ons-jwe 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a8bc97876dcae5fcff526459efb0de2502bca222
+  data.tar.gz: e92c84cc1917b6715360e167d730bd32a0b7b98e
+SHA512:
+  metadata.gz: 68c2c8a3cdc027a7b5683c6e2323487d43a7b286f8864463fde8d7cc614b15329398f7cf31f5a8acb4c61fa780f8b6938f23e8d3281b2e0b312adfaf19a744be
+  data.tar.gz: 76d3c78839a51f6758bed653f9e0934d1bfef3a5c4fa3a895b92bf704886a2feb40805e6e6fbbb8846b3c4e18a95a3dad5f22917c25171238cb3d6cb74ed85f5

data/README.md

@@ -0,0 +1,54 @@
+# ONS JSON Web Token RubyGem
+[RFC 7516](https://tools.ietf.org/html/rfc7516)-compliant JSON Web Encryption (JWE) token generator that uses RSAES-OAEP and AES GCM. Suitable for use with the [ONS eQ Survey Runner](https://github.com/ONSdigital/eq-survey-runner). Note that this gem targets Ruby 2.3 and above.
+
+[![Build Status](https://travis-ci.org/ONSdigital/jwe-rubygem.svg?branch=master)](https://travis-ci.org/ONSdigital/jwe-rubygem)
+
+## Installation
+
+```
+gem install ons-jwe
+```
+
+## Examples
+
+```ruby
+require 'openssl'
+require 'ons-jwe'
+
+KEY_ID = 'EDCRRM'
+
+RESPONDENT_PORTAL_PRIVATE_KEY = File.read('sdc-user-authentication-signing-rrm-private-key.pem')
+SURVEY_RUNNER_PUBLIC_KEY      = File.read('sdc-user-authentication-encryption-sr-public-key.pem')
+
+public_key  = OpenSSL::PKey::RSA.new(SURVEY_RUNNER_PUBLIC_KEY)
+private_key = OpenSSL::PKey::RSA.new(RESPONDENT_PORTAL_PRIVATE_KEY, 'digitaleq')
+
+claims = {
+  user_id: 'John Topley',
+  iat: Time.now.to_i,
+  exp: Time.now.to_i + 60 * 60,
+  eq_id: '1',
+  period_str: '2016-01-01',
+  period_id: '2016-01-01',
+  form_type: '0205',
+  collection_exercise_sid: '789',
+  ref_p_start_date: '2016-01-01',
+  ref_p_end_date: '2016-09-01',
+  ru_ref: '12346789012A',
+  ru_name: 'Office for National Statistics',
+  return_by: '2016-04-30',
+  employment_date: '2016-06-10'
+}
+
+token = JWEToken.new(KEY_ID, claims, public_key, private_key)
+puts token.value
+```
+
+## Testing
+
+```
+rake test
+```
+
+## Copyright
+Copyright (C) 2016 Crown Copyright (Office for National Statistics)

data/lib/ons-jwe.rb

@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+require_relative 'ons-jwe/jwe_token'

data/lib/ons-jwe/jwe_token.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+require 'json/jwt'
+
+# This class generates JSON Web Encryption (JWE) tokens as per RFC 7516.
+class JWEToken
+  attr_reader :value
+
+  def initialize(key_id, claims, public_key, private_key)
+    validate_key_id(key_id)
+    validate_claims(claims)
+    validate_public_key(public_key)
+    validate_private_key(private_key)
+    jwt    = build_jwt(claims, key_id)
+    jws    = build_jws(jwt, private_key)
+    @value = build_jwe(jws, public_key).to_s
+  end
+
+  def to_s
+    @value
+  end
+
+  private
+
+  def build_jwe(jws, public_key)
+    jws.encrypt(public_key, :'RSA-OAEP', :A256GCM)
+  end
+
+  def build_jwt(claims, key_id)
+    jwt = JSON::JWT.new(claims)
+    jwt.kid = key_id
+    jwt.alg = :RS256
+    jwt
+  end
+
+  def build_jws(jwt, private_key)
+    jwt.sign(private_key, :RS256)
+  end
+
+  def validate_claims(claims)
+    raise ArgumentError, 'claims must be specified' if claims.nil? ||
+                                                       claims.empty?
+  end
+
+  def validate_key_id(key_id)
+    raise ArgumentError, 'key_id must be specified' if key_id.nil? ||
+                                                       key_id.empty?
+  end
+
+  def validate_private_key(private_key)
+    raise ArgumentError, 'private_key must be specified' if private_key.nil?
+    validate_rsa_key(private_key, 'private_key')
+  end
+
+  def validate_public_key(public_key)
+    raise ArgumentError, 'public_key must be specified' if public_key.nil?
+    validate_rsa_key(public_key, 'public_key')
+  end
+
+  def validate_rsa_key(key, key_type)
+    unless key.instance_of? OpenSSL::PKey::RSA
+      raise ArgumentError, "#{key_type} must be an RSA key"
+    end
+  end
+end

data/lib/ons-jwe/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+module ONSJWE
+  module Version
+    MAJOR = 1
+    MINOR = 0
+    TINY  = 0
+  end
+  VERSION = [Version::MAJOR, Version::MINOR, Version::TINY].compact * '.'
+end

metadata

@@ -0,0 +1,150 @@
+--- !ruby/object:Gem::Specification
+name: ons-jwe
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- John Topley
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-08-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.3
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.12.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.12.5
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 11.1.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 11.1.2
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.42.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.42.0
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.9
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.9
+description: |
+  RFC7516-compliant JSON Web Encryption (JWE) token generator that uses RSAES-OAEP and AES GCM.
+  Suitable for use with the ONS eQ Survey Runner.
+email:
+- john.topley@ons.gov.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/ons-jwe.rb
+- lib/ons-jwe/jwe_token.rb
+- lib/ons-jwe/version.rb
+homepage: https://github.com/ONSdigital/jwe-rubygem
+licenses:
+- Crown Copyright (Office for National Statistics)
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.6
+signing_key: 
+specification_version: 4
+summary: JSON Web Encryption (JWE) token generator
+test_files: []