jwtear 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: bd40b5099b880a09ed4277d0964f85d0255a1be9
4
- data.tar.gz: 9b016a13f78d711c0b1e4e61de499ed5bdfa30fb
3
+ metadata.gz: 3f24bff021d010c20bb782b7eff2f8d16f701918
4
+ data.tar.gz: 172ebf1bd6f14fcfe7612c68fd7943bdee6d4179
5
5
  SHA512:
6
- metadata.gz: 5d2d82eeabaa80693048981de0f3e3c7ea5688ad3d4b833f9b0893050e04c442adba291a696ac143bfc7f5521b778624e4ed057abba887bbd040a710e2feef35
7
- data.tar.gz: 4506e71a5e670fd92c23584e9aa2d2a9cd1e0a5dd235f683b7f60ebd9b3269b705fe6634fff22a9991815237e6a044575b836e26c9c7fb7a703c12c9a9708a5f
6
+ metadata.gz: 78bdee9155c4b0d508f21d664db28abc623207f960cf96560b4265ad0d676277fc12cc854207222eff8769c04bdc6fa9a163714b4a1e52a99386ff91eb1c994b
7
+ data.tar.gz: c74e12d75a5172ea39d716be0b237773e4c09c12d35955ac660c30372bfd466b8156c679e882b1db1c9a9f067237c0f44264062a1c5da48dab8cddf96bd1abc7
data/README.md CHANGED
@@ -12,9 +12,8 @@ install it yourself as:
12
12
  ## Usage
13
13
 
14
14
  ```
15
- $> jwtear -h
16
15
 
17
- 888888 888 888 88888888888
16
+ 888888 888 888 88888888888
18
17
  "88b 888 o 888 888
19
18
  888 888 d8b 888 888
20
19
  888 888 d888b 888 888 .d88b. 8888b. 888d888
@@ -22,22 +21,22 @@ $> jwtear -h
22
21
  888 88888P Y88888 888 88888888 .d888888 888
23
22
  88P 8888P Y8888 888 Y8b. 888 888 888
24
23
  888 888P Y888 888 "Y8888 "Y888888 888
25
- .d88P v0.1.0
24
+ .d88P v0.1.2
26
25
  .d88P"
27
26
  888P"
28
27
  JWTear - Parse, create and manipulate JWT tokens.
29
28
 
30
29
  Help menu:
31
30
  -p, --parse JWT_TOKEN Parse JWT token
32
- --generate-token Generate JWT token.
33
- --generate-sig Generate JWT signature.
34
- --header HEADER JWT header (JSON format). (required for generate-token and generate-sig)
31
+ -t, --generate-token Generate JWT token.
32
+ -s, --generate-sig Generate JWT signature.
33
+ -H, --header HEADER JWT header (JSON format). (required for generate-token and generate-sig)
35
34
  eg. {"typ":"JWT","alg":"HS256"} | Supported algorithms: [HS256, RS512, etc]
36
- --payload PAYLOAD JWT payload (JSON format). (required for generate-token and generate-sig)
35
+ -P, --payload PAYLOAD JWT payload (JSON format). (required for generate-token and generate-sig)
37
36
  eg. {"login":"admin"}
38
- --alg ALGORITHM Force algorithm type when generating a new token (ignore the one in header). (optional with generate-token)
37
+ -g, --alg ALGORITHM Force algorithm type when generating a new token (ignore the one in header). (optional with generate-token)
39
38
  Supported algorithms: [HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512]
40
- --key SECRET Secret Key for symmetric encryption. (required for generate-token and generate-sig. Accept password as a string or a file)
39
+ -k, --key SECRET Secret Key for symmetric encryption. (required for generate-token and generate-sig. Accept password as a string or a file)
41
40
  eg. P@ssw0rd | eg. public_key.pem
42
41
  -h, --help Show this help message
43
42
 
data/bin/jwtear CHANGED
@@ -69,7 +69,7 @@ begin
69
69
  puts "[+] ".dark_green + "Payload (claim segment):".bold.underline
70
70
  jwt.payload.each {|key, value| puts " #{'-'.bold} #{key}: #{value}"}
71
71
  puts "[+] ".dark_green + "Signature (envelope segment) - encoded:".bold.underline
72
- puts "#{Base64.urlsafe_encode64(jwt.signature)}"
72
+ puts encode(jwt.signature) || '---[ no signature ]---'
73
73
 
74
74
  # checking missing for generate_token
75
75
  when options[:generate_token] && (options[:header] || options[:payload] || options[:key]).nil?
