return if none_algorithm?
+
+      raise JWT::DecodeError, 'No verification key available' unless @key
+
+      return if Array(@key).any? { |key| verify_signature_for?(key) }
+
+      raise(JWT::VerificationError, 'Signature verification failed')
+    end
+
+    def verify_algo
       raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
-      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
+      raise(JWT::IncorrectAlgorithm, 'Token is missing alg header') unless alg_in_header
+      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') if allowed_and_valid_algorithms.empty?
+    end
+
+    def set_key
+      @key = find_key(&@keyfinder) if @keyfinder
+      @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks], allow_nil_kid: @options[:allow_nil_kid]).key_for(header['kid']) if @options[:jwks]
+      if (x5c_options = @options[:x5c])
+        @key = X5cKeyFinder.new(x5c_options[:root_certificates], x5c_options[:crls]).from(header['x5c'])
+      end
+    end
+
+    def verify_signature_for?(key)
+      allowed_and_valid_algorithms.any? do |alg|
+        alg.verify(data: signing_input, signature: @signature, verification_key: key)
+      end
+    end
 
-      Signature.verify(header['alg'], @key, signing_input, @signature)
+    def allowed_and_valid_algorithms
+      @allowed_and_valid_algorithms ||= allowed_algorithms.select { |alg| alg.valid_alg?(alg_in_header) }
     end
 
-    def options_includes_algo_in_header?
-      allowed_algorithms.include? header['alg']
+    # Order is very important - first check for string keys, next for symbols
+    ALGORITHM_KEYS = ['algorithm',
+                      :algorithm,
+                      'algorithms',
+                      :algorithms].freeze
+
+    def given_algorithms
+      ALGORITHM_KEYS.each do |alg_key|
+        alg = @options[alg_key]
+        return Array(alg) if alg
+      end
+      []
     end
 
     def allowed_algorithms
-      if @options.key?(:algorithm)
-        [@options[:algorithm]]
-      else
-        @options[:algorithms] || []
+      @allowed_algorithms ||= resolve_allowed_algorithms
+    end
+
+    def resolve_allowed_algorithms
+      algs = given_algorithms.map do |alg|
+        if Algos.implementation?(alg)
+          alg
+        else
+          Algos.create(alg)
+        end
       end
+
+      sort_by_alg_header(algs)
+    end
+
+    # Move algorithms matching the JWT alg header to the beginning of the list
+    def sort_by_alg_header(algs)
+      return algs if algs.size <= 1
+
+      algs.partition { |alg| alg.valid_alg?(alg_in_header) }.flatten
     end
 
     def find_key(&keyfinder)
       key = (keyfinder.arity == 2 ? yield(header, payload) : yield(header))
-      raise JWT::DecodeError, 'No verification key available' unless key
-      key
+      # key can be of type [string, nil, OpenSSL::PKey, Array]
+      return key if key && !Array(key).empty?
+
+      raise JWT::DecodeError, 'No verification key available'
     end
 
     def verify_claims
       Verify.verify_claims(payload, @options)
+      Verify.verify_required_claims(payload, @options)
     end
 
     def validate_segment_count!
       return if segment_length == 3
       return if !@verify && segment_length == 2 # If no verifying required, the signature is not needed
+      return if segment_length == 2 && none_algorithm?
 
       raise(JWT::DecodeError, 'Not enough or too many segments')
     end
@@ -75,8 +135,16 @@ module JWT
       @segments.count
     end
 
-    def decode_crypto
-      @signature = JWT::Base64.url_decode(@segments[2])
+    def none_algorithm?
+      alg_in_header == 'none'
+    end
+
+    def decode_signature
+      @signature = ::JWT::Base64.url_decode(@segments[2] || '')
+    end
+
+    def alg_in_header
+      header['alg']
     end
 
     def header
@@ -92,7 +160,7 @@ module JWT
     end
 
     def parse_and_decode(segment)
-      JWT::JSON.parse(JWT::Base64.url_decode(segment))
+      JWT::JSON.parse(::JWT::Base64.url_decode(segment))
     rescue ::JSON::ParserError
       raise JWT::DecodeError, 'Invalid segment encoding'
     end

data/lib/jwt/encode.rb

@@ -1,27 +1,35 @@
 # frozen_string_literal: true
 
-require_relative './claims_validator'
+require_relative 'algos'
+require_relative 'claims_validator'
 
