jwt 2.5.0 → 2.6.0

data/lib/jwt/algos.rb

@@ -1,5 +1,13 @@
 # frozen_string_literal: true
 
+begin
+  require 'rbnacl'
+rescue LoadError
+  raise if defined?(RbNaCl)
+end
+require 'openssl'
+
+require 'jwt/security_utils'
 require 'jwt/algos/hmac'
 require 'jwt/algos/eddsa'
 require 'jwt/algos/ecdsa'
@@ -7,35 +15,50 @@ require 'jwt/algos/rsa'
 require 'jwt/algos/ps'
 require 'jwt/algos/none'
 require 'jwt/algos/unsupported'
+require 'jwt/algos/algo_wrapper'
 
-# JWT::Signature module
 module JWT
-  # Signature logic for JWT
   module Algos
     extend self
 
-    ALGOS = [
-      Algos::Hmac,
-      Algos::Ecdsa,
-      Algos::Rsa,
-      Algos::Eddsa,
-      Algos::Ps,
-      Algos::None,
-      Algos::Unsupported
-    ].freeze
+    ALGOS = [Algos::Ecdsa,
+             Algos::Rsa,
+             Algos::Eddsa,
+             Algos::Ps,
+             Algos::None,
+             Algos::Unsupported].tap do |l|
+      if ::JWT.rbnacl_6_or_greater?
+        require_relative 'algos/hmac_rbnacl'
+        l.unshift(Algos::HmacRbNaCl)
+      elsif ::JWT.rbnacl?
+        require_relative 'algos/hmac_rbnacl_fixed'
+        l.unshift(Algos::HmacRbNaClFixed)
+      else
+        l.unshift(Algos::Hmac)
+      end
+    end.freeze
 
     def find(algorithm)
       indexed[algorithm && algorithm.downcase]
     end
 
+    def create(algorithm)
+      Algos::AlgoWrapper.new(*find(algorithm))
+    end
+
+    def implementation?(algorithm)
+      (algorithm.respond_to?(:valid_alg?) && algorithm.respond_to?(:verify)) ||
+        (algorithm.respond_to?(:alg) && algorithm.respond_to?(:sign))
+    end
+
     private
 
     def indexed
       @indexed ||= begin
-        fallback = [Algos::Unsupported, nil]
-        ALGOS.each_with_object(Hash.new(fallback)) do |alg, hash|
-          alg.const_get(:SUPPORTED).each do |code|
-            hash[code.downcase] = [alg, code]
+        fallback = [nil, Algos::Unsupported]
+        ALGOS.each_with_object(Hash.new(fallback)) do |cls, hash|
+          cls.const_get(:SUPPORTED).each do |alg|
+            hash[alg.downcase] = [alg, cls]
           end
         end
       end

data/lib/jwt/decode.rb

@@ -2,9 +2,9 @@
 
 require 'json'
 
-require 'jwt/signature'
 require 'jwt/verify'
 require 'jwt/x5c_key_finder'
+
 # JWT::Decode module
 module JWT
   # Decoding logic for JWT
@@ -24,7 +24,7 @@ module JWT
     def decode_segments
       validate_segment_count!
       if @verify
-        decode_crypto
+        decode_signature
         verify_algo
         set_key
         verify_signature
@@ -51,8 +51,8 @@ module JWT
 
     def verify_algo
       raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
-      raise(JWT::IncorrectAlgorithm, 'Token is missing alg header') unless algorithm
-      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
+      raise(JWT::IncorrectAlgorithm, 'Token is missing alg header') unless alg_in_header
+      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless valid_alg_in_header?
     end
 
     def set_key
@@ -64,27 +64,50 @@ module JWT
     end
 
     def verify_signature_for?(key)
-      Signature.verify(algorithm, key, signing_input, @signature)
+      allowed_algorithms.any? do |alg|
+        alg.verify(data: signing_input, signature: @signature, verification_key: key)
+      end
+    end
+
+    def valid_alg_in_header?
+      allowed_algorithms.any? { |alg| alg.valid_alg?(alg_in_header) }
     end
 
