jwt 2.3.0 → 2.10.1

data/lib/jwt/jwk/ec.rb

@@ -4,61 +4,108 @@ require 'forwardable'
 
 module JWT
   module JWK
-    class EC < KeyBase
-      extend Forwardable
-      def_delegators :@keypair, :public_key
-
-      KTY    = 'EC'.freeze
-      KTYS   = [KTY, OpenSSL::PKey::EC].freeze
+    # JWK representation for Elliptic Curve (EC) keys
+    class EC < KeyBase # rubocop:disable Metrics/ClassLength
+      KTY    = 'EC'
+      KTYS   = [KTY, OpenSSL::PKey::EC, JWT::JWK::EC].freeze
       BINARY = 2
+      EC_PUBLIC_KEY_ELEMENTS = %i[kty crv x y].freeze
+      EC_PRIVATE_KEY_ELEMENTS = %i[d].freeze
+      EC_KEY_ELEMENTS = (EC_PRIVATE_KEY_ELEMENTS + EC_PUBLIC_KEY_ELEMENTS).freeze
+      ZERO_BYTE = "\0".b.freeze
+
+      def initialize(key, params = nil, options = {})
+        params ||= {}
+
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
+
+        key_params = extract_key_params(key)
+
+        params = params.transform_keys(&:to_sym)
+        check_jwk_params!(key_params, params)
 
-      def initialize(keypair, kid = nil)
-        raise ArgumentError, 'keypair must be of type OpenSSL::PKey::EC' unless keypair.is_a?(OpenSSL::PKey::EC)
+        super(options, key_params.merge(params))
+      end
 
-        kid ||= generate_kid(keypair)
-        super(keypair, kid)
+      def keypair
+        ec_key
       end
 
       def private?
-        @keypair.private_key?
+        ec_key.private_key?
       end
 
-      def export(options = {})
-        crv, x_octets, y_octets = keypair_components(keypair)
-        exported_hash = {
-          kty: KTY,
-          crv: crv,
-          x: encode_octets(x_octets),
-          y: encode_octets(y_octets),
-          kid: kid
-        }
-        return exported_hash unless private? && options[:include_private] == true
+      def signing_key
+        ec_key
+      end
 
-        append_private_parts(exported_hash)
+      def verify_key
+        ec_key
       end
 
-      private
+      def public_key
+        ec_key
+      end
 
-      def append_private_parts(the_hash)
-        octets = keypair.private_key.to_bn.to_s(BINARY)
-        the_hash.merge(
-          d: encode_octets(octets)
-        )
+      def members
+        EC_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
       end
 
-      def generate_kid(ec_keypair)
-        _crv, x_octets, y_octets = keypair_components(ec_keypair)
+      def export(options = {})
+        exported = parameters.clone
+        exported.reject! { |k, _| EC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
+        exported
+      end
+
+      def key_digest
+        _crv, x_octets, y_octets = keypair_components(ec_key)
         sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(x_octets, BINARY)),
                                             OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(y_octets, BINARY))])
         OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
       end
 
+      def []=(key, value)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' if EC_KEY_ELEMENTS.include?(key.to_sym)
+
+        super(key, value)
+      end
+
+      private
+
+      def ec_key
+        @ec_key ||= create_ec_key(self[:crv], self[:x], self[:y], self[:d])
+      end
+
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::EC
+          key.export(include_private: true)
+        when OpenSSL::PKey::EC # Accept OpenSSL key as input
+          @ec_key = key # Preserve the object to avoid recreation
+          parse_ec_key(key)
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type OpenSSL::PKey::EC or Hash with key parameters'
+        end
+      end
+
+      def check_jwk_params!(key_params, params)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (EC_KEY_ELEMENTS & params.keys).empty?
+        raise JWT::JWKError, "Incorrect 'kty' value: #{key_params[:kty]}, expected #{KTY}" unless key_params[:kty] == KTY
+        raise JWT::JWKError, 'Key format is invalid for EC' unless key_params[:crv] && key_params[:x] && key_params[:y]
+      end
+
       def keypair_components(ec_keypair)
         encoded_point = ec_keypair.public_key.to_bn.to_s(BINARY)
         case ec_keypair.group.curve_name
         when 'prime256v1'
           crv = 'P-256'
           x_octets, y_octets = encoded_point.unpack('xa32a32')
+        when 'secp256k1'
+          crv = 'P-256K'
+          x_octets, y_octets = encoded_point.unpack('xa32a32')
         when 'secp384r1'
           crv = 'P-384'
           x_octets, y_octets = encoded_point.unpack('xa48a48')
@@ -72,6 +119,8 @@ module JWT
       end
 
       def encode_octets(octets)
+        return unless octets
+
         ::JWT::Base64.url_encode(octets)
       end
 
