jwt 2.2.1 → 2.8.1

data/lib/jwt/jwa/hmac_rbnacl.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module JWT
+  module Algos
+    module HmacRbNaCl
+      MAPPING   = { 'HS512256' => ::RbNaCl::HMAC::SHA512256 }.freeze
+      SUPPORTED = MAPPING.keys
+      class << self
+        def sign(algorithm, msg, key)
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          if (hmac = resolve_algorithm(algorithm))
+            hmac.auth(key_for_rbnacl(hmac, key).encode('binary'), msg.encode('binary'))
+          else
+            Hmac.sign(algorithm, msg, key)
+          end
+        end
+
+        def verify(algorithm, key, signing_input, signature)
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          if (hmac = resolve_algorithm(algorithm))
+            hmac.verify(key_for_rbnacl(hmac, key).encode('binary'), signature.encode('binary'), signing_input.encode('binary'))
+          else
+            Hmac.verify(algorithm, key, signing_input, signature)
+          end
+        rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
+          false
+        end
+
+        private
+
+        def key_for_rbnacl(hmac, key)
+          key ||= ''
+          raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+          return padded_empty_key(hmac.key_bytes) if key == ''
+
+          key
+        end
+
+        def resolve_algorithm(algorithm)
+          MAPPING.fetch(algorithm)
+        end
+
+        def padded_empty_key(length)
+          Array.new(length, 0x0).pack('C*').encode('binary')
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwa/hmac_rbnacl_fixed.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module JWT
+  module Algos
+    module HmacRbNaClFixed
+      MAPPING   = { 'HS512256' => ::RbNaCl::HMAC::SHA512256 }.freeze
+      SUPPORTED = MAPPING.keys
+
+      class << self
+        def sign(algorithm, msg, key)
+          key ||= ''
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+          if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
+            hmac.auth(padded_key_bytes(key, hmac.key_bytes), msg.encode('binary'))
+          else
+            Hmac.sign(algorithm, msg, key)
+          end
+        end
+
+        def verify(algorithm, key, signing_input, signature)
+          key ||= ''
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+          if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
+            hmac.verify(padded_key_bytes(key, hmac.key_bytes), signature.encode('binary'), signing_input.encode('binary'))
+          else
+            Hmac.verify(algorithm, key, signing_input, signature)
+          end
+        rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
+          false
+        end
+
+        def resolve_algorithm(algorithm)
+          MAPPING.fetch(algorithm)
+        end
+
+        def padded_key_bytes(key, bytesize)
+          key.bytes.fill(0, key.bytesize...bytesize).pack('C*')
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwa/none.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module None
+      module_function
+
+      SUPPORTED = %w[none].freeze
+
+      def sign(*)
+        ''
+      end
+
+      def verify(*)
+        true
+      end
+    end
+  end
+end

data/lib/jwt/jwa/ps.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module Ps
+      # RSASSA-PSS signing algorithms
+
+      module_function
+
+      SUPPORTED = %w[PS256 PS384 PS512].freeze
+
+      def sign(algorithm, msg, key)
+        unless key.is_a?(::OpenSSL::PKey::RSA)
+          raise EncodeError, "The given key is a #{key_class}. It has to be an OpenSSL::PKey::RSA instance."
+        end
+
+        translated_algorithm = algorithm.sub('PS', 'sha')
+
+        key.sign_pss(translated_algorithm, msg, salt_length: :digest, mgf1_hash: translated_algorithm)
+      end
+
+      def verify(algorithm, public_key, signing_input, signature)
+        translated_algorithm = algorithm.sub('PS', 'sha')
+        public_key.verify_pss(translated_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: translated_algorithm)
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::VerificationError, 'Signature verification raised'
+      end
+    end
+  end
+end