-    def options_includes_algo_in_header?
-      allowed_algorithms.any? { |alg| alg.casecmp(algorithm).zero? }
+    # Order is very important - first check for string keys, next for symbols
+    ALGORITHM_KEYS = ['algorithm',
+                      :algorithm,
+                      'algorithms',
+                      :algorithms].freeze
+
+    def given_algorithms
+      ALGORITHM_KEYS.each do |alg_key|
+        alg = @options[alg_key]
+        return Array(alg) if alg
+      end
+      []
     end
 
     def allowed_algorithms
-      # Order is very important - first check for string keys, next for symbols
-      algos = if @options.key?('algorithm')
-        @options['algorithm']
-      elsif @options.key?(:algorithm)
-        @options[:algorithm]
-      elsif @options.key?('algorithms')
-        @options['algorithms']
-      elsif @options.key?(:algorithms)
-        @options[:algorithms]
-      else
-        []
+      @allowed_algorithms ||= resolve_allowed_algorithms
+    end
+
+    def resolve_allowed_algorithms
+      algs = given_algorithms.map do |alg|
+        if Algos.implementation?(alg)
+          alg
+        else
+          Algos.create(alg)
+        end
       end
-      Array(algos)
+
+      sort_by_alg_header(algs)
+    end
+
+    # Move algorithms matching the JWT alg header to the beginning of the list
+    def sort_by_alg_header(algs)
+      return algs if algs.size <= 1
+
+      algs.partition { |alg| alg.valid_alg?(alg_in_header) }.flatten
     end
 
     def find_key(&keyfinder)
@@ -113,14 +136,14 @@ module JWT
     end
 
     def none_algorithm?
-      algorithm == 'none'
+      alg_in_header == 'none'
     end
 
-    def decode_crypto
+    def decode_signature
       @signature = ::JWT::Base64.url_decode(@segments[2] || '')
     end
 
-    def algorithm
+    def alg_in_header
       header['alg']
     end
 

data/lib/jwt/encode.rb

@@ -1,28 +1,35 @@
 # frozen_string_literal: true
 
-require_relative './algos'
-require_relative './claims_validator'
+require_relative 'algos'
+require_relative 'claims_validator'
 
 # JWT::Encode module
 module JWT
   # Encoding logic for JWT
   class Encode
-    ALG_NONE = 'none'
-    ALG_KEY  = 'alg'
+    ALG_KEY = 'alg'
 
     def initialize(options)
-      @payload = options[:payload]
-      @key = options[:key]
-      _, @algorithm = Algos.find(options[:algorithm])
-      @headers = options[:headers].transform_keys(&:to_s)
+      @payload          = options[:payload]
+      @key              = options[:key]
+      @algorithm        = resolve_algorithm(options[:algorithm])
+      @headers          = options[:headers].transform_keys(&:to_s)
+      @headers[ALG_KEY] = @algorithm.alg
     end
 
     def segments
-      @segments ||= combine(encoded_header_and_payload, encoded_signature)
+      validate_claims!
+      combine(encoded_header_and_payload, encoded_signature)
     end
 
     private
 
+    def resolve_algorithm(algorithm)
+      return algorithm if Algos.implementation?(algorithm)
+
+      Algos.create(algorithm)
+    end
+
     def encoded_header
       @encoded_header ||= encode_header
     end
@@ -40,25 +47,28 @@ module JWT
     end
 
     def encode_header
-      @headers[ALG_KEY] = @algorithm
-      encode(@headers)
+      encode_data(@headers)
     end
 
     def encode_payload
-      if @payload.is_a?(Hash)
-        ClaimsValidator.new(@payload).validate!
-      end
+      encode_data(@payload)
+    end
 
-      encode(@payload)
+    def signature
+      @algorithm.sign(data: encoded_header_and_payload, signing_key: @key)
     end
 
-    def encode_signature
-      return '' if @algorithm == ALG_NONE
+    def validate_claims!
+      return unless @payload.is_a?(Hash)
+
+      ClaimsValidator.new(@payload).validate!
+    end
 
-      ::JWT::Base64.url_encode(JWT::Signature.sign(@algorithm, encoded_header_and_payload, @key))
+    def encode_signature
+      ::JWT::Base64.url_encode(signature)
     end
 
-    def encode(data)
+    def encode_data(data)
       ::JWT::Base64.url_encode(JWT::JSON.generate(data))
     end
 

data/lib/jwt/jwk/ec.rb

@@ -9,39 +9,42 @@ module JWT
       def_delegators :keypair, :public_key
 
       KTY    = 'EC'
-      KTYS   = [KTY, OpenSSL::PKey::EC].freeze
+      KTYS   = [KTY, OpenSSL::PKey::EC, JWT::JWK::EC].freeze
       BINARY = 2
+      EC_PUBLIC_KEY_ELEMENTS = %i[kty crv x y].freeze
+      EC_PRIVATE_KEY_ELEMENTS = %i[d].freeze
+      EC_KEY_ELEMENTS = (EC_PRIVATE_KEY_ELEMENTS + EC_PUBLIC_KEY_ELEMENTS).freeze
 
