jwt 2.2.1 → 2.8.1

data/lib/jwt/claims_validator.rb

@@ -1,33 +1,37 @@
-require_relative './error'
+# frozen_string_literal: true
+
+require_relative 'error'
 
 module JWT
   class ClaimsValidator
-    INTEGER_CLAIMS = %i[
+    NUMERIC_CLAIMS = %i[
       exp
       iat
       nbf
     ].freeze
 
     def initialize(payload)
-      @payload = payload.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }
+      @payload = payload.transform_keys(&:to_sym)
     end
 
     def validate!
-      validate_int_claims
+      validate_numeric_claims
 
       true
     end
 
     private
 
-    def validate_int_claims
-      INTEGER_CLAIMS.each do |claim|
-        validate_is_int(claim) if @payload.key?(claim)
+    def validate_numeric_claims
+      NUMERIC_CLAIMS.each do |claim|
+        validate_is_numeric(claim) if @payload.key?(claim)
       end
     end
 
-    def validate_is_int(claim)
-      raise InvalidPayload, "#{claim} claim must be an Integer but it is a #{@payload[claim].class}" unless @payload[claim].is_a?(Integer)
+    def validate_is_numeric(claim)
+      return if @payload[claim].is_a?(Numeric)
+
+      raise InvalidPayload, "#{claim} claim must be a Numeric value but it is a #{@payload[claim].class}"
     end
   end
 end

data/lib/jwt/configuration/container.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative 'decode_configuration'
+require_relative 'jwk_configuration'
+
+module JWT
+  module Configuration
+    class Container
+      attr_accessor :decode, :jwk, :strict_base64_decoding
+      attr_reader :deprecation_warnings
+
+      def initialize
+        reset!
+      end
+
+      def reset!
+        @decode                 = DecodeConfiguration.new
+        @jwk                    = JwkConfiguration.new
+        @strict_base64_decoding = false
+
+        self.deprecation_warnings = :once
+      end
+
+      DEPRECATION_WARNINGS_VALUES = %i[once warn silent].freeze
+      def deprecation_warnings=(value)
+        raise ArgumentError, "Invalid deprecation_warnings value #{value}. Supported values: #{DEPRECATION_WARNINGS_VALUES}" unless DEPRECATION_WARNINGS_VALUES.include?(value)
+
+        @deprecation_warnings = value
+      end
+    end
+  end
+end

data/lib/jwt/configuration/decode_configuration.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module JWT
+  module Configuration
+    class DecodeConfiguration
+      attr_accessor :verify_expiration,
+                    :verify_not_before,
+                    :verify_iss,
+                    :verify_iat,
+                    :verify_jti,
+                    :verify_aud,
+                    :verify_sub,
+                    :leeway,
+                    :algorithms,
+                    :required_claims
+
+      def initialize
+        @verify_expiration = true
+        @verify_not_before = true
+        @verify_iss = false
+        @verify_iat = false
+        @verify_jti = false
+        @verify_aud = false
+        @verify_sub = false
+        @leeway = 0
+        @algorithms = ['HS256']
+        @required_claims = []
+      end
+
+      def to_h
+        {
+          verify_expiration: verify_expiration,
+          verify_not_before: verify_not_before,
+          verify_iss: verify_iss,
+          verify_iat: verify_iat,
+          verify_jti: verify_jti,
+          verify_aud: verify_aud,
+          verify_sub: verify_sub,
+          leeway: leeway,
+          algorithms: algorithms,
+          required_claims: required_claims
+        }
+      end
+    end
+  end
+end

data/lib/jwt/configuration/jwk_configuration.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require_relative '../jwk/kid_as_key_digest'
+require_relative '../jwk/thumbprint'
+
+module JWT
+  module Configuration
+    class JwkConfiguration
+      def initialize
+        self.kid_generator_type = :key_digest
+      end
+
+      def kid_generator_type=(value)
+        self.kid_generator = case value
+                             when :key_digest
+                               JWT::JWK::KidAsKeyDigest
+                             when :rfc7638_thumbprint
+                               JWT::JWK::Thumbprint
+                             else
+                               raise ArgumentError, "#{value} is not a valid kid generator type."
+        end
+      end
+
+      attr_accessor :kid_generator
+    end
+  end
+end

data/lib/jwt/configuration.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative 'configuration/container'
+
+module JWT
+  module Configuration
+    def configure
+      yield(configuration)
+    end
+
+    def configuration
+      @configuration ||= ::JWT::Configuration::Container.new
+    end
+  end
+end

data/lib/jwt/decode.rb

@@ -2,14 +2,16 @@
 
 require 'json'
 