 # JWT::Encode module
 module JWT
   # Encoding logic for JWT
   class Encode
-    ALG_NONE = 'none'.freeze
-    ALG_KEY  = 'alg'.freeze
+    ALG_KEY = 'alg'
 
     def initialize(options)
-      @payload   = options[:payload]
-      @key       = options[:key]
-      @algorithm = options[:algorithm]
-      @headers   = options[:headers].each_with_object({}) { |(key, value), headers| headers[key.to_s] = value }
+      @payload          = options[:payload]
+      @key              = options[:key]
+      @algorithm        = resolve_algorithm(options[:algorithm])
+      @headers          = options[:headers].transform_keys(&:to_s)
+      @headers[ALG_KEY] = @algorithm.alg
     end
 
     def segments
-      @segments ||= combine(encoded_header_and_payload, encoded_signature)
+      validate_claims!
+      combine(encoded_header_and_payload, encoded_signature)
     end
 
     private
 
+    def resolve_algorithm(algorithm)
+      return algorithm if Algos.implementation?(algorithm)
+
+      Algos.create(algorithm)
+    end
+
     def encoded_header
       @encoded_header ||= encode_header
     end
@@ -39,26 +47,29 @@ module JWT
     end
 
     def encode_header
-      @headers[ALG_KEY] = @algorithm
-      encode(@headers)
+      encode_data(@headers)
     end
 
     def encode_payload
-      if @payload && @payload.is_a?(Hash)
-        ClaimsValidator.new(@payload).validate!
-      end
+      encode_data(@payload)
+    end
 
-      encode(@payload)
+    def signature
+      @algorithm.sign(data: encoded_header_and_payload, signing_key: @key)
     end
 
-    def encode_signature
-      return '' if @algorithm == ALG_NONE
+    def validate_claims!
+      return unless @payload.is_a?(Hash)
+
+      ClaimsValidator.new(@payload).validate!
+    end
 
-      JWT::Base64.url_encode(JWT::Signature.sign(@algorithm, encoded_header_and_payload, @key))
+    def encode_signature
+      ::JWT::Base64.url_encode(signature)
     end
 
-    def encode(data)
-      JWT::Base64.url_encode(JWT::JSON.generate(data))
+    def encode_data(data)
+      ::JWT::Base64.url_encode(JWT::JSON.generate(data))
     end
 
     def combine(*parts)

data/lib/jwt/error.rb

@@ -1,20 +1,22 @@
 # frozen_string_literal: true
 
 module JWT
-  EncodeError             = Class.new(StandardError)
-  DecodeError             = Class.new(StandardError)
-  RequiredDependencyError = Class.new(StandardError)
+  class EncodeError < StandardError; end
+  class DecodeError < StandardError; end
+  class RequiredDependencyError < StandardError; end
 
-  VerificationError  = Class.new(DecodeError)
-  ExpiredSignature   = Class.new(DecodeError)
-  IncorrectAlgorithm = Class.new(DecodeError)
-  ImmatureSignature  = Class.new(DecodeError)
-  InvalidIssuerError = Class.new(DecodeError)
-  InvalidIatError    = Class.new(DecodeError)
-  InvalidAudError    = Class.new(DecodeError)
-  InvalidSubError    = Class.new(DecodeError)
-  InvalidJtiError    = Class.new(DecodeError)
-  InvalidPayload     = Class.new(DecodeError)
+  class VerificationError < DecodeError; end
+  class ExpiredSignature < DecodeError; end
+  class IncorrectAlgorithm < DecodeError; end
+  class ImmatureSignature < DecodeError; end
+  class InvalidIssuerError < DecodeError; end
+  class UnsupportedEcdsaCurve < IncorrectAlgorithm; end
+  class InvalidIatError < DecodeError; end
+  class InvalidAudError < DecodeError; end
+  class InvalidSubError < DecodeError; end
+  class InvalidJtiError < DecodeError; end
+  class InvalidPayload < DecodeError; end
+  class MissingRequiredClaim < DecodeError; end
 
