jwt 2.5.0 → 2.8.1

data/lib/jwt/deprecations.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module JWT
+  # Deprecations module to handle deprecation warnings in the gem
+  module Deprecations
+    class << self
+      def warning(message)
+        case JWT.configuration.deprecation_warnings
+        when :warn
+          warn("[DEPRECATION WARNING] #{message}")
+        when :once
+          return if record_warned(message)
+
+          warn("[DEPRECATION WARNING] #{message}")
+        end
+      end
+
+      private
+
+      def record_warned(message)
+        @warned ||= []
+        return true if @warned.include?(message)
+
+        @warned << message
+        false
+      end
+    end
+  end
+end

data/lib/jwt/encode.rb

@@ -1,24 +1,25 @@
 # frozen_string_literal: true
 
-require_relative './algos'
-require_relative './claims_validator'
+require_relative 'jwa'
+require_relative 'claims_validator'
 
 # JWT::Encode module
 module JWT
   # Encoding logic for JWT
   class Encode
-    ALG_NONE = 'none'
-    ALG_KEY  = 'alg'
+    ALG_KEY = 'alg'
 
     def initialize(options)
-      @payload = options[:payload]
-      @key = options[:key]
-      _, @algorithm = Algos.find(options[:algorithm])
-      @headers = options[:headers].transform_keys(&:to_s)
+      @payload          = options[:payload]
+      @key              = options[:key]
+      @algorithm        = JWA.create(options[:algorithm])
+      @headers          = options[:headers].transform_keys(&:to_s)
+      @headers[ALG_KEY] = @algorithm.alg
     end
 
     def segments
-      @segments ||= combine(encoded_header_and_payload, encoded_signature)
+      validate_claims!
+      combine(encoded_header_and_payload, encoded_signature)
     end
 
     private
@@ -40,25 +41,28 @@ module JWT
     end
 
     def encode_header
-      @headers[ALG_KEY] = @algorithm
-      encode(@headers)
+      encode_data(@headers)
     end
 
     def encode_payload
-      if @payload.is_a?(Hash)
-        ClaimsValidator.new(@payload).validate!
-      end
+      encode_data(@payload)
+    end
 
-      encode(@payload)
+    def signature
+      @algorithm.sign(data: encoded_header_and_payload, signing_key: @key)
     end
 
-    def encode_signature
-      return '' if @algorithm == ALG_NONE
+    def validate_claims!
+      return unless @payload.is_a?(Hash)
 
-      ::JWT::Base64.url_encode(JWT::Signature.sign(@algorithm, encoded_header_and_payload, @key))
+      ClaimsValidator.new(@payload).validate!
+    end
+
+    def encode_signature
+      ::JWT::Base64.url_encode(signature)
     end
 
-    def encode(data)
+    def encode_data(data)
       ::JWT::Base64.url_encode(JWT::JSON.generate(data))
     end
 

data/lib/jwt/error.rb

@@ -17,6 +17,7 @@ module JWT
   class InvalidJtiError < DecodeError; end
   class InvalidPayload < DecodeError; end
   class MissingRequiredClaim < DecodeError; end
+  class Base64DecodeError < DecodeError; end
 
   class JWKError < DecodeError; end
 end

data/lib/jwt/{algos → jwa}/ecdsa.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module JWT
-  module Algos
+  module JWA
     module Ecdsa
       module_function
 
@@ -30,8 +30,7 @@ module JWT
 
       SUPPORTED = NAMED_CURVES.map { |_, c| c[:algorithm] }.uniq.freeze
 
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
+      def sign(algorithm, msg, key)
         curve_definition = curve_by_name(key.group.curve_name)
         key_algorithm = curve_definition[:algorithm]
         if algorithm != key_algorithm
@@ -39,11 +38,10 @@ module JWT
         end
 
         digest = OpenSSL::Digest.new(curve_definition[:digest])
-        SecurityUtils.asn1_to_raw(key.dsa_sign_asn1(digest.digest(msg)), key)
+        asn1_to_raw(key.dsa_sign_asn1(digest.digest(msg)), key)
       end
 