data/lib/jwt/jwa/rsa.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module Rsa
+      module_function
+
+      SUPPORTED = %w[RS256 RS384 RS512].freeze
+
+      def sign(algorithm, msg, key)
+        unless key.is_a?(OpenSSL::PKey::RSA)
+          raise EncodeError, "The given key is a #{key.class}. It has to be an OpenSSL::PKey::RSA instance"
+        end
+
+        key.sign(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), msg)
+      end
+
+      def verify(algorithm, public_key, signing_input, signature)
+        public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::VerificationError, 'Signature verification raised'
+      end
+    end
+  end
+end

data/lib/jwt/{algos → jwa}/unsupported.rb

@@ -1,16 +1,19 @@
+# frozen_string_literal: true
+
 module JWT
-  module Algos
+  module JWA
     module Unsupported
       module_function
 
-      SUPPORTED = Object.new.tap { |object| object.define_singleton_method(:include?) { |*| true } }
-      def verify(*)
-        raise JWT::VerificationError, 'Algorithm not supported'
-      end
+      SUPPORTED = [].freeze
 
       def sign(*)
         raise NotImplementedError, 'Unsupported signing method'
       end
+
+      def verify(*)
+        raise JWT::VerificationError, 'Algorithm not supported'
+      end
     end
   end
 end

data/lib/jwt/jwa/wrapper.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    class Wrapper
+      attr_reader :alg, :cls
+
+      def initialize(alg, cls)
+        @alg = alg
+        @cls = cls
+      end
+
+      def valid_alg?(alg_to_check)
+        alg&.casecmp(alg_to_check)&.zero? == true
+      end
+
+      def sign(data:, signing_key:)
+        cls.sign(alg, data, signing_key)
+      end
+
+      def verify(data:, signature:, verification_key:)
+        cls.verify(alg, verification_key, data, signature)
+      end
+    end
+  end
+end

data/lib/jwt/jwa.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+begin
+  require 'rbnacl'
+rescue LoadError
+  raise if defined?(RbNaCl)
+end
+
+require_relative 'jwa/hmac'
+require_relative 'jwa/eddsa'
+require_relative 'jwa/ecdsa'
+require_relative 'jwa/rsa'
+require_relative 'jwa/ps'
+require_relative 'jwa/none'
+require_relative 'jwa/unsupported'
+require_relative 'jwa/wrapper'
+
+module JWT
+  module JWA
+    ALGOS = [Hmac, Ecdsa, Rsa, Eddsa, Ps, None, Unsupported].tap do |l|
+      if ::JWT.rbnacl_6_or_greater?
+        require_relative 'jwa/hmac_rbnacl'
+        l << Algos::HmacRbNaCl
+      elsif ::JWT.rbnacl?
+        require_relative 'jwa/hmac_rbnacl_fixed'
+        l << Algos::HmacRbNaClFixed
+      end
+    end.freeze
+
+    class << self
+      def find(algorithm)
+        indexed[algorithm&.downcase]
+      end
+
+      def create(algorithm)
+        return algorithm if JWA.implementation?(algorithm)
+
+        Wrapper.new(*find(algorithm))
+      end
+
+      def implementation?(algorithm)
+        (algorithm.respond_to?(:valid_alg?) && algorithm.respond_to?(:verify)) ||
+          (algorithm.respond_to?(:alg) && algorithm.respond_to?(:sign))
+      end
+
+      private
+
+      def indexed
+        @indexed ||= begin
+          fallback = [nil, Unsupported]
+          ALGOS.each_with_object(Hash.new(fallback)) do |cls, hash|
+            cls.const_get(:SUPPORTED).each do |alg|
+              hash[alg.downcase] = [alg, cls]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwk/ec.rb