-require 'jwt/signature'
 require 'jwt/verify'
+require 'jwt/x5c_key_finder'
+
 # JWT::Decode module
 module JWT
   # Decoding logic for JWT
   class Decode
     def initialize(jwt, key, verify, options, &keyfinder)
       raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
+
       @jwt = jwt
       @key = key
       @options = options
@@ -22,51 +24,103 @@ module JWT
     def decode_segments
       validate_segment_count!
       if @verify
-        decode_crypto
+        decode_signature
+        verify_algo
+        set_key
         verify_signature
         verify_claims
       end
       raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
+
       [payload, header]
     end
 
     private
 
     def verify_signature
-      @key = find_key(&@keyfinder) if @keyfinder
-      @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
+      return unless @key || @verify
+
+      return if none_algorithm?
+
+      raise JWT::DecodeError, 'No verification key available' unless @key
+
+      return if Array(@key).any? { |key| verify_signature_for?(key) }
+
+      raise(JWT::VerificationError, 'Signature verification failed')
+    end
 
+    def verify_algo
       raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
-      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
+      raise(JWT::IncorrectAlgorithm, 'Token is missing alg header') unless alg_in_header
+      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') if allowed_and_valid_algorithms.empty?
+    end
+
+    def set_key
+      @key = find_key(&@keyfinder) if @keyfinder
+      @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks], allow_nil_kid: @options[:allow_nil_kid]).key_for(header['kid']) if @options[:jwks]
+      if (x5c_options = @options[:x5c])
+        @key = X5cKeyFinder.new(x5c_options[:root_certificates], x5c_options[:crls]).from(header['x5c'])
+      end
+    end
 
-      Signature.verify(header['alg'], @key, signing_input, @signature)
+    def verify_signature_for?(key)
+      allowed_and_valid_algorithms.any? do |alg|
+        alg.verify(data: signing_input, signature: @signature, verification_key: key)
+      end
     end
 
-    def options_includes_algo_in_header?
-      allowed_algorithms.include? header['alg']
+    def allowed_and_valid_algorithms
+      @allowed_and_valid_algorithms ||= allowed_algorithms.select { |alg| alg.valid_alg?(alg_in_header) }
     end
 
-    def allowed_algorithms
-      if @options.key?(:algorithm)
-        [@options[:algorithm]]
-      else
-        @options[:algorithms] || []
+    # Order is very important - first check for string keys, next for symbols
+    ALGORITHM_KEYS = ['algorithm',
+                      :algorithm,
+                      'algorithms',
+                      :algorithms].freeze
+
+    def given_algorithms
+      ALGORITHM_KEYS.each do |alg_key|
+        alg = @options[alg_key]
+        return Array(alg) if alg
       end
+      []
+    end
+
+    def allowed_algorithms
+      @allowed_algorithms ||= resolve_allowed_algorithms
+    end
+
+    def resolve_allowed_algorithms
+      algs = given_algorithms.map { |alg| JWA.create(alg) }
+
+      sort_by_alg_header(algs)
+    end
+
+    # Move algorithms matching the JWT alg header to the beginning of the list
+    def sort_by_alg_header(algs)
+      return algs if algs.size <= 1
+
+      algs.partition { |alg| alg.valid_alg?(alg_in_header) }.flatten
     end
 
     def find_key(&keyfinder)
       key = (keyfinder.arity == 2 ? yield(header, payload) : yield(header))
-      raise JWT::DecodeError, 'No verification key available' unless key
-      key
+      # key can be of type [string, nil, OpenSSL::PKey, Array]
+      return key if key && !Array(key).empty?
+
+      raise JWT::DecodeError, 'No verification key available'
     end
 
     def verify_claims
       Verify.verify_claims(payload, @options)
+      Verify.verify_required_claims(payload, @options)
     end
 
     def validate_segment_count!
       return if segment_length == 3
       return if !@verify && segment_length == 2 # If no verifying required, the signature is not needed
+      return if segment_length == 2 && none_algorithm?
 