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
+      def verify(algorithm, public_key, signing_input, signature)
         curve_definition = curve_by_name(public_key.group.curve_name)
         key_algorithm = curve_definition[:algorithm]
         if algorithm != key_algorithm
@@ -51,7 +49,9 @@ module JWT
         end
 
         digest = OpenSSL::Digest.new(curve_definition[:digest])
-        public_key.dsa_verify_asn1(digest.digest(signing_input), SecurityUtils.raw_to_asn1(signature, public_key))
+        public_key.dsa_verify_asn1(digest.digest(signing_input), raw_to_asn1(signature, public_key))
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::VerificationError, 'Signature verification raised'
       end
 
       def curve_by_name(name)
@@ -59,6 +59,18 @@ module JWT
           raise UnsupportedEcdsaCurve, "The ECDSA curve '#{name}' is not supported"
         end
       end
+
+      def raw_to_asn1(signature, private_key)
+        byte_size = (private_key.group.degree + 7) / 8
+        sig_bytes = signature[0..(byte_size - 1)]
+        sig_char = signature[byte_size..-1] || ''
+        OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+      end
+
+      def asn1_to_raw(signature, public_key)
+        byte_size = (public_key.group.degree + 7) / 8
+        OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
+      end
     end
   end
 end

data/lib/jwt/jwa/eddsa.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module Eddsa
+      SUPPORTED = %w[ED25519 EdDSA].freeze
+      SUPPORTED_DOWNCASED = SUPPORTED.map(&:downcase).freeze
+
+      class << self
+        def sign(algorithm, msg, key)
+          unless key.is_a?(RbNaCl::Signatures::Ed25519::SigningKey)
+            raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey"
+          end
+
+          validate_algorithm!(algorithm)
+
+          key.sign(msg)
+        end
+
+        def verify(algorithm, public_key, signing_input, signature)
+          unless public_key.is_a?(RbNaCl::Signatures::Ed25519::VerifyKey)
+            raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey"
+          end
+
+          validate_algorithm!(algorithm)
+
+          public_key.verify(signature, signing_input)
+        rescue RbNaCl::CryptoError
+          false
+        end
+
+        private
+
+        def validate_algorithm!(algorithm)
+          return if SUPPORTED_DOWNCASED.include?(algorithm.downcase)
+
+          raise IncorrectAlgorithm, "Algorithm #{algorithm} not supported. Supported algoritms are #{SUPPORTED.join(', ')}"
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwa/hmac.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module Hmac
+      module_function
+
+      MAPPING = {
+        'HS256' => OpenSSL::Digest::SHA256,
+        'HS384' => OpenSSL::Digest::SHA384,
+        'HS512' => OpenSSL::Digest::SHA512
+      }.freeze
+
+      SUPPORTED = MAPPING.keys
+
+      def sign(algorithm, msg, key)
+        key ||= ''
+
+        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+        OpenSSL::HMAC.digest(MAPPING[algorithm].new, key, msg)
+      rescue OpenSSL::HMACError => e
+        if key == '' && e.message == 'EVP_PKEY_new_mac_key: malloc failure'
+          raise JWT::DecodeError, 'OpenSSL 3.0 does not support nil or empty hmac_secret'
+        end
+
+        raise e
+      end
+
+      def verify(algorithm, key, signing_input, signature)
+        SecurityUtils.secure_compare(signature, sign(algorithm, signing_input, key))
+      end
+
+      # Copy of https://github.com/rails/rails/blob/v7.0.3.1/activesupport/lib/active_support/security_utils.rb
+      # rubocop:disable Naming/MethodParameterName, Style/StringLiterals, Style/NumericPredicate
+      module SecurityUtils
+        # Constant time string comparison, for fixed length strings.
+        #
+        # The values compared should be of fixed length, such as strings
+        # that have already been processed by HMAC. Raises in case of length mismatch.
+
+        if defined?(OpenSSL.fixed_length_secure_compare)
+          def fixed_length_secure_compare(a, b)
+            OpenSSL.fixed_length_secure_compare(a, b)
+          end
+        else
+          # :nocov:
+          def fixed_length_secure_compare(a, b)
+            raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
+
+            l = a.unpack "C#{a.bytesize}"
+
+            res = 0
+            b.each_byte { |byte| res |= byte ^ l.shift }
+            res == 0
+          end
+          # :nocov:
+        end
+        module_function :fixed_length_secure_compare
+
+        # Secure string comparison for strings of variable length.
+        #
+        # While a timing attack would not be able to discern the content of
+        # a secret compared via secure_compare, it is possible to determine
+        # the secret length. This should be considered when using secure_compare
+        # to compare weak, short secrets to user input.
+        def secure_compare(a, b)
+          a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
+        end
+        module_function :secure_compare
+      end
+      # rubocop:enable Naming/MethodParameterName, Style/StringLiterals, Style/NumericPredicate
+    end
+  end
+end