-      attr_reader :keypair
+      def initialize(key, params = nil, options = {})
+        params ||= {}
 
-      def initialize(keypair, options = {})
-        raise ArgumentError, 'keypair must be of type OpenSSL::PKey::EC' unless keypair.is_a?(OpenSSL::PKey::EC)
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
 
-        @keypair = keypair
+        key_params = extract_key_params(key)
 
-        super(options)
+        params = params.transform_keys(&:to_sym)
+        check_jwk(key_params, params)
+
+        super(options, key_params.merge(params))
+      end
+
+      def keypair
+        @keypair ||= create_ec_key(self[:crv], self[:x], self[:y], self[:d])
       end
 
       def private?
-        @keypair.private_key?
+        keypair.private_key?
       end
 
       def members
-        crv, x_octets, y_octets = keypair_components(keypair)
-        {
-          kty: KTY,
-          crv: crv,
-          x: encode_octets(x_octets),
-          y: encode_octets(y_octets)
-        }
+        EC_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
       end
 
       def export(options = {})
-        exported_hash = members.merge(kid: kid)
-
-        return exported_hash unless private? && options[:include_private] == true
-
-        append_private_parts(exported_hash)
+        exported = parameters.clone
+        exported.reject! { |k, _| EC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
+        exported
       end
 
       def key_digest
@@ -51,13 +54,34 @@ module JWT
         OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
       end
 
+      def []=(key, value)
+        if EC_KEY_ELEMENTS.include?(key.to_sym)
+          raise ArgumentError, 'cannot overwrite cryptographic key attributes'
+        end
+
+        super(key, value)
+      end
+
       private
 
-      def append_private_parts(the_hash)
-        octets = keypair.private_key.to_bn.to_s(BINARY)
-        the_hash.merge(
-          d: encode_octets(octets)
-        )
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::EC
+          key.export(include_private: true)
+        when OpenSSL::PKey::EC # Accept OpenSSL key as input
+          @keypair = key # Preserve the object to avoid recreation
+          parse_ec_key(key)
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type OpenSSL::PKey::EC or Hash with key parameters'
+        end
+      end
+
+      def check_jwk(keypair, params)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (EC_KEY_ELEMENTS & params.keys).empty?
+        raise JWT::JWKError, "Incorrect 'kty' value: #{keypair[:kty]}, expected #{KTY}" unless keypair[:kty] == KTY
+        raise JWT::JWKError, 'Key format is invalid for EC' unless keypair[:crv] && keypair[:x] && keypair[:y]
       end
 
       def keypair_components(ec_keypair)
@@ -82,6 +106,8 @@ module JWT
       end
 
       def encode_octets(octets)
+        return unless octets
+
         ::JWT::Base64.url_encode(octets)
       end
 
@@ -89,15 +115,94 @@ module JWT
         ::JWT::Base64.url_encode(key_part.to_s(BINARY))
       end
 
-      class << self
-        def import(jwk_data)
-          # See https://tools.ietf.org/html/rfc7518#section-6.2.1 for an
-          # explanation of the relevant parameters.
+      def parse_ec_key(key)
+        crv, x_octets, y_octets = keypair_components(key)
+        octets = key.private_key&.to_bn&.to_s(BINARY)
+        {
+          kty: KTY,
+          crv: crv,
+          x: encode_octets(x_octets),
+          y: encode_octets(y_octets),
+          d: encode_octets(octets)
+        }.compact
+      end
 
