jwt 3.1.1 → 3.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/README.md +1 -1
- data/lib/jwt/jwa/ecdsa.rb +3 -3
- data/lib/jwt/jwa/rsa.rb +3 -3
- data/lib/jwt/jwk/ec.rb +2 -2
- data/lib/jwt/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4fbf6e518cee3ac505360ea356f34fab6a68c5dfc2112671105085fbb03c08df
|
|
4
|
+
data.tar.gz: 0f206bdf51b4a979b6f734d6582f7e18762f2d3a1ee7feb38499fc4a92d77115
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4fa9df3dae62f1abbe065fd144641a8869faddd45be94cb58871dc690fead80f38f741b5de5319b5a31d8d28fe16ae32627f27d396cbe2f91f80acc9a6d3e477
|
|
7
|
+
data.tar.gz: 41e30090c5ee55b3706b4d2bddd73dc596e4db46669c292af56bca9ebe9f36a8eafe7ce33578f3012d87f910a6880ee26e6c26c46bfda59470a23f24e47a739d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,14 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [v3.1.2](https://github.com/jwt/ruby-jwt/tree/v3.1.2) (2025-06-28)
|
|
4
|
+
|
|
5
|
+
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2)
|
|
6
|
+
|
|
7
|
+
**Fixes and enhancements:**
|
|
8
|
+
|
|
9
|
+
- Avoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa [#697](https://github.com/jwt/ruby-jwt/pull/697)
|
|
10
|
+
- Fix signing with a EC JWK [#699](https://github.com/jwt/ruby-jwt/pull/699) ([@anakinj](https://github.com/anakinj))
|
|
11
|
+
|
|
3
12
|
## [v3.1.1](https://github.com/jwt/ruby-jwt/tree/v3.1.1) (2025-06-24)
|
|
4
13
|
|
|
5
14
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1)
|
data/README.md
CHANGED
|
@@ -265,7 +265,7 @@ jwk = JWT::JWK.import(JSON.parse(jwk_json))
|
|
|
265
265
|
|
|
266
266
|
token = JWT::Token.new(payload: payload, header: header)
|
|
267
267
|
|
|
268
|
-
token.sign!(key: jwk)
|
|
268
|
+
token.sign!(key: jwk, algorithm: 'HS256')
|
|
269
269
|
|
|
270
270
|
encoded_token = JWT::EncodedToken.new(token.jwt)
|
|
271
271
|
encoded_token.verify!(signature: { algorithm: ["HS256", "HS512"], key: jwk})
|
data/lib/jwt/jwa/ecdsa.rb
CHANGED
|
@@ -8,7 +8,7 @@ module JWT
|
|
|
8
8
|
|
|
9
9
|
def initialize(alg, digest)
|
|
10
10
|
@alg = alg
|
|
11
|
-
@digest =
|
|
11
|
+
@digest = digest
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def sign(data:, signing_key:)
|
|
@@ -20,7 +20,7 @@ module JWT
|
|
|
20
20
|
|
|
21
21
|
raise IncorrectAlgorithm, "payload algorithm is #{alg} but #{key_algorithm} signing key was provided" if alg != key_algorithm
|
|
22
22
|
|
|
23
|
-
asn1_to_raw(signing_key.dsa_sign_asn1(digest.digest(data)), signing_key)
|
|
23
|
+
asn1_to_raw(signing_key.dsa_sign_asn1(OpenSSL::Digest.new(digest).digest(data)), signing_key)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def verify(data:, signature:, verification_key:)
|
|
@@ -32,7 +32,7 @@ module JWT
|
|
|
32
32
|
key_algorithm = curve_definition[:algorithm]
|
|
33
33
|
raise IncorrectAlgorithm, "payload algorithm is #{alg} but #{key_algorithm} verification key was provided" if alg != key_algorithm
|
|
34
34
|
|
|
35
|
-
verification_key.dsa_verify_asn1(digest.digest(data), raw_to_asn1(signature, verification_key))
|
|
35
|
+
verification_key.dsa_verify_asn1(OpenSSL::Digest.new(digest).digest(data), raw_to_asn1(signature, verification_key))
|
|
36
36
|
rescue OpenSSL::PKey::PKeyError
|
|
37
37
|
raise JWT::VerificationError, 'Signature verification raised'
|
|
38
38
|
end
|
data/lib/jwt/jwa/rsa.rb
CHANGED
|
@@ -8,18 +8,18 @@ module JWT
|
|
|
8
8
|
|
|
9
9
|
def initialize(alg)
|
|
10
10
|
@alg = alg
|
|
11
|
-
@digest =
|
|
11
|
+
@digest = alg.sub('RS', 'SHA')
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def sign(data:, signing_key:)
|
|
15
15
|
raise_sign_error!("The given key is a #{signing_key.class}. It has to be an OpenSSL::PKey::RSA instance") unless signing_key.is_a?(OpenSSL::PKey::RSA)
|
|
16
16
|
raise_sign_error!('The key length must be greater than or equal to 2048 bits') if signing_key.n.num_bits < 2048
|
|
17
17
|
|
|
18
|
-
signing_key.sign(digest, data)
|
|
18
|
+
signing_key.sign(OpenSSL::Digest.new(digest), data)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def verify(data:, signature:, verification_key:)
|
|
22
|
-
verification_key.verify(digest, signature, data)
|
|
22
|
+
verification_key.verify(OpenSSL::Digest.new(digest), signature, data)
|
|
23
23
|
rescue OpenSSL::PKey::PKeyError
|
|
24
24
|
raise JWT::VerificationError, 'Signature verification raised'
|
|
25
25
|
end
|
data/lib/jwt/jwk/ec.rb
CHANGED
|
@@ -71,8 +71,6 @@ module JWT
|
|
|
71
71
|
super
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
-
private
|
|
75
|
-
|
|
76
74
|
def jwa
|
|
77
75
|
return super if self[:alg]
|
|
78
76
|
|
|
@@ -80,6 +78,8 @@ module JWT
|
|
|
80
78
|
JWA.resolve(JWA::Ecdsa.curve_by_name(curve_name)[:algorithm])
|
|
81
79
|
end
|
|
82
80
|
|
|
81
|
+
private
|
|
82
|
+
|
|
83
83
|
def ec_key
|
|
84
84
|
@ec_key ||= create_ec_key(self[:crv], self[:x], self[:y], self[:d])
|
|
85
85
|
end
|
data/lib/jwt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Rudat
|
|
@@ -199,7 +199,7 @@ licenses:
|
|
|
199
199
|
- MIT
|
|
200
200
|
metadata:
|
|
201
201
|
bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
|
|
202
|
-
changelog_uri: https://github.com/jwt/ruby-jwt/blob/v3.1.
|
|
202
|
+
changelog_uri: https://github.com/jwt/ruby-jwt/blob/v3.1.2/CHANGELOG.md
|
|
203
203
|
rubygems_mfa_required: 'true'
|
|
204
204
|
rdoc_options: []
|
|
205
205
|
require_paths:
|