       raise(JWT::DecodeError, 'Not enough or too many segments')
     end
@@ -75,8 +129,16 @@ module JWT
       @segments.count
     end
 
-    def decode_crypto
-      @signature = JWT::Base64.url_decode(@segments[2])
+    def none_algorithm?
+      alg_in_header == 'none'
+    end
+
+    def decode_signature
+      @signature = ::JWT::Base64.url_decode(@segments[2] || '')
+    end
+
+    def alg_in_header
+      header['alg']
     end
 
     def header
@@ -92,7 +154,7 @@ module JWT
     end
 
     def parse_and_decode(segment)
-      JWT::JSON.parse(JWT::Base64.url_decode(segment))
+      JWT::JSON.parse(::JWT::Base64.url_decode(segment))
     rescue ::JSON::ParserError
       raise JWT::DecodeError, 'Invalid segment encoding'
     end

data/lib/jwt/deprecations.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module JWT
+  # Deprecations module to handle deprecation warnings in the gem
+  module Deprecations
+    class << self
+      def warning(message)
+        case JWT.configuration.deprecation_warnings
+        when :warn
+          warn("[DEPRECATION WARNING] #{message}")
+        when :once
+          return if record_warned(message)
+
+          warn("[DEPRECATION WARNING] #{message}")
+        end
+      end
+
+      private
+
+      def record_warned(message)
+        @warned ||= []
+        return true if @warned.include?(message)
+
+        @warned << message
+        false
+      end
+    end
+  end
+end

data/lib/jwt/encode.rb

@@ -1,23 +1,25 @@
 # frozen_string_literal: true
 
-require_relative './claims_validator'
+require_relative 'jwa'
+require_relative 'claims_validator'
 
 # JWT::Encode module
 module JWT
   # Encoding logic for JWT
   class Encode
-    ALG_NONE = 'none'.freeze
-    ALG_KEY  = 'alg'.freeze
+    ALG_KEY = 'alg'
 
     def initialize(options)
-      @payload   = options[:payload]
-      @key       = options[:key]
-      @algorithm = options[:algorithm]
-      @headers   = options[:headers].each_with_object({}) { |(key, value), headers| headers[key.to_s] = value }
+      @payload          = options[:payload]
+      @key              = options[:key]
+      @algorithm        = JWA.create(options[:algorithm])
+      @headers          = options[:headers].transform_keys(&:to_s)
+      @headers[ALG_KEY] = @algorithm.alg
     end
 
     def segments
-      @segments ||= combine(encoded_header_and_payload, encoded_signature)
+      validate_claims!
+      combine(encoded_header_and_payload, encoded_signature)
     end
 
     private
@@ -39,26 +41,29 @@ module JWT
     end
 
     def encode_header
-      @headers[ALG_KEY] = @algorithm
-      encode(@headers)
+      encode_data(@headers)
     end
 
     def encode_payload
-      if @payload && @payload.is_a?(Hash)
-        ClaimsValidator.new(@payload).validate!
-      end
+      encode_data(@payload)
+    end
 
-      encode(@payload)
+    def signature
+      @algorithm.sign(data: encoded_header_and_payload, signing_key: @key)
     end
 
-    def encode_signature
-      return '' if @algorithm == ALG_NONE
+    def validate_claims!
+      return unless @payload.is_a?(Hash)
 
-      JWT::Base64.url_encode(JWT::Signature.sign(@algorithm, encoded_header_and_payload, @key))
+      ClaimsValidator.new(@payload).validate!
+    end
+
+    def encode_signature
+      ::JWT::Base64.url_encode(signature)
     end
 