@@ -79,39 +128,56 @@ module JWT
         ::JWT::Base64.url_encode(key_part.to_s(BINARY))
       end
 
-      class << self
-        def import(jwk_data)
-          # See https://tools.ietf.org/html/rfc7518#section-6.2.1 for an
-          # explanation of the relevant parameters.
-
-          jwk_crv, jwk_x, jwk_y, jwk_d, jwk_kid = jwk_attrs(jwk_data, %i[crv x y d kid])
-          raise JWT::JWKError, 'Key format is invalid for EC' unless jwk_crv && jwk_x && jwk_y
-
-          new(ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d), jwk_kid)
-        end
+      def parse_ec_key(key)
+        crv, x_octets, y_octets = keypair_components(key)
+        octets = key.private_key&.to_bn&.to_s(BINARY)
+        {
+          kty: KTY,
+          crv: crv,
+          x: encode_octets(x_octets),
+          y: encode_octets(y_octets),
+          d: encode_octets(octets)
+        }.compact
+      end
 
-        def to_openssl_curve(crv)
-          # The JWK specs and OpenSSL use different names for the same curves.
-          # See https://tools.ietf.org/html/rfc5480#section-2.1.1.1 for some
-          # pointers on different names for common curves.
-          case crv
-          when 'P-256' then 'prime256v1'
-          when 'P-384' then 'secp384r1'
-          when 'P-521' then 'secp521r1'
-          else raise JWT::JWKError, 'Invalid curve provided'
-          end
-        end
+      if ::JWT.openssl_3?
+        def create_ec_key(jwk_crv, jwk_x, jwk_y, jwk_d) # rubocop:disable Metrics/MethodLength
+          curve = EC.to_openssl_curve(jwk_crv)
+          x_octets = decode_octets(jwk_x)
+          y_octets = decode_octets(jwk_y)
 
-        private
+          point = OpenSSL::PKey::EC::Point.new(
+            OpenSSL::PKey::EC::Group.new(curve),
+            OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+          )
 
-        def jwk_attrs(jwk_data, attrs)
-          attrs.map do |attr|
-            jwk_data[attr] || jwk_data[attr.to_s]
-          end
+          sequence = if jwk_d
+                       # https://datatracker.ietf.org/doc/html/rfc5915.html
+                       # ECPrivateKey ::= SEQUENCE {
+                       #   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+                       #   privateKey     OCTET STRING,
+                       #   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+                       #   publicKey  [1] BIT STRING OPTIONAL
+                       # }
+
+                       OpenSSL::ASN1::Sequence([
+                                                 OpenSSL::ASN1::Integer(1),
+                                                 OpenSSL::ASN1::OctetString(OpenSSL::BN.new(decode_octets(jwk_d), 2).to_s(2)),
+                                                 OpenSSL::ASN1::ObjectId(curve, 0, :EXPLICIT),
+                                                 OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
+                                               ])
+                     else
+                       OpenSSL::ASN1::Sequence([
+                                                 OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
+                                                 OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+                                               ])
+                     end
+
+          OpenSSL::PKey::EC.new(sequence.to_der)
         end
-
-        def ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d)
-          curve = to_openssl_curve(jwk_crv)
+      else
+        def create_ec_key(jwk_crv, jwk_x, jwk_y, jwk_d)
+          curve = EC.to_openssl_curve(jwk_crv)
 
           x_octets = decode_octets(jwk_x)
           y_octets = decode_octets(jwk_y)
@@ -136,13 +202,47 @@ module JWT
 