-          jwk_crv, jwk_x, jwk_y, jwk_d, jwk_kid = jwk_attrs(jwk_data, %i[crv x y d kid])
-          raise JWT::JWKError, 'Key format is invalid for EC' unless jwk_crv && jwk_x && jwk_y
+      if ::JWT.openssl_3?
+        def create_ec_key(jwk_crv, jwk_x, jwk_y, jwk_d) # rubocop:disable Metrics/MethodLength
+          curve = EC.to_openssl_curve(jwk_crv)
+
+          x_octets = decode_octets(jwk_x)
+          y_octets = decode_octets(jwk_y)
+
+          point = OpenSSL::PKey::EC::Point.new(
+            OpenSSL::PKey::EC::Group.new(curve),
+            OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+          )
+
+          sequence = if jwk_d
+            # https://datatracker.ietf.org/doc/html/rfc5915.html
+            # ECPrivateKey ::= SEQUENCE {
+            #   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+            #   privateKey     OCTET STRING,
+            #   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+            #   publicKey  [1] BIT STRING OPTIONAL
+            # }
+
+            OpenSSL::ASN1::Sequence([
+                                      OpenSSL::ASN1::Integer(1),
+                                      OpenSSL::ASN1::OctetString(OpenSSL::BN.new(decode_octets(jwk_d), 2).to_s(2)),
+                                      OpenSSL::ASN1::ObjectId(curve, 0, :EXPLICIT),
+                                      OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
+                                    ])
+          else
+            OpenSSL::ASN1::Sequence([
+                                      OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
+                                      OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+                                    ])
+          end
 
-          new(ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d), kid: jwk_kid)
+          OpenSSL::PKey::EC.new(sequence.to_der)
+        end
+      else
+        def create_ec_key(jwk_crv, jwk_x, jwk_y, jwk_d)
+          curve = EC.to_openssl_curve(jwk_crv)
+
+          x_octets = decode_octets(jwk_x)
+          y_octets = decode_octets(jwk_y)
+
+          key = OpenSSL::PKey::EC.new(curve)
+
+          # The details of the `Point` instantiation are covered in:
+          # - https://docs.ruby-lang.org/en/2.4.0/OpenSSL/PKey/EC.html
+          # - https://www.openssl.org/docs/manmaster/man3/EC_POINT_new.html
+          # - https://tools.ietf.org/html/rfc5480#section-2.2
+          # - https://www.secg.org/SEC1-Ver-1.0.pdf
+          # Section 2.3.3 of the last of these references specifies that the
+          # encoding of an uncompressed point consists of the byte `0x04` followed
+          # by the x value then the y value.
+          point = OpenSSL::PKey::EC::Point.new(
+            OpenSSL::PKey::EC::Group.new(curve),
+            OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
+          )
+
+          key.public_key = point
+          key.private_key = OpenSSL::BN.new(decode_octets(jwk_d), 2) if jwk_d
+
+          key
+        end
+      end
+
+      def decode_octets(jwk_data)
+        ::JWT::Base64.url_decode(jwk_data)
+      end
+
+      def decode_open_ssl_bn(jwk_data)
+        OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY)
+      end
+
+      class << self
+        def import(jwk_data)
+          new(jwk_data)
         end
 
         def to_openssl_curve(crv)
@@ -112,87 +217,6 @@ module JWT
           else raise JWT::JWKError, 'Invalid curve provided'
           end
         end
-
-        private
-
-        def jwk_attrs(jwk_data, attrs)
-          attrs.map do |attr|
-            jwk_data[attr] || jwk_data[attr.to_s]
-          end
-        end
-
-        if ::JWT.openssl_3?
-          def ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d) # rubocop:disable Metrics/MethodLength
-            curve = to_openssl_curve(jwk_crv)
-
-            x_octets = decode_octets(jwk_x)
-            y_octets = decode_octets(jwk_y)
-
-            point = OpenSSL::PKey::EC::Point.new(
-              OpenSSL::PKey::EC::Group.new(curve),
-              OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
-            )
-
-            sequence = if jwk_d
-              # https://datatracker.ietf.org/doc/html/rfc5915.html
-              # ECPrivateKey ::= SEQUENCE {
-              #   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
-              #   privateKey     OCTET STRING,
-              #   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
-              #   publicKey  [1] BIT STRING OPTIONAL
-              # }
-
-              OpenSSL::ASN1::Sequence([
-                                        OpenSSL::ASN1::Integer(1),
-                                        OpenSSL::ASN1::OctetString(OpenSSL::BN.new(decode_octets(jwk_d), 2).to_s(2)),
-                                        OpenSSL::ASN1::ObjectId(curve, 0, :EXPLICIT),
-                                        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
-                                      ])
-            else
-              OpenSSL::ASN1::Sequence([
-                                        OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
-                                        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
-                                      ])
-            end
-
-            OpenSSL::PKey::EC.new(sequence.to_der)
-          end
-        else
-          def ec_pkey(jwk_crv, jwk_x, jwk_y, jwk_d)
-            curve = to_openssl_curve(jwk_crv)
-
-            x_octets = decode_octets(jwk_x)
-            y_octets = decode_octets(jwk_y)
-
-            key = OpenSSL::PKey::EC.new(curve)
-
-            # The details of the `Point` instantiation are covered in:
-            # - https://docs.ruby-lang.org/en/2.4.0/OpenSSL/PKey/EC.html
-            # - https://www.openssl.org/docs/manmaster/man3/EC_POINT_new.html
-            # - https://tools.ietf.org/html/rfc5480#section-2.2
-            # - https://www.secg.org/SEC1-Ver-1.0.pdf
-            # Section 2.3.3 of the last of these references specifies that the
-            # encoding of an uncompressed point consists of the byte `0x04` followed
-            # by the x value then the y value.
-            point = OpenSSL::PKey::EC::Point.new(
-              OpenSSL::PKey::EC::Group.new(curve),
-              OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)
-            )
-
-            key.public_key = point
-            key.private_key = OpenSSL::BN.new(decode_octets(jwk_d), 2) if jwk_d
-
-            key
-          end
-        end
-
-        def decode_octets(jwk_data)
-          ::JWT::Base64.url_decode(jwk_data)
-        end
-
-        def decode_open_ssl_bn(jwk_data)
-          OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY)
-        end
       end
     end
   end