-    def encode(data)
-      JWT::Base64.url_encode(JWT::JSON.generate(data))
+    def encode_data(data)
+      ::JWT::Base64.url_encode(JWT::JSON.generate(data))
     end
 
     def combine(*parts)

data/lib/jwt/error.rb

@@ -1,20 +1,23 @@
 # frozen_string_literal: true
 
 module JWT
-  EncodeError             = Class.new(StandardError)
-  DecodeError             = Class.new(StandardError)
-  RequiredDependencyError = Class.new(StandardError)
+  class EncodeError < StandardError; end
+  class DecodeError < StandardError; end
+  class RequiredDependencyError < StandardError; end
 
-  VerificationError  = Class.new(DecodeError)
-  ExpiredSignature   = Class.new(DecodeError)
-  IncorrectAlgorithm = Class.new(DecodeError)
-  ImmatureSignature  = Class.new(DecodeError)
-  InvalidIssuerError = Class.new(DecodeError)
-  InvalidIatError    = Class.new(DecodeError)
-  InvalidAudError    = Class.new(DecodeError)
-  InvalidSubError    = Class.new(DecodeError)
-  InvalidJtiError    = Class.new(DecodeError)
-  InvalidPayload     = Class.new(DecodeError)
+  class VerificationError < DecodeError; end
+  class ExpiredSignature < DecodeError; end
+  class IncorrectAlgorithm < DecodeError; end
+  class ImmatureSignature < DecodeError; end
+  class InvalidIssuerError < DecodeError; end
+  class UnsupportedEcdsaCurve < IncorrectAlgorithm; end
+  class InvalidIatError < DecodeError; end
+  class InvalidAudError < DecodeError; end
+  class InvalidSubError < DecodeError; end
+  class InvalidJtiError < DecodeError; end
+  class InvalidPayload < DecodeError; end
+  class MissingRequiredClaim < DecodeError; end
+  class Base64DecodeError < DecodeError; end
 
-  JWKError           = Class.new(DecodeError)
+  class JWKError < DecodeError; end
 end

data/lib/jwt/jwa/ecdsa.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module Ecdsa
+      module_function
+
+      NAMED_CURVES = {
+        'prime256v1' => {
+          algorithm: 'ES256',
+          digest: 'sha256'
+        },
+        'secp256r1' => { # alias for prime256v1
+          algorithm: 'ES256',
+          digest: 'sha256'
+        },
+        'secp384r1' => {
+          algorithm: 'ES384',
+          digest: 'sha384'
+        },
+        'secp521r1' => {
+          algorithm: 'ES512',
+          digest: 'sha512'
+        },
+        'secp256k1' => {
+          algorithm: 'ES256K',
+          digest: 'sha256'
+        }
+      }.freeze
+
+      SUPPORTED = NAMED_CURVES.map { |_, c| c[:algorithm] }.uniq.freeze
+
+      def sign(algorithm, msg, key)
+        curve_definition = curve_by_name(key.group.curve_name)
+        key_algorithm = curve_definition[:algorithm]
+        if algorithm != key_algorithm
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} signing key was provided"
+        end
+
+        digest = OpenSSL::Digest.new(curve_definition[:digest])
+        asn1_to_raw(key.dsa_sign_asn1(digest.digest(msg)), key)
+      end
+
+      def verify(algorithm, public_key, signing_input, signature)
+        curve_definition = curve_by_name(public_key.group.curve_name)
+        key_algorithm = curve_definition[:algorithm]
+        if algorithm != key_algorithm
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided"
+        end
+
+        digest = OpenSSL::Digest.new(curve_definition[:digest])
+        public_key.dsa_verify_asn1(digest.digest(signing_input), raw_to_asn1(signature, public_key))
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::VerificationError, 'Signature verification raised'
+      end
+
+      def curve_by_name(name)
+        NAMED_CURVES.fetch(name) do
+          raise UnsupportedEcdsaCurve, "The ECDSA curve '#{name}' is not supported"
+        end
+      end
+
+      def raw_to_asn1(signature, private_key)
+        byte_size = (private_key.group.degree + 7) / 8
+        sig_bytes = signature[0..(byte_size - 1)]
+        sig_char = signature[byte_size..-1] || ''
+        OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+      end
+
+      def asn1_to_raw(signature, public_key)
+        byte_size = (public_key.group.degree + 7) / 8
+        OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
+      end
+    end
+  end
+end