data/lib/jwt/jwa/hmac_rbnacl.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module JWT
+  module Algos
+    module HmacRbNaCl
+      MAPPING   = { 'HS512256' => ::RbNaCl::HMAC::SHA512256 }.freeze
+      SUPPORTED = MAPPING.keys
+      class << self
+        def sign(algorithm, msg, key)
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          if (hmac = resolve_algorithm(algorithm))
+            hmac.auth(key_for_rbnacl(hmac, key).encode('binary'), msg.encode('binary'))
+          else
+            Hmac.sign(algorithm, msg, key)
+          end
+        end
+
+        def verify(algorithm, key, signing_input, signature)
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          if (hmac = resolve_algorithm(algorithm))
+            hmac.verify(key_for_rbnacl(hmac, key).encode('binary'), signature.encode('binary'), signing_input.encode('binary'))
+          else
+            Hmac.verify(algorithm, key, signing_input, signature)
+          end
+        rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
+          false
+        end
+
+        private
+
+        def key_for_rbnacl(hmac, key)
+          key ||= ''
+          raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+          return padded_empty_key(hmac.key_bytes) if key == ''
+
+          key
+        end
+
+        def resolve_algorithm(algorithm)
+          MAPPING.fetch(algorithm)
+        end
+
+        def padded_empty_key(length)
+          Array.new(length, 0x0).pack('C*').encode('binary')
+        end
+      end
+    end
+  end
+end

data/lib/jwt/jwa/hmac_rbnacl_fixed.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module JWT
+  module Algos
+    module HmacRbNaClFixed
+      MAPPING   = { 'HS512256' => ::RbNaCl::HMAC::SHA512256 }.freeze
+      SUPPORTED = MAPPING.keys
+
+      class << self
+        def sign(algorithm, msg, key)
+          key ||= ''
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+          if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
+            hmac.auth(padded_key_bytes(key, hmac.key_bytes), msg.encode('binary'))
+          else
+            Hmac.sign(algorithm, msg, key)
+          end
+        end
+
+        def verify(algorithm, key, signing_input, signature)
+          key ||= ''
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
+
+          if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
+            hmac.verify(padded_key_bytes(key, hmac.key_bytes), signature.encode('binary'), signing_input.encode('binary'))
+          else
+            Hmac.verify(algorithm, key, signing_input, signature)
+          end
+        rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
+          false
+        end
+
+        def resolve_algorithm(algorithm)
+          MAPPING.fetch(algorithm)
+        end
+
+        def padded_key_bytes(key, bytesize)
+          key.bytes.fill(0, key.bytesize...bytesize).pack('C*')
+        end
+      end
+    end
+  end
+end