-  JWKError           = Class.new(DecodeError)
+  class JWKError < DecodeError; end
 end

data/lib/jwt/jwk/ec.rb

@@ -0,0 +1,236 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module JWT
+  module JWK
+    class EC < KeyBase # rubocop:disable Metrics/ClassLength
+      KTY    = 'EC'
+      KTYS   = [KTY, OpenSSL::PKey::EC, JWT::JWK::EC].freeze
+      BINARY = 2
+      EC_PUBLIC_KEY_ELEMENTS = %i[kty crv x y].freeze
+      EC_PRIVATE_KEY_ELEMENTS = %i[d].freeze
+      EC_KEY_ELEMENTS = (EC_PRIVATE_KEY_ELEMENTS + EC_PUBLIC_KEY_ELEMENTS).freeze
+
+      def initialize(key, params = nil, options = {})
+        params ||= {}
+
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
+
+        key_params = extract_key_params(key)
+
+        params = params.transform_keys(&:to_sym)
+        check_jwk_params!(key_params, params)
+
+        super(options, key_params.merge(params))
+      end
+
+      def keypair
+        ec_key
+      end
+
+      def private?
+        ec_key.private_key?
+      end
+
+      def signing_key
+        ec_key
+      end
+
+      def verify_key
+        ec_key
+      end
+
+      def public_key
+        ec_key
+      end
+
+      def members
+        EC_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
+      end
+
+      def export(options = {})
+        exported = parameters.clone
+        exported.reject! { |k, _| EC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
+        exported
+      end
+
+      def key_digest
+        _crv, x_octets, y_octets = keypair_components(ec_key)
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(x_octets, BINARY)),
+                                            OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(y_octets, BINARY))])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      def []=(key, value)
+        if EC_KEY_ELEMENTS.include?(key.to_sym)
+          raise ArgumentError, 'cannot overwrite cryptographic key attributes'
+        end
+
+        super(key, value)
+      end
+
+      private
+
+      def ec_key
+        @ec_key ||= create_ec_key(self[:crv], self[:x], self[:y], self[:d])
+      end
+
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::EC
+          key.export(include_private: true)
+        when OpenSSL::PKey::EC # Accept OpenSSL key as input
+          @ec_key = key # Preserve the object to avoid recreation
+          parse_ec_key(key)
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type OpenSSL::PKey::EC or Hash with key parameters'
+        end
+      end
+
+      def check_jwk_params!(key_params, params)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (EC_KEY_ELEMENTS & params.keys).empty?
+        raise JWT::JWKError, "Incorrect 'kty' value: #{key_params[:kty]}, expected #{KTY}" unless key_params[:kty] == KTY
+        raise JWT::JWKError, 'Key format is invalid for EC' unless key_params[:crv] && key_params[:x] && key_params[:y]
+      end
+
+      def keypair_components(ec_keypair)
+        encoded_point = ec_keypair.public_key.to_bn.to_s(BINARY)
+        case ec_keypair.group.curve_name
+        when 'prime256v1'
+          crv = 'P-256'
+          x_octets, y_octets = encoded_point.unpack('xa32a32')
+        when 'secp256k1'
+          crv = 'P-256K'
+          x_octets, y_octets = encoded_point.unpack('xa32a32')
+        when 'secp384r1'
+          crv = 'P-384'
+          x_octets, y_octets = encoded_point.unpack('xa48a48')
+        when 'secp521r1'
+          crv = 'P-521'
+          x_octets, y_octets = encoded_point.unpack('xa66a66')
+        else
+          raise JWT::JWKError, "Unsupported curve '#{ec_keypair.group.curve_name}'"
+        end
+        [crv, x_octets, y_octets]
+      end
+
+      def encode_octets(octets)
+        return unless octets
+
+        ::JWT::Base64.url_encode(octets)
+      end
+
+      def encode_open_ssl_bn(key_part)
+        ::JWT::Base64.url_encode(key_part.to_s(BINARY))