@@ -0,0 +1,251 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module JWT
+  module JWK
+    class EC < KeyBase # rubocop:disable Metrics/ClassLength
+      KTY    = 'EC'
+      KTYS   = [KTY, OpenSSL::PKey::EC, JWT::JWK::EC].freeze
+      BINARY = 2
+      EC_PUBLIC_KEY_ELEMENTS = %i[kty crv x y].freeze
+      EC_PRIVATE_KEY_ELEMENTS = %i[d].freeze
+      EC_KEY_ELEMENTS = (EC_PRIVATE_KEY_ELEMENTS + EC_PUBLIC_KEY_ELEMENTS).freeze
+      ZERO_BYTE = "\0".b.freeze
+
+      def initialize(key, params = nil, options = {})
+        params ||= {}
+
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
+
+        key_params = extract_key_params(key)
+
+        params = params.transform_keys(&:to_sym)
+        check_jwk_params!(key_params, params)
+
+        super(options, key_params.merge(params))
+      end
+
+      def keypair
+        ec_key
+      end
+
+      def private?
+        ec_key.private_key?
+      end
+
+      def signing_key
+        ec_key
+      end
+
+      def verify_key
+        ec_key
+      end
+
+      def public_key
+        ec_key
+      end
+
+      def members
+        EC_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
+      end
+
+      def export(options = {})
+        exported = parameters.clone
+        exported.reject! { |k, _| EC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
+        exported
+      end
+
+      def key_digest
+        _crv, x_octets, y_octets = keypair_components(ec_key)
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(x_octets, BINARY)),
+                                            OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(y_octets, BINARY))])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      def []=(key, value)
+        if EC_KEY_ELEMENTS.include?(key.to_sym)
+          raise ArgumentError, 'cannot overwrite cryptographic key attributes'
+        end
+
+        super(key, value)
+      end
+
+      private
+
+      def ec_key
+        @ec_key ||= create_ec_key(self[:crv], self[:x], self[:y], self[:d])
+      end
+
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::EC
+          key.export(include_private: true)
+        when OpenSSL::PKey::EC # Accept OpenSSL key as input
+          @ec_key = key # Preserve the object to avoid recreation
+          parse_ec_key(key)
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type OpenSSL::PKey::EC or Hash with key parameters'
+        end
+      end
+
+      def check_jwk_params!(key_params, params)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (EC_KEY_ELEMENTS & params.keys).empty?
+        raise JWT::JWKError, "Incorrect 'kty' value: #{key_params[:kty]}, expected #{KTY}" unless key_params[:kty] == KTY
+        raise JWT::JWKError, 'Key format is invalid for EC' unless key_params[:crv] && key_params[:x] && key_params[:y]
+      end
+
+      def keypair_components(ec_keypair)
+        encoded_point = ec_keypair.public_key.to_bn.to_s(BINARY)
+        case ec_keypair.group.curve_name
+        when 'prime256v1'
+          crv = 'P-256'
+          x_octets, y_octets = encoded_point.unpack('xa32a32')
+        when 'secp256k1'
+          crv = 'P-256K'
+          x_octets, y_octets = encoded_point.unpack('xa32a32')
+        when 'secp384r1'
+          crv = 'P-384'
+          x_octets, y_octets = encoded_point.unpack('xa48a48')
+        when 'secp521r1'
+          crv = 'P-521'
+          x_octets, y_octets = encoded_point.unpack('xa66a66')
+        else
+          raise JWT::JWKError, "Unsupported curve '#{ec_keypair.group.curve_name}'"
+        end
+        [crv, x_octets, y_octets]
+      end
+
+      def encode_octets(octets)
+        return unless octets
+
+        ::JWT::Base64.url_encode(octets)
+      end
+
+      def encode_open_ssl_bn(key_part)
+        ::JWT::Base64.url_encode(key_part.to_s(BINARY))
+      end
+
+      def parse_ec_key(key)
+        crv, x_octets, y_octets = keypair_components(key)
+        octets = key.private_key&.to_bn&.to_s(BINARY)
+        {
+          kty: KTY,
+          crv: crv,
+          x: encode_octets(x_octets),
+          y: encode_octets(y_octets),
+          d: encode_octets(octets)
+        }.compact
+      end
+
+      if ::JWT.openssl_3?
+        def create_ec_key(jwk_crv, jwk_x, jwk_y, jwk_d) # rubocop:disable Metrics/MethodLength