data/lib/jwt/{algos → jwa}/none.rb

@@ -1,13 +1,15 @@
 # frozen_string_literal: true
 
 module JWT
-  module Algos
+  module JWA
     module None
       module_function
 
       SUPPORTED = %w[none].freeze
 
-      def sign(*); end
+      def sign(*)
+        ''
+      end
 
       def verify(*)
         true

data/lib/jwt/jwa/ps.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module Ps
+      # RSASSA-PSS signing algorithms
+
+      module_function
+
+      SUPPORTED = %w[PS256 PS384 PS512].freeze
+
+      def sign(algorithm, msg, key)
+        unless key.is_a?(::OpenSSL::PKey::RSA)
+          raise EncodeError, "The given key is a #{key_class}. It has to be an OpenSSL::PKey::RSA instance."
+        end
+
+        translated_algorithm = algorithm.sub('PS', 'sha')
+
+        key.sign_pss(translated_algorithm, msg, salt_length: :digest, mgf1_hash: translated_algorithm)
+      end
+
+      def verify(algorithm, public_key, signing_input, signature)
+        translated_algorithm = algorithm.sub('PS', 'sha')
+        public_key.verify_pss(translated_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: translated_algorithm)
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::VerificationError, 'Signature verification raised'
+      end
+    end
+  end
+end

data/lib/jwt/jwa/rsa.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    module Rsa
+      module_function
+
+      SUPPORTED = %w[RS256 RS384 RS512].freeze
+
+      def sign(algorithm, msg, key)
+        unless key.is_a?(OpenSSL::PKey::RSA)
+          raise EncodeError, "The given key is a #{key.class}. It has to be an OpenSSL::PKey::RSA instance"
+        end
+
+        key.sign(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), msg)
+      end
+
+      def verify(algorithm, public_key, signing_input, signature)
+        public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
+      rescue OpenSSL::PKey::PKeyError
+        raise JWT::VerificationError, 'Signature verification raised'
+      end
+    end
+  end
+end

data/lib/jwt/{algos → jwa}/unsupported.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module JWT
-  module Algos
+  module JWA
     module Unsupported
       module_function
 

data/lib/jwt/jwa/wrapper.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    class Wrapper
+      attr_reader :alg, :cls
+
+      def initialize(alg, cls)
+        @alg = alg
+        @cls = cls
+      end
+
+      def valid_alg?(alg_to_check)
+        alg&.casecmp(alg_to_check)&.zero? == true
+      end
+
+      def sign(data:, signing_key:)
+        cls.sign(alg, data, signing_key)
+      end
+
+      def verify(data:, signature:, verification_key:)
+        cls.verify(alg, verification_key, data, signature)
+      end
+    end
+  end
+end

data/lib/jwt/jwa.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+begin
+  require 'rbnacl'
+rescue LoadError
+  raise if defined?(RbNaCl)
+end
+
+require_relative 'jwa/hmac'
+require_relative 'jwa/eddsa'
+require_relative 'jwa/ecdsa'
+require_relative 'jwa/rsa'
+require_relative 'jwa/ps'
+require_relative 'jwa/none'
+require_relative 'jwa/unsupported'
+require_relative 'jwa/wrapper'
+
+module JWT
+  module JWA
+    ALGOS = [Hmac, Ecdsa, Rsa, Eddsa, Ps, None, Unsupported].tap do |l|
+      if ::JWT.rbnacl_6_or_greater?
+        require_relative 'jwa/hmac_rbnacl'
+        l << Algos::HmacRbNaCl
+      elsif ::JWT.rbnacl?
+        require_relative 'jwa/hmac_rbnacl_fixed'
+        l << Algos::HmacRbNaClFixed
+      end
+    end.freeze
+
+    class << self
+      def find(algorithm)
+        indexed[algorithm&.downcase]
+      end
+
+      def create(algorithm)
+        return algorithm if JWA.implementation?(algorithm)
+
+        Wrapper.new(*find(algorithm))
+      end
+
+      def implementation?(algorithm)
+        (algorithm.respond_to?(:valid_alg?) && algorithm.respond_to?(:verify)) ||
+          (algorithm.respond_to?(:alg) && algorithm.respond_to?(:sign))
+      end
+
+      private
+
+      def indexed
+        @indexed ||= begin
+          fallback = [nil, Unsupported]
+          ALGOS.each_with_object(Hash.new(fallback)) do |cls, hash|
+            cls.const_get(:SUPPORTED).each do |alg|
+              hash[alg.downcase] = [alg, cls]
+            end
+          end
+        end
+      end
+    end
+  end
+end