+      end
+
+      def parse_ec_key(key)
+        crv, x_octets, y_octets = keypair_components(key)
+        octets = key.private_key&.to_bn&.to_s(BINARY)
+        {
+          kty: KTY,
+          crv: crv,
+          x: encode_octets(x_octets),
+          y: encode_octets(y_octets),
+          d: encode_octets(octets)
+        }.compact
+      end
+
+      if ::JWT.openssl_3?
+        def create_ec_key(jwk_crv, jwk_x, jwk_y, jwk_d) # rubocop:disable Metrics/MethodLength
+          curve = EC.to_openssl_curve(jwk_crv)
+
+          x_octets = decode_octets(jwk_x)
+          y_octets = decode_octets(jwk_y)
+
+          point = OpenSSL::PKey::EC::Point.new(
+            OpenSSL::PKey::EC::Group.new(curve),
+            OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+          )
+
+          sequence = if jwk_d
+            # https://datatracker.ietf.org/doc/html/rfc5915.html
+            # ECPrivateKey ::= SEQUENCE {
+            #   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+            #   privateKey     OCTET STRING,
+            #   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+            #   publicKey  [1] BIT STRING OPTIONAL
+            # }
+
+            OpenSSL::ASN1::Sequence([
+                                      OpenSSL::ASN1::Integer(1),
+                                      OpenSSL::ASN1::OctetString(OpenSSL::BN.new(decode_octets(jwk_d), 2).to_s(2)),
+                                      OpenSSL::ASN1::ObjectId(curve, 0, :EXPLICIT),
+                                      OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
+                                    ])
+          else
+            OpenSSL::ASN1::Sequence([
+                                      OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
+                                      OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+                                    ])
+          end
+
+          OpenSSL::PKey::EC.new(sequence.to_der)
+        end
+      else
+        def create_ec_key(jwk_crv, jwk_x, jwk_y, jwk_d)
+          curve = EC.to_openssl_curve(jwk_crv)
+
+          x_octets = decode_octets(jwk_x)
+          y_octets = decode_octets(jwk_y)
+
+          key = OpenSSL::PKey::EC.new(curve)
+
+          # The details of the `Point` instantiation are covered in:
+          # - https://docs.ruby-lang.org/en/2.4.0/OpenSSL/PKey/EC.html
+          # - https://www.openssl.org/docs/manmaster/man3/EC_POINT_new.html
+          # - https://tools.ietf.org/html/rfc5480#section-2.2
+          # - https://www.secg.org/SEC1-Ver-1.0.pdf
+          # Section 2.3.3 of the last of these references specifies that the
+          # encoding of an uncompressed point consists of the byte `0x04` followed
+          # by the x value then the y value.
+          point = OpenSSL::PKey::EC::Point.new(
+            OpenSSL::PKey::EC::Group.new(curve),
+            OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+          )
+
+          key.public_key = point
+          key.private_key = OpenSSL::BN.new(decode_octets(jwk_d), 2) if jwk_d
+
+          key
+        end
+      end
+
+      def decode_octets(jwk_data)
+        ::JWT::Base64.url_decode(jwk_data)
+      end
+
+      def decode_open_ssl_bn(jwk_data)
+        OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY)
+      end
+
+      class << self
+        def import(jwk_data)
+          new(jwk_data)
+        end
+
+        def to_openssl_curve(crv)
+          # The JWK specs and OpenSSL use different names for the same curves.
+          # See https://tools.ietf.org/html/rfc5480#section-2.1.1.1 for some
+          # pointers on different names for common curves.
+          case crv
+          when 'P-256' then 'prime256v1'
+          when 'P-384' then 'secp384r1'
+          when 'P-521' then 'secp521r1'