data/lib/jwt/jwa/eddsa.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module Eddsa
+      SUPPORTED = %w[ED25519 EdDSA].freeze
+      SUPPORTED_DOWNCASED = SUPPORTED.map(&:downcase).freeze
+
+      class << self
+        def sign(algorithm, msg, key)
+          unless key.is_a?(RbNaCl::Signatures::Ed25519::SigningKey)
+            raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey"
+          end
+
+          validate_algorithm!(algorithm)
+
+          key.sign(msg)
+        end
+
+        def verify(algorithm, public_key, signing_input, signature)
+          unless public_key.is_a?(RbNaCl::Signatures::Ed25519::VerifyKey)
+            raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey"
+          end
+
+          validate_algorithm!(algorithm)
+
+          public_key.verify(signature, signing_input)
+        rescue RbNaCl::CryptoError
+          false
+        end
+
+        private
+
+        def validate_algorithm!(algorithm)
+          return if SUPPORTED_DOWNCASED.include?(algorithm.downcase)
+
+          raise IncorrectAlgorithm, "Algorithm #{algorithm} not supported. Supported algoritms are #{SUPPORTED.join(', ')}"
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwa/hmac.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module Hmac
+      module_function
+
+      MAPPING = {
+        'HS256' => OpenSSL::Digest::SHA256,
+        'HS384' => OpenSSL::Digest::SHA384,
+        'HS512' => OpenSSL::Digest::SHA512
+      }.freeze
+
+      SUPPORTED = MAPPING.keys
+
+      def sign(algorithm, msg, key)
+        key ||= ''
+
+        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+        OpenSSL::HMAC.digest(MAPPING[algorithm].new, key, msg)
+      rescue OpenSSL::HMACError => e
+        if key == '' && e.message == 'EVP_PKEY_new_mac_key: malloc failure'
+          raise JWT::DecodeError, 'OpenSSL 3.0 does not support nil or empty hmac_secret'
+        end
+
+        raise e
+      end
+
+      def verify(algorithm, key, signing_input, signature)
+        SecurityUtils.secure_compare(signature, sign(algorithm, signing_input, key))
+      end
+
+      # Copy of https://github.com/rails/rails/blob/v7.0.3.1/activesupport/lib/active_support/security_utils.rb
+      # rubocop:disable Naming/MethodParameterName, Style/StringLiterals, Style/NumericPredicate
+      module SecurityUtils
+        # Constant time string comparison, for fixed length strings.
+        #
+        # The values compared should be of fixed length, such as strings
+        # that have already been processed by HMAC. Raises in case of length mismatch.
+
+        if defined?(OpenSSL.fixed_length_secure_compare)
+          def fixed_length_secure_compare(a, b)
+            OpenSSL.fixed_length_secure_compare(a, b)
+          end
+        else
+          # :nocov:
+          def fixed_length_secure_compare(a, b)
+            raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
+
+            l = a.unpack "C#{a.bytesize}"
+
+            res = 0
+            b.each_byte { |byte| res |= byte ^ l.shift }
+            res == 0
+          end
+          # :nocov:
+        end
+        module_function :fixed_length_secure_compare
+
+        # Secure string comparison for strings of variable length.
+        #
+        # While a timing attack would not be able to discern the content of
+        # a secret compared via secure_compare, it is possible to determine
+        # the secret length. This should be considered when using secure_compare
+        # to compare weak, short secrets to user input.
+        def secure_compare(a, b)
+          a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
+        end
+        module_function :secure_compare
+      end
+      # rubocop:enable Naming/MethodParameterName, Style/StringLiterals, Style/NumericPredicate
+    end
+  end
+end