+          curve = EC.to_openssl_curve(jwk_crv)
+          x_octets = decode_octets(jwk_x)
+          y_octets = decode_octets(jwk_y)
+
+          point = OpenSSL::PKey::EC::Point.new(
+            OpenSSL::PKey::EC::Group.new(curve),
+            OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+          )
+
+          sequence = if jwk_d
+            # https://datatracker.ietf.org/doc/html/rfc5915.html
+            # ECPrivateKey ::= SEQUENCE {
+            #   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+            #   privateKey     OCTET STRING,
+            #   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+            #   publicKey  [1] BIT STRING OPTIONAL
+            # }
+
+            OpenSSL::ASN1::Sequence([
+                                      OpenSSL::ASN1::Integer(1),
+                                      OpenSSL::ASN1::OctetString(OpenSSL::BN.new(decode_octets(jwk_d), 2).to_s(2)),
+                                      OpenSSL::ASN1::ObjectId(curve, 0, :EXPLICIT),
+                                      OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
+                                    ])
+          else
+            OpenSSL::ASN1::Sequence([
+                                      OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
+                                      OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+                                    ])
+          end
+
+          OpenSSL::PKey::EC.new(sequence.to_der)
+        end
+      else
+        def create_ec_key(jwk_crv, jwk_x, jwk_y, jwk_d)
+          curve = EC.to_openssl_curve(jwk_crv)
+
+          x_octets = decode_octets(jwk_x)
+          y_octets = decode_octets(jwk_y)
+
+          key = OpenSSL::PKey::EC.new(curve)
+
+          # The details of the `Point` instantiation are covered in:
+          # - https://docs.ruby-lang.org/en/2.4.0/OpenSSL/PKey/EC.html
+          # - https://www.openssl.org/docs/manmaster/man3/EC_POINT_new.html
+          # - https://tools.ietf.org/html/rfc5480#section-2.2
+          # - https://www.secg.org/SEC1-Ver-1.0.pdf
+          # Section 2.3.3 of the last of these references specifies that the
+          # encoding of an uncompressed point consists of the byte `0x04` followed
+          # by the x value then the y value.
+          point = OpenSSL::PKey::EC::Point.new(
+            OpenSSL::PKey::EC::Group.new(curve),
+            OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+          )
+
+          key.public_key = point
+          key.private_key = OpenSSL::BN.new(decode_octets(jwk_d), 2) if jwk_d
+
+          key
+        end
+      end
+
+      def decode_octets(base64_encoded_coordinate)
+        bytes = ::JWT::Base64.url_decode(base64_encoded_coordinate)
+        # Some base64 encoders on some platform omit a single 0-byte at
+        # the start of either Y or X coordinate of the elliptic curve point.
+        # This leads to an encoding error when data is passed to OpenSSL BN.
+        # It is know to have happend to exported JWKs on a Java application and
+        # on a Flutter/Dart application (both iOS and Android). All that is
+        # needed to fix the problem is adding a leading 0-byte. We know the
+        # required byte is 0 because with any other byte the point is no longer
+        # on the curve - and OpenSSL will actually communicate this via another
+        # exception. The indication of a stripped byte will be the fact that the
+        # coordinates - once decoded into bytes - should always be an even
+        # bytesize. For example, with a P-521 curve, both x and y must be 66 bytes.
+        # With a P-256 curve, both x and y must be 32 and so on. The simplest way
+        # to check for this truncation is thus to check whether the number of bytes
+        # is odd, and restore the leading 0-byte if it is.
+        if bytes.bytesize.odd?
+          ZERO_BYTE + bytes
+        else
+          bytes
+        end
+      end
+
+      class << self
+        def import(jwk_data)
+          new(jwk_data)
+        end
+
+        def to_openssl_curve(crv)
+          # The JWK specs and OpenSSL use different names for the same curves.
