jwt 2.2.2 → 2.4.0.beta1

data/lib/jwt/algos/ecdsa.rb

@@ -1,35 +1,53 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Ecdsa
       module_function
 
-      SUPPORTED = %w[ES256 ES384 ES512].freeze
       NAMED_CURVES = {
         'prime256v1' => 'ES256',
+        'secp256r1' => 'ES256', # alias for prime256v1
         'secp384r1' => 'ES384',
         'secp521r1' => 'ES512'
       }.freeze
 
+      SUPPORTED = NAMED_CURVES.values.uniq.freeze
+
       def sign(to_sign)
         algorithm, msg, key = to_sign.values
-        key_algorithm = NAMED_CURVES[key.group.curve_name]
+        curve_definition = curve_by_name(key.group.curve_name)
+        key_algorithm = curve_definition[:algorithm]
         if algorithm != key_algorithm
           raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} signing key was provided"
         end
 
-        digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
+        digest = OpenSSL::Digest.new(curve_definition[:digest])
         SecurityUtils.asn1_to_raw(key.dsa_sign_asn1(digest.digest(msg)), key)
       end
 
       def verify(to_verify)
         algorithm, public_key, signing_input, signature = to_verify.values
-        key_algorithm = NAMED_CURVES[public_key.group.curve_name]
+        curve_definition = curve_by_name(public_key.group.curve_name)
+        key_algorithm = curve_definition[:algorithm]
         if algorithm != key_algorithm
           raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided"
         end
-        digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
+
+        digest = OpenSSL::Digest.new(curve_definition[:digest])
         public_key.dsa_verify_asn1(digest.digest(signing_input), SecurityUtils.raw_to_asn1(signature, public_key))
       end
+
+      def curve_by_name(name)
+        algorithm = NAMED_CURVES.fetch(name) do
+          raise UnsupportedEcdsaCurve, "The ECDSA curve '#{name}' is not supported"
+        end
+
+        {
+          algorithm: algorithm,
+          digest: algorithm.sub('ES', 'sha')
+        }
+      end
     end
   end
 end

data/lib/jwt/algos/eddsa.rb

@@ -1,21 +1,31 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Eddsa
       module_function
 
-      SUPPORTED = %w[ED25519].freeze
+      SUPPORTED = %w[ED25519 EdDSA].freeze
 
       def sign(to_sign)
         algorithm, msg, key = to_sign.values
-        raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey" if key.class != RbNaCl::Signatures::Ed25519::SigningKey
-        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"  if algorithm.downcase.to_sym != key.primitive
+        if key.class != RbNaCl::Signatures::Ed25519::SigningKey
+          raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey"
+        end
+        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
+        end
+
         key.sign(msg)
       end
 
       def verify(to_verify)
         algorithm, public_key, signing_input, signature = to_verify.values
-        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{public_key.primitive} verification key was provided" if algorithm.downcase.to_sym != public_key.primitive
+        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
+        end
         raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey" if public_key.class != RbNaCl::Signatures::Ed25519::VerifyKey
+
         public_key.verify(signature, signing_input)
       end
     end

data/lib/jwt/algos/hmac.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Hmac

data/lib/jwt/algos/none.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module JWT
+  module Algos
+    module None
+      module_function
+
+      SUPPORTED = %w[none].freeze
+
+      def sign(*); end
+
+      def verify(*)
+        true
+      end
+    end
+  end
+end

data/lib/jwt/algos/ps.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Ps
@@ -29,9 +31,7 @@ module JWT
 
       def require_openssl!
         if Object.const_defined?('OpenSSL')
-          major, minor = OpenSSL::VERSION.split('.').first(2)
-
-          unless major.to_i >= 2 && minor.to_i >= 1
+          if ::Gem::Version.new(OpenSSL::VERSION) < ::Gem::Version.new('2.1')
             raise JWT::RequiredDependencyError, "You currently have OpenSSL #{OpenSSL::VERSION}. PS support requires >= 2.1"
           end
         else