           key
         end
+      end
+
+      def decode_octets(base64_encoded_coordinate)
+        bytes = ::JWT::Base64.url_decode(base64_encoded_coordinate)
+        # Some base64 encoders on some platform omit a single 0-byte at
+        # the start of either Y or X coordinate of the elliptic curve point.
+        # This leads to an encoding error when data is passed to OpenSSL BN.
+        # It is know to have happend to exported JWKs on a Java application and
+        # on a Flutter/Dart application (both iOS and Android). All that is
+        # needed to fix the problem is adding a leading 0-byte. We know the
+        # required byte is 0 because with any other byte the point is no longer
+        # on the curve - and OpenSSL will actually communicate this via another
+        # exception. The indication of a stripped byte will be the fact that the
+        # coordinates - once decoded into bytes - should always be an even
+        # bytesize. For example, with a P-521 curve, both x and y must be 66 bytes.
+        # With a P-256 curve, both x and y must be 32 and so on. The simplest way
+        # to check for this truncation is thus to check whether the number of bytes
+        # is odd, and restore the leading 0-byte if it is.
+        if bytes.bytesize.odd?
+          ZERO_BYTE + bytes
+        else
+          bytes
+        end
+      end
 
-        def decode_octets(jwk_data)
-          ::JWT::Base64.url_decode(jwk_data)
+      class << self
+        def import(jwk_data)
+          new(jwk_data)
         end
 
-        def decode_open_ssl_bn(jwk_data)
-          OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY)
+        def to_openssl_curve(crv)
+          # The JWK specs and OpenSSL use different names for the same curves.
+          # See https://tools.ietf.org/html/rfc5480#section-2.1.1.1 for some
+          # pointers on different names for common curves.
+          case crv
+          when 'P-256' then 'prime256v1'
+          when 'P-384' then 'secp384r1'
+          when 'P-521' then 'secp521r1'
+          when 'P-256K' then 'secp256k1'
+          else raise JWT::JWKError, 'Invalid curve provided'
+          end
         end
       end
     end

data/lib/jwt/jwk/hmac.rb

@@ -2,15 +2,30 @@
 
 module JWT
   module JWK
+    # JWK for HMAC keys
     class HMAC < KeyBase
-      KTY = 'oct'.freeze
-      KTYS = [KTY, String].freeze
+      KTY  = 'oct'
+      KTYS = [KTY, String, JWT::JWK::HMAC].freeze
+      HMAC_PUBLIC_KEY_ELEMENTS = %i[kty].freeze
+      HMAC_PRIVATE_KEY_ELEMENTS = %i[k].freeze
+      HMAC_KEY_ELEMENTS = (HMAC_PRIVATE_KEY_ELEMENTS + HMAC_PUBLIC_KEY_ELEMENTS).freeze
 
-      def initialize(keypair, kid = nil)
-        raise ArgumentError, 'keypair must be of type String' unless keypair.is_a?(String)
+      def initialize(key, params = nil, options = {})
+        params ||= {}
 
-        super
-        @kid = kid || generate_kid
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
+
+        key_params = extract_key_params(key)
+
+        params = params.transform_keys(&:to_sym)
+        check_jwk(key_params, params)
+
+        super(options, key_params.merge(params))
+      end
+
+      def keypair
+        secret
       end
 
       def private?
@@ -21,36 +36,65 @@ module JWT
         nil
       end
 
+      def verify_key
+        secret
+      end
+
+      def signing_key
+        secret
+      end
+
       # See https://tools.ietf.org/html/rfc7517#appendix-A.3
       def export(options = {})
-        exported_hash = {
-          kty: KTY,
-          kid: kid
-        }
+        exported = parameters.clone
+        exported.reject! { |k, _| HMAC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
+        exported
+      end
 
-        return exported_hash unless private? && options[:include_private] == true
+      def members
+        HMAC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
+      end
 
-        exported_hash.merge(
-          k: keypair
-        )
+      def key_digest
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::UTF8String.new(signing_key),
+                                            OpenSSL::ASN1::UTF8String.new(KTY)])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+
+      def []=(key, value)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' if HMAC_KEY_ELEMENTS.include?(key.to_sym)
+
+        super(key, value)
       end
 
       private
 
-      def generate_kid
-        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::UTF8String.new(keypair),
-                                            OpenSSL::ASN1::UTF8String.new(KTY)])
-        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      def secret
+        self[:k]
       end
 
-      class << self
-        def import(jwk_data)
-          jwk_k = jwk_data[:k] || jwk_data['k']
-          jwk_kid = jwk_data[:kid] || jwk_data['kid']
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::HMAC
+          key.export(include_private: true)
+        when String # Accept String key as input
+          { kty: KTY, k: key }
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type String or Hash with key parameters'
+        end
+      end
 