@@ -36,7 +36,7 @@ module JWTear
36
36
  is_token?(token)
37
37
  _token = token.split('.')
38
38
  @header = JSON.parse(decode(_token[0]))
39
- @type, @alg = @header['type'], @header['alg']
39
+ @type, @alg = @header['typ'], @header['alg']
40
40
  @payload = JSON.parse(decode(_token[1]))
41
41
  @signature = decode(_token[2]) unless (_token[2].nil? or _token[2].empty?)
42
42
  set_hash_and_json
@@ -100,20 +100,29 @@ module JWTear
100
100
  # @return [String] the generated token
101
101
  #
102
102
  def generate_token
103
+ begin
104
+ @header = JSON.parse(@header) unless @header.is_a?(Hash)
105
+ @payload = JSON.parse(@payload) unless @payload.is_a?(Hash)
106
+ @alg = @header['alg'] if @alg.nil? # if algorithm not forced, take if from the header
103
107
 
104
- @header = JSON.parse(@header) unless @header.is_a?(Hash)
105
- @payload = JSON.parse(@payload) unless @payload.is_a?(Hash)
106
- @alg = @header['alg'] if @alg.nil? # if algorithm not forced, take if from the header
107
-
108
- header_encoded = encode(@header.to_json)
109
- payload_encoded = encode(@payload.to_json)
110
- data = "#{header_encoded}.#{payload_encoded}"
111
- signature_encoded = encode(generate_sig(data, @alg, @key).signature)
112
- token = [header_encoded, payload_encoded, signature_encoded].join('.')
113
-
114
- set_hash_and_json
108
+ header_encoded = encode(@header.to_json)
109
+ payload_encoded = encode(@payload.to_json)
110
+ data = "#{header_encoded}.#{payload_encoded}"
111
+ signature_encoded = encode(generate_sig(data, @alg, @key).signature)
112
+ token = [header_encoded, payload_encoded, signature_encoded].join('.')
115
113
 
116
- token
114
+ set_hash_and_json
115
+ token
116
+ rescue JSON::ParserError => e
117
+ puts '[x] '.red + "Invalid JSON: #{e.message}"
118
+ puts "[!] ".yellow + "Make sure you've single quoted your input: eg. --header #{"'".bold}{\"type\":\"JWT\",\"alg\":\"HS256\"}#{"'".bold}"
119
+ exit!
120
+ rescue Exception => e
121
+ puts "[x] ".red + "Unknown Exception: generate_sig"
122
+ puts '[!] '.yellow + 'Please report the issue at: https://github.com/KINGSABRI/jwtear/issues'.underline
123
+ puts e
124
+ puts e.backtrace
125
+ end
117
126
  end
118
127
 
119
128
  end
@@ -13,7 +13,7 @@ module JWTear
13
13
  end
14
14
 
15
15
  def encode(data)
16
- Base64.urlsafe_encode64(data, padding: false)
16
+ Base64.urlsafe_encode64(data, padding: false) unless data.nil?
17
17
  end
18
18
 
19
19
  def decode(data)
@@ -1,3 +1,3 @@
1
1
  module JWTear
2
- VERSION = "0.1.2"
2
+ VERSION = "0.1.3"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwtear
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - KING SABRI
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-19 00:00:00.000000000 Z
11
+ date: 2018-01-27 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: JWTear, command-line tool and library to parse, create and manipulate
14
14
  JWT tokens for security testing purposes.