data/lib/jwt/algos/rsa.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Rsa
@@ -7,7 +9,8 @@ module JWT
 
       def sign(to_sign)
         algorithm, msg, key = to_sign.values
-        raise EncodeError, "The given key is a #{key.class}. It has to be an OpenSSL::PKey::RSA instance." if key.class == String
+        raise EncodeError, "The given key is a #{key.class}. It has to be an OpenSSL::PKey::RSA instance." if key.instance_of?(String)
+
         key.sign(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), msg)
       end
 

data/lib/jwt/algos/unsupported.rb

@@ -1,16 +1,19 @@
+# frozen_string_literal: true
+
 module JWT
   module Algos
     module Unsupported
       module_function
 
-      SUPPORTED = Object.new.tap { |object| object.define_singleton_method(:include?) { |*| true } }
-      def verify(*)
-        raise JWT::VerificationError, 'Algorithm not supported'
-      end
+      SUPPORTED = [].freeze
 
       def sign(*)
         raise NotImplementedError, 'Unsupported signing method'
       end
+
+      def verify(*)
+        raise JWT::VerificationError, 'Algorithm not supported'
+      end
     end
   end
 end

data/lib/jwt/algos.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'jwt/algos/hmac'
+require 'jwt/algos/eddsa'
+require 'jwt/algos/ecdsa'
+require 'jwt/algos/rsa'
+require 'jwt/algos/ps'
+require 'jwt/algos/none'
+require 'jwt/algos/unsupported'
+
+# JWT::Signature module
+module JWT
+  # Signature logic for JWT
+  module Algos
+    extend self
+
+    ALGOS = [
+      Algos::Hmac,
+      Algos::Ecdsa,
+      Algos::Rsa,
+      Algos::Eddsa,
+      Algos::Ps,
+      Algos::None,
+      Algos::Unsupported
+    ].freeze
+
+    def find(algorithm)
+      indexed[algorithm && algorithm.downcase]
+    end
+
+    private
+
+    def indexed
+      @indexed ||= begin
+        fallback = [Algos::Unsupported, nil]
+        ALGOS.each_with_object(Hash.new(fallback)) do |alg, hash|
+          alg.const_get(:SUPPORTED).each do |code|
+            hash[code.downcase] = [alg, code]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/jwt/claims_validator.rb

@@ -1,33 +1,37 @@
+# frozen_string_literal: true
+
 require_relative './error'
 
 module JWT
   class ClaimsValidator
-    INTEGER_CLAIMS = %i[
+    NUMERIC_CLAIMS = %i[
       exp
       iat
       nbf
     ].freeze
 
     def initialize(payload)
-      @payload = payload.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }
+      @payload = payload.transform_keys(&:to_sym)
     end
 
     def validate!
-      validate_int_claims
+      validate_numeric_claims
 
       true
     end
 
     private
 
-    def validate_int_claims
-      INTEGER_CLAIMS.each do |claim|
-        validate_is_int(claim) if @payload.key?(claim)
+    def validate_numeric_claims
+      NUMERIC_CLAIMS.each do |claim|
+        validate_is_numeric(claim) if @payload.key?(claim)
       end
     end
 
-    def validate_is_int(claim)
-      raise InvalidPayload, "#{claim} claim must be an Integer but it is a #{@payload[claim].class}" unless @payload[claim].is_a?(Integer)
+    def validate_is_numeric(claim)
+      return if @payload[claim].is_a?(Numeric)
+
+      raise InvalidPayload, "#{claim} claim must be a Numeric value but it is a #{@payload[claim].class}"
     end
   end
 end

data/lib/jwt/decode.rb

@@ -4,12 +4,14 @@ require 'json'
 