+          # See https://tools.ietf.org/html/rfc5480#section-2.1.1.1 for some
+          # pointers on different names for common curves.
+          case crv
+          when 'P-256' then 'prime256v1'
+          when 'P-384' then 'secp384r1'
+          when 'P-521' then 'secp521r1'
+          when 'P-256K' then 'secp256k1'
+          else raise JWT::JWKError, 'Invalid curve provided'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwk/hmac.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class HMAC < KeyBase
+      KTY  = 'oct'
+      KTYS = [KTY, String, JWT::JWK::HMAC].freeze
+      HMAC_PUBLIC_KEY_ELEMENTS = %i[kty].freeze
+      HMAC_PRIVATE_KEY_ELEMENTS = %i[k].freeze
+      HMAC_KEY_ELEMENTS = (HMAC_PRIVATE_KEY_ELEMENTS + HMAC_PUBLIC_KEY_ELEMENTS).freeze
+
+      def initialize(key, params = nil, options = {})
+        params ||= {}
+
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
+
+        key_params = extract_key_params(key)
+
+        params = params.transform_keys(&:to_sym)
+        check_jwk(key_params, params)
+
+        super(options, key_params.merge(params))
+      end
+
+      def keypair
+        secret
+      end
+
+      def private?
+        true
+      end
+
+      def public_key
+        nil
+      end
+
+      def verify_key
+        secret
+      end
+
+      def signing_key
+        secret
+      end
+
+      # See https://tools.ietf.org/html/rfc7517#appendix-A.3
+      def export(options = {})
+        exported = parameters.clone
+        exported.reject! { |k, _| HMAC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
+        exported
+      end
+
+      def members
+        HMAC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
+      end
+
+      def key_digest
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::UTF8String.new(signing_key),
+                                            OpenSSL::ASN1::UTF8String.new(KTY)])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      def []=(key, value)
+        if HMAC_KEY_ELEMENTS.include?(key.to_sym)
+          raise ArgumentError, 'cannot overwrite cryptographic key attributes'
+        end
+
+        super(key, value)
+      end
+
+      private
+
+      def secret
+        self[:k]
+      end
+
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::HMAC
+          key.export(include_private: true)
+        when String # Accept String key as input
+          { kty: KTY, k: key }
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type String or Hash with key parameters'
+        end
+      end
+
+      def check_jwk(keypair, params)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (HMAC_KEY_ELEMENTS & params.keys).empty?
+        raise JWT::JWKError, "Incorrect 'kty' value: #{keypair[:kty]}, expected #{KTY}" unless keypair[:kty] == KTY
+        raise JWT::JWKError, 'Key format is invalid for HMAC' unless keypair[:k]
+      end
+
+      class << self
+        def import(jwk_data)
+          new(jwk_data)
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwk/key_base.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    class KeyBase
+      def self.inherited(klass)
+        super
+        ::JWT::JWK.classes << klass
+      end
+
+      def initialize(options, params = {})
+        options ||= {}
+
+        @parameters = params.transform_keys(&:to_sym) # Uniform interface
+
+        # For backwards compatibility, kid_generator may be specified in the parameters
+        options[:kid_generator] ||= @parameters.delete(:kid_generator)
+
+        # Make sure the key has a kid
+        kid_generator = options[:kid_generator] || ::JWT.configuration.jwk.kid_generator
+        self[:kid] ||= kid_generator.new(self).generate
+      end
+
+      def kid
+        self[:kid]
+      end
+
+      def hash
+        self[:kid].hash
+      end
+
+      def [](key)
+        @parameters[key.to_sym]
+      end
+
+      def []=(key, value)
+        @parameters[key.to_sym] = value
+      end
+
+      def ==(other)
+        other.is_a?(::JWT::JWK::KeyBase) && self[:kid] == other[:kid]
+      end
+
+      alias eql? ==
+
+      def <=>(other)
+        return nil unless other.is_a?(::JWT::JWK::KeyBase)
+
+        self[:kid] <=> other[:kid]
+      end
+
+      private
+
+      attr_reader :parameters
+    end
+  end
+end