-          raise JWT::JWKError, 'Key format is invalid for HMAC' unless jwk_k
+      def check_jwk(keypair, params)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (HMAC_KEY_ELEMENTS & params.keys).empty?
+        raise JWT::JWKError, "Incorrect 'kty' value: #{keypair[:kty]}, expected #{KTY}" unless keypair[:kty] == KTY
+        raise JWT::JWKError, 'Key format is invalid for HMAC' unless keypair[:k]
+      end
 
-          self.new(jwk_k, jwk_kid)
+      class << self
+        def import(jwk_data)
+          new(jwk_data)
         end
       end
     end

data/lib/jwt/jwk/key_base.rb

@@ -2,17 +2,57 @@
 
 module JWT
   module JWK
+    # Base for JWK implementations
     class KeyBase
-      attr_reader :keypair, :kid
+      def self.inherited(klass)
+        super
+        ::JWT::JWK.classes << klass
+      end
+
+      def initialize(options, params = {})
+        options ||= {}
+
+        @parameters = params.transform_keys(&:to_sym) # Uniform interface
+
+        # For backwards compatibility, kid_generator may be specified in the parameters
+        options[:kid_generator] ||= @parameters.delete(:kid_generator)
 
-      def initialize(keypair, kid = nil)
-        @keypair = keypair
-        @kid     = kid
+        # Make sure the key has a kid
+        kid_generator = options[:kid_generator] || ::JWT.configuration.jwk.kid_generator
+        self[:kid] ||= kid_generator.new(self).generate
       end
 
-      def self.inherited(klass)
-        ::JWT::JWK.classes << klass
+      def kid
+        self[:kid]
+      end
+
+      def hash
+        self[:kid].hash
+      end
+
+      def [](key)
+        @parameters[key.to_sym]
+      end
+
+      def []=(key, value)
+        @parameters[key.to_sym] = value
       end
+
+      def ==(other)
+        other.is_a?(::JWT::JWK::KeyBase) && self[:kid] == other[:kid]
+      end
+
+      alias eql? ==
+
+      def <=>(other)
+        return nil unless other.is_a?(::JWT::JWK::KeyBase)
+
+        self[:kid] <=> other[:kid]
+      end
+
+      private
+
+      attr_reader :parameters
     end
   end
 end

data/lib/jwt/jwk/key_finder.rb

@@ -2,60 +2,45 @@
 
 module JWT
   module JWK
+    # @api private
     class KeyFinder
       def initialize(options)
+        @allow_nil_kid = options[:allow_nil_kid]
         jwks_or_loader = options[:jwks]
-        @jwks          = jwks_or_loader if jwks_or_loader.is_a?(Hash)
-        @jwk_loader    = jwks_or_loader if jwks_or_loader.respond_to?(:call)
+
+        @jwks_loader = if jwks_or_loader.respond_to?(:call)
+                         jwks_or_loader
+                       else
+                         ->(_options) { jwks_or_loader }
+                       end
       end
 
       def key_for(kid)
-        raise ::JWT::DecodeError, 'No key id (kid) found from token headers' unless kid
+        raise ::JWT::DecodeError, 'No key id (kid) found from token headers' unless kid || @allow_nil_kid
+        raise ::JWT::DecodeError, 'Invalid type for kid header parameter' unless kid.nil? || kid.is_a?(String)
 
         jwk = resolve_key(kid)
 
-        raise ::JWT::DecodeError, 'No keys found in jwks' if jwks_keys.empty?
+        raise ::JWT::DecodeError, 'No keys found in jwks' unless @jwks.any?
         raise ::JWT::DecodeError, "Could not find public key for kid #{kid}" unless jwk
 
-        ::JWT::JWK.import(jwk).keypair
+        jwk.verify_key
       end
 
       private
 
       def resolve_key(kid)
-        jwk = find_key(kid)
-
-        return jwk if jwk
-
-        if reloadable?
-          load_keys(invalidate: true)
-          return find_key(kid)
-        end
-
-        nil
-      end
-
-      def jwks
-        return @jwks if @jwks
+        key_matcher = ->(key) { (kid.nil? && @allow_nil_kid) || key[:kid] == kid }
 