 require 'jwt/signature'
 require 'jwt/verify'
+require 'jwt/x5c_key_finder'
 # JWT::Decode module
 module JWT
   # Decoding logic for JWT
   class Decode
     def initialize(jwt, key, verify, options, &keyfinder)
       raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
+
       @jwt = jwt
       @key = key
       @options = options
@@ -23,57 +25,85 @@ module JWT
       validate_segment_count!
       if @verify
         decode_crypto
+        verify_algo
+        set_key
         verify_signature
         verify_claims
       end
       raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
+
       [payload, header]
     end
 
     private
 
     def verify_signature
+      return unless @key || @verify
+
+      return if none_algorithm?
+
+      raise JWT::DecodeError, 'No verification key available' unless @key
+
+      return if Array(@key).any? { |key| verify_signature_for?(key) }
+
+      raise(JWT::VerificationError, 'Signature verification failed')
+    end
+
+    def verify_algo
       raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
+      raise(JWT::IncorrectAlgorithm, 'Token is missing alg header') unless algorithm
       raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
+    end
 
+    def set_key
       @key = find_key(&@keyfinder) if @keyfinder
       @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
+      if (x5c_options = @options[:x5c])
+        @key = X5cKeyFinder.new(x5c_options[:root_certificates], x5c_options[:crls]).from(header['x5c'])
+      end
+    end
 
-      Signature.verify(header['alg'], @key, signing_input, @signature)
+    def verify_signature_for?(key)
+      Signature.verify(algorithm, key, signing_input, @signature)
     end
 
     def options_includes_algo_in_header?
-      allowed_algorithms.include? header['alg']
+      allowed_algorithms.any? { |alg| alg.casecmp(algorithm).zero? }
     end
 
     def allowed_algorithms
       # Order is very important - first check for string keys, next for symbols
-      if @options.key?('algorithm')
-        [@options['algorithm']]
+      algos = if @options.key?('algorithm')
+        @options['algorithm']
       elsif @options.key?(:algorithm)
-        [@options[:algorithm]]
+        @options[:algorithm]
       elsif @options.key?('algorithms')
-        @options['algorithms'] || []
+        @options['algorithms']
       elsif @options.key?(:algorithms)
-        @options[:algorithms] || []
+        @options[:algorithms]
       else
         []
       end
+      Array(algos)
     end
 
     def find_key(&keyfinder)
       key = (keyfinder.arity == 2 ? yield(header, payload) : yield(header))
-      raise JWT::DecodeError, 'No verification key available' unless key
-      key
+      # key can be of type [string, nil, OpenSSL::PKey, Array]
+      return key if key && !Array(key).empty?
+
+      raise JWT::DecodeError, 'No verification key available'
     end
 
     def verify_claims
       Verify.verify_claims(payload, @options)
+      Verify.verify_required_claims(payload, @options)
     end
 
     def validate_segment_count!
       return if segment_length == 3
       return if !@verify && segment_length == 2 # If no verifying required, the signature is not needed
+      return if segment_length == 2 && none_algorithm?
 
       raise(JWT::DecodeError, 'Not enough or too many segments')
     end
@@ -82,8 +112,16 @@ module JWT
       @segments.count
     end
 
+    def none_algorithm?
+      algorithm.casecmp('none').zero?
+    end
+
     def decode_crypto
-      @signature = JWT::Base64.url_decode(@segments[2])
+      @signature = Base64.urlsafe_decode64(@segments[2] || '')
+    end
+
+    def algorithm
+      header['alg']
     end
 
     def header
@@ -99,8 +137,8 @@ module JWT
     end
 
     def parse_and_decode(segment)
-      JWT::JSON.parse(JWT::Base64.url_decode(segment))
-    rescue ::JSON::ParserError
+      JWT::JSON.parse(Base64.urlsafe_decode64(segment))
+    rescue ::JSON::ParserError, ArgumentError
       raise JWT::DecodeError, 'Invalid segment encoding'
     end
   end

data/lib/jwt/default_options.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module JWT
   module DefaultOptions
     DEFAULT_OPTIONS = {
@@ -9,7 +11,8 @@ module JWT
       verify_aud: false,
       verify_sub: false,
       leeway: 0,
-      algorithms: ['HS256']
+      algorithms: ['HS256'],
+      required_claims: []
     }.freeze
   end
 end

data/lib/jwt/encode.rb

@@ -1,19 +1,20 @@
 # frozen_string_literal: true
 
+require_relative './algos'
 require_relative './claims_validator'
 