data/lib/jwt/jwk/hmac.rb

@@ -4,15 +4,27 @@ module JWT
   module JWK
     class HMAC < KeyBase
       KTY  = 'oct'
-      KTYS = [KTY, String].freeze
+      KTYS = [KTY, String, JWT::JWK::HMAC].freeze
+      HMAC_PUBLIC_KEY_ELEMENTS = %i[kty].freeze
+      HMAC_PRIVATE_KEY_ELEMENTS = %i[k].freeze
+      HMAC_KEY_ELEMENTS = (HMAC_PRIVATE_KEY_ELEMENTS + HMAC_PUBLIC_KEY_ELEMENTS).freeze
 
-      attr_reader :signing_key
+      def initialize(key, params = nil, options = {})
+        params ||= {}
 
-      def initialize(signing_key, options = {})
-        raise ArgumentError, 'signing_key must be of type String' unless signing_key.is_a?(String)
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
 
-        @signing_key = signing_key
-        super(options)
+        key_params = extract_key_params(key)
+
+        params = params.transform_keys(&:to_sym)
+        check_jwk(key_params, params)
+
+        super(options, key_params.merge(params))
+      end
+
+      def keypair
+        self[:k]
       end
 
       def private?
@@ -25,26 +37,16 @@ module JWT
 
       # See https://tools.ietf.org/html/rfc7517#appendix-A.3
       def export(options = {})
-        exported_hash = {
-          kty: KTY,
-          kid: kid
-        }
-
-        return exported_hash unless private? && options[:include_private] == true
-
-        exported_hash.merge(
-          k: signing_key
-        )
+        exported = parameters.clone
+        exported.reject! { |k, _| HMAC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
+        exported
       end
 
       def members
-        {
-          kty: KTY,
-          k: signing_key
-        }
+        HMAC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
       end
 
-      alias keypair signing_key # for backwards compatibility
+      alias signing_key keypair # for backwards compatibility
 
       def key_digest
         sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::UTF8String.new(signing_key),
@@ -52,14 +54,38 @@ module JWT
         OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
       end
 
-      class << self
-        def import(jwk_data)
-          jwk_k = jwk_data[:k] || jwk_data['k']
-          jwk_kid = jwk_data[:kid] || jwk_data['kid']
+      def []=(key, value)
+        if HMAC_KEY_ELEMENTS.include?(key.to_sym)
+          raise ArgumentError, 'cannot overwrite cryptographic key attributes'
+        end
 
-          raise JWT::JWKError, 'Key format is invalid for HMAC' unless jwk_k
+        super(key, value)
+      end
+
+      private
+
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::HMAC
+          key.export(include_private: true)
+        when String # Accept String key as input
+          { kty: KTY, k: key }
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type String or Hash with key parameters'
+        end
+      end
 
-          new(jwk_k, kid: jwk_kid)
+      def check_jwk(keypair, params)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (HMAC_KEY_ELEMENTS & params.keys).empty?
+        raise JWT::JWKError, "Incorrect 'kty' value: #{keypair[:kty]}, expected #{KTY}" unless keypair[:kty] == KTY
+        raise JWT::JWKError, 'Key format is invalid for HMAC' unless keypair[:k]
+      end
+
+      class << self
+        def import(jwk_data)
+          new(jwk_data)
         end
       end
     end