-        load_keys
-        @jwks
-      end
-
-      def load_keys(opts = {})
-        @jwks = @jwk_loader.call(opts)
-      end
+        # First try without invalidation to facilitate application caching
+        @jwks ||= JWT::JWK::Set.new(@jwks_loader.call(kid: kid))
+        jwk = @jwks.find { |key| key_matcher.call(key) }
 
-      def jwks_keys
-        Array(jwks[:keys] || jwks['keys'])
-      end
-
-      def find_key(kid)
-        jwks_keys.find { |key| (key[:kid] || key['kid']) == kid }
-      end
+        return jwk if jwk
 
-      def reloadable?
-        @jwk_loader
+        # Second try, invalidate for backwards compatibility
+        @jwks = JWT::JWK::Set.new(@jwks_loader.call(invalidate: true, kid_not_found: true, kid: kid))
+        @jwks.find { |key| key_matcher.call(key) }
       end
     end
   end

data/lib/jwt/jwk/kid_as_key_digest.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    # @api private
+    class KidAsKeyDigest
+      def initialize(jwk)
+        @jwk = jwk
+      end
+
+      def generate
+        @jwk.key_digest
+      end
+    end
+  end
+end

data/lib/jwt/jwk/okp_rbnacl.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    # JSON Web Key (JWK) representation for Ed25519 keys
+    class OKPRbNaCl < KeyBase
+      KTY  = 'OKP'
+      KTYS = [KTY, JWT::JWK::OKPRbNaCl, RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey].freeze
+      OKP_PUBLIC_KEY_ELEMENTS = %i[kty n x].freeze
+      OKP_PRIVATE_KEY_ELEMENTS = %i[d].freeze
+
+      def initialize(key, params = nil, options = {})
+        params ||= {}
+        Deprecations.warning('Using the OKP JWK for Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
+
+        key_params = extract_key_params(key)
+
+        params = params.transform_keys(&:to_sym)
+        check_jwk_params!(key_params, params)
+        super(options, key_params.merge(params))
+      end
+
+      def verify_key
+        return @verify_key if defined?(@verify_key)
+
+        @verify_key = verify_key_from_parameters
+      end
+
+      def signing_key
+        return @signing_key if defined?(@signing_key)
+
+        @signing_key = signing_key_from_parameters
+      end
+
+      def key_digest
+        Thumbprint.new(self).to_s
+      end
+
+      def private?
+        !signing_key.nil?
+      end
+
+      def members
+        OKP_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
+      end
+
+      def export(options = {})
+        exported = parameters.clone
+        exported.reject! { |k, _| OKP_PRIVATE_KEY_ELEMENTS.include?(k) } unless private? && options[:include_private] == true
+        exported
+      end
+
+      private
+
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::KeyBase
+          key.export(include_private: true)
+        when RbNaCl::Signatures::Ed25519::SigningKey
+          @signing_key = key
+          @verify_key = key.verify_key
+          parse_okp_key_params(@verify_key, @signing_key)
+        when RbNaCl::Signatures::Ed25519::VerifyKey
+          @signing_key = nil
+          @verify_key = key
+          parse_okp_key_params(@verify_key)
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey or Hash with key parameters'
+        end
+      end
+
+      def check_jwk_params!(key_params, _given_params)
+        raise JWT::JWKError, "Incorrect 'kty' value: #{key_params[:kty]}, expected #{KTY}" unless key_params[:kty] == KTY
+      end
+
+      def parse_okp_key_params(verify_key, signing_key = nil)
+        params = {
+          kty: KTY,
+          crv: 'Ed25519',
+          x: ::JWT::Base64.url_encode(verify_key.to_bytes)
+        }
+
+        params[:d] = ::JWT::Base64.url_encode(signing_key.to_bytes) if signing_key
+
+        params
+      end
+
+      def verify_key_from_parameters
+        RbNaCl::Signatures::Ed25519::VerifyKey.new(::JWT::Base64.url_decode(self[:x]))
+      end
+
+      def signing_key_from_parameters
+        return nil unless self[:d]
+
+        RbNaCl::Signatures::Ed25519::SigningKey.new(::JWT::Base64.url_decode(self[:d]))
+      end
+
+      class << self
+        def import(jwk_data)
+          new(jwk_data)
+        end
+      end
+    end
+  end
+end