 # JWT::Encode module
 module JWT
   # Encoding logic for JWT
   class Encode
-    ALG_NONE = 'none'.freeze
-    ALG_KEY  = 'alg'.freeze
+    ALG_NONE = 'none'
+    ALG_KEY  = 'alg'
 
     def initialize(options)
-      @payload   = options[:payload]
-      @key       = options[:key]
-      @algorithm = options[:algorithm]
-      @headers   = options[:headers].each_with_object({}) { |(key, value), headers| headers[key.to_s] = value }
+      @payload = options[:payload]
+      @key = options[:key]
+      _, @algorithm = Algos.find(options[:algorithm])
+      @headers = options[:headers].transform_keys(&:to_s)
     end
 
     def segments
@@ -44,7 +45,7 @@ module JWT
     end
 
     def encode_payload
-      if @payload && @payload.is_a?(Hash)
+      if @payload.is_a?(Hash)
         ClaimsValidator.new(@payload).validate!
       end
 
@@ -54,11 +55,11 @@ module JWT
     def encode_signature
       return '' if @algorithm == ALG_NONE
 
-      JWT::Base64.url_encode(JWT::Signature.sign(@algorithm, encoded_header_and_payload, @key))
+      Base64.urlsafe_encode64(JWT::Signature.sign(@algorithm, encoded_header_and_payload, @key), padding: false)
     end
 
     def encode(data)
-      JWT::Base64.url_encode(JWT::JSON.generate(data))
+      Base64.urlsafe_encode64(JWT::JSON.generate(data), padding: false)
     end
 
     def combine(*parts)

data/lib/jwt/error.rb

@@ -10,11 +10,13 @@ module JWT
   class IncorrectAlgorithm < DecodeError; end
   class ImmatureSignature < DecodeError; end
   class InvalidIssuerError < DecodeError; end
+  class UnsupportedEcdsaCurve < IncorrectAlgorithm; end
   class InvalidIatError < DecodeError; end
   class InvalidAudError < DecodeError; end
   class InvalidSubError < DecodeError; end
   class InvalidJtiError < DecodeError; end
   class InvalidPayload < DecodeError; end
+  class MissingRequiredClaim < DecodeError; end
 