+          when 'P-256K' then 'secp256k1'
+          else raise JWT::JWKError, 'Invalid curve provided'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwk/hmac.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class HMAC < KeyBase
+      KTY  = 'oct'
+      KTYS = [KTY, String, JWT::JWK::HMAC].freeze
+      HMAC_PUBLIC_KEY_ELEMENTS = %i[kty].freeze
+      HMAC_PRIVATE_KEY_ELEMENTS = %i[k].freeze
+      HMAC_KEY_ELEMENTS = (HMAC_PRIVATE_KEY_ELEMENTS + HMAC_PUBLIC_KEY_ELEMENTS).freeze
+
+      def initialize(key, params = nil, options = {})
+        params ||= {}
+
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
+
+        key_params = extract_key_params(key)
+
+        params = params.transform_keys(&:to_sym)
+        check_jwk(key_params, params)
+
+        super(options, key_params.merge(params))
+      end
+
+      def keypair
+        secret
+      end
+
+      def private?
+        true
+      end
+
+      def public_key
+        nil
+      end
+
+      def verify_key
+        secret
+      end
+
+      def signing_key
+        secret
+      end
+
+      # See https://tools.ietf.org/html/rfc7517#appendix-A.3
+      def export(options = {})
+        exported = parameters.clone
+        exported.reject! { |k, _| HMAC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
+        exported
+      end
+
+      def members
+        HMAC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
+      end
+
+      def key_digest
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::UTF8String.new(signing_key),
+                                            OpenSSL::ASN1::UTF8String.new(KTY)])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      def []=(key, value)
+        if HMAC_KEY_ELEMENTS.include?(key.to_sym)
+          raise ArgumentError, 'cannot overwrite cryptographic key attributes'
+        end
+
+        super(key, value)
+      end
+
+      private
+
+      def secret
+        self[:k]
+      end
+
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::HMAC
+          key.export(include_private: true)
+        when String # Accept String key as input
+          { kty: KTY, k: key }
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type String or Hash with key parameters'
+        end
+      end
+
+      def check_jwk(keypair, params)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (HMAC_KEY_ELEMENTS & params.keys).empty?
+        raise JWT::JWKError, "Incorrect 'kty' value: #{keypair[:kty]}, expected #{KTY}" unless keypair[:kty] == KTY
+        raise JWT::JWKError, 'Key format is invalid for HMAC' unless keypair[:k]
+      end
+
+      class << self
+        def import(jwk_data)
+          new(jwk_data)
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwk/key_base.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class KeyBase
+      def self.inherited(klass)
+        super
+        ::JWT::JWK.classes << klass
+      end
+
+      def initialize(options, params = {})
+        options ||= {}
+
+        @parameters = params.transform_keys(&:to_sym) # Uniform interface
+
+        # For backwards compatibility, kid_generator may be specified in the parameters
+        options[:kid_generator] ||= @parameters.delete(:kid_generator)
+
+        # Make sure the key has a kid
+        kid_generator = options[:kid_generator] || ::JWT.configuration.jwk.kid_generator
+        self[:kid] ||= kid_generator.new(self).generate
+      end
+
+      def kid
+        self[:kid]
+      end
+
+      def hash
+        self[:kid].hash
+      end
+
+      def [](key)
+        @parameters[key.to_sym]
+      end
+
+      def []=(key, value)
+        @parameters[key.to_sym] = value
+      end
+
+      def ==(other)
+        self[:kid] == other[:kid]
+      end
+
+      alias eql? ==
+
+      def <=>(other)
+        self[:kid] <=> other[:kid]
+      end
+
+      private
+
+      attr_reader :parameters
+    end
+  end
+end