   class JWKError < DecodeError; end
 end

data/lib/jwt/jwk/ec.rb

@@ -0,0 +1,150 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module JWT
+  module JWK
+    class EC < KeyBase
+      extend Forwardable
+      def_delegators :@keypair, :public_key
+
+      KTY    = 'EC'
+      KTYS   = [KTY, OpenSSL::PKey::EC].freeze
+      BINARY = 2
+
+      def initialize(keypair, kid = nil)
+        raise ArgumentError, 'keypair must be of type OpenSSL::PKey::EC' unless keypair.is_a?(OpenSSL::PKey::EC)
+
+        kid ||= generate_kid(keypair)
+        super(keypair, kid)
+      end
+
+      def private?
+        @keypair.private_key?
+      end
+
+      def export(options = {})
+        crv, x_octets, y_octets = keypair_components(keypair)
+        exported_hash = {
+          kty: KTY,
+          crv: crv,
+          x: encode_octets(x_octets),
+          y: encode_octets(y_octets),
+          kid: kid
+        }
+        return exported_hash unless private? && options[:include_private] == true
+
+        append_private_parts(exported_hash)
+      end
+
+      private
+
+      def append_private_parts(the_hash)
+        octets = keypair.private_key.to_bn.to_s(BINARY)
+        the_hash.merge(
+          d: encode_octets(octets)
+        )
+      end
+
+      def generate_kid(ec_keypair)
+        _crv, x_octets, y_octets = keypair_components(ec_keypair)
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(x_octets, BINARY)),
+                                            OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(y_octets, BINARY))])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      def keypair_components(ec_keypair)
+        encoded_point = ec_keypair.public_key.to_bn.to_s(BINARY)
+        case ec_keypair.group.curve_name
+        when 'prime256v1'
+          crv = 'P-256'
+          x_octets, y_octets = encoded_point.unpack('xa32a32')
+        when 'secp384r1'
+          crv = 'P-384'
+          x_octets, y_octets = encoded_point.unpack('xa48a48')
+        when 'secp521r1'
+          crv = 'P-521'
+          x_octets, y_octets = encoded_point.unpack('xa66a66')
+        else
+          raise JWT::JWKError, "Unsupported curve '#{ec_keypair.group.curve_name}'"
+        end
+        [crv, x_octets, y_octets]
+      end
+
+      def encode_octets(octets)
+        Base64.urlsafe_encode64(octets, padding: false)
+      end
+
+      def encode_open_ssl_bn(key_part)
+        Base64.urlsafe_encode64(key_part.to_s(BINARY), padding: false)
+      end
+
+      class << self
+        def import(jwk_data)
+          # See https://tools.ietf.org/html/rfc7518#section-6.2.1 for an
+          # explanation of the relevant parameters.
+
+          jwk_crv, jwk_x, jwk_y, jwk_d, jwk_kid = jwk_attrs(jwk_data, %i[crv x y d kid])
+          raise JWT::JWKError, 'Key format is invalid for EC' unless jwk_crv && jwk_x && jwk_y
+
+          new(ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d), jwk_kid)
+        end
+
+        def to_openssl_curve(crv)
+          # The JWK specs and OpenSSL use different names for the same curves.
+          # See https://tools.ietf.org/html/rfc5480#section-2.1.1.1 for some
+          # pointers on different names for common curves.
+          case crv
+          when 'P-256' then 'prime256v1'
+          when 'P-384' then 'secp384r1'
+          when 'P-521' then 'secp521r1'
+          else raise JWT::JWKError, 'Invalid curve provided'
+          end
+        end
+
+        private
+
+        def jwk_attrs(jwk_data, attrs)
+          attrs.map do |attr|
+            jwk_data[attr] || jwk_data[attr.to_s]
+          end
+        end
+
+        def ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d)
+          curve = to_openssl_curve(jwk_crv)
+
+          x_octets = decode_octets(jwk_x)
+          y_octets = decode_octets(jwk_y)
+
+          key = OpenSSL::PKey::EC.new(curve)
+
+          # The details of the `Point` instantiation are covered in:
+          # - https://docs.ruby-lang.org/en/2.4.0/OpenSSL/PKey/EC.html
+          # - https://www.openssl.org/docs/manmaster/man3/EC_POINT_new.html
+          # - https://tools.ietf.org/html/rfc5480#section-2.2
+          # - https://www.secg.org/SEC1-Ver-1.0.pdf
+          # Section 2.3.3 of the last of these references specifies that the
+          # encoding of an uncompressed point consists of the byte `0x04` followed
+          # by the x value then the y value.
+          point = OpenSSL::PKey::EC::Point.new(
+            OpenSSL::PKey::EC::Group.new(curve),
+            OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+          )
+
+          key.public_key = point
+          key.private_key = OpenSSL::BN.new(decode_octets(jwk_d), 2) if jwk_d
+
+          key
+        end
+
+        def decode_octets(jwk_data)
+          Base64.urlsafe_decode64(jwk_data)
+        end
+
+        def decode_open_ssl_bn(jwk_data)
+          OpenSSL::BN.new(Base64.urlsafe_decode64(jwk_data), BINARY)
+        end
+      end
+    end
+  end
+end