sandal 0.2.0 → 0.3.0

data/sandal.gemspec

@@ -23,6 +23,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'bundler', '>= 1.3'
   s.add_development_dependency 'rake', '>= 10.0'
   s.add_development_dependency 'rspec', '>= 2.13'
+  s.add_development_dependency 'simplecov', '>= 0.7'
   s.add_development_dependency 'coveralls', '>= 0.6'
   s.add_development_dependency 'yard', '>= 0.8'
   s.add_development_dependency 'redcarpet', '>= 2.2' unless RUBY_PLATFORM == 'java' # for yard

data/spec/helper.rb

@@ -1,9 +1,21 @@
 require 'coveralls'
-Coveralls.wear!
+require 'simplecov'
+
+SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
+  SimpleCov::Formatter::HTMLFormatter,
+  Coveralls::SimpleCov::Formatter]
+SimpleCov.start do
+  add_filter 'spec/'
+  add_group 'Encryption', 'sandal/enc'
+  add_group 'Signatures', 'sandal/sig'
+end
+
 
 require 'rspec'
+
 RSpec.configure do |c|
   c.treat_symbols_as_metadata_keys_with_true_values = true
+  c.filter_run_excluding :timing_dependent # these are unreliable so don't run unless specified explicitly
   c.filter_run_excluding :jruby_incompatible if RUBY_PLATFORM == 'java'
 end
 

data/spec/sandal/claims_spec.rb

@@ -0,0 +1,213 @@
+require 'helper'
+
+describe Sandal::Claims do
+
+  context '#validate_claims' do
+
+    it 'calls #validate_aud when valid audiences are provided' do
+      claims = { 'aud' => 'example.org' }.extend(Sandal::Claims)
+      valid_aud = %w(example.org)
+      claims.should_receive(:validate_aud).with(valid_aud)
+      claims.validate_claims(valid_aud: valid_aud)
+    end
+
+    it 'calls #validate_exp by default' do
+      claims = {}.extend(Sandal::Claims)
+      claims.should_receive(:validate_exp)
+      claims.validate_claims
+    end
+
+    it 'does not call #validate_exp when the :ignore_exp option is set' do
+      claims = {}.extend(Sandal::Claims)
+      claims.should_not_receive(:validate_exp)
+      claims.validate_claims(ignore_exp: true)
+    end
+
+    it 'calls #validate_iss when valid issuers are provided' do
+      claims = { 'iss' => 'example.org' }.extend(Sandal::Claims)
+      valid_iss = %w(example.org)
+      claims.should_receive(:validate_iss).with(valid_iss)
+      claims.validate_claims(valid_iss: valid_iss)
+    end
+
+    it 'calls #validate_nbf by default' do
+      claims = {}.extend(Sandal::Claims)
+      claims.should_receive(:validate_nbf)
+      claims.validate_claims
+    end
+
+    it 'does not call #validate_nbf when the :ignore_nbf option is set' do
+      claims = {}.extend(Sandal::Claims)
+      claims.should_not_receive(:validate_nbf)
+      claims.validate_claims(ignore_nbf: true)
+    end
+
+  end
+
+  context '#validate_aud' do
+
+    it 'succeeds when the audience claim is missing and no valid audiences are given' do
+      claims = {}.extend(Sandal::Claims)
+      claims.validate_aud([])
+    end
+
+    it 'succeeds when the audience string is empty and no valid audiences are given' do
+      claims = { 'aud' => '' }.extend(Sandal::Claims)
+      claims.validate_aud([])
+    end
+
+    it 'succeeds when the audience string is the same as the valid audience' do
+      claims = { 'aud' => 'example.org' }.extend(Sandal::Claims)
+      claims.validate_aud(%w(example.org))
+    end
+
+    it 'succeeds when the audience string is the same as a valid audience' do
+      claims = { 'aud' => 'example.org' }.extend(Sandal::Claims)
+      claims.validate_aud(%w(example.org example.com))
+    end
+
+    it 'succeeds when the audience array is empty and no valid audiences are given' do
+      claims = { 'aud' => [] }.extend(Sandal::Claims)
+      claims.validate_aud([])
+    end
+
+    it 'succeeds when the audience array is the same as the valid audience' do
+      claims = { 'aud' => %w(example.org) }.extend(Sandal::Claims)
+      claims.validate_aud(%w(example.org))
+    end
+
+    it 'succeeds when the audience array contains a valid audience' do
+      claims = { 'aud' => %w(example.org example.com) }.extend(Sandal::Claims)
+      claims.validate_aud(%w(example.org))
+    end
+
+    it 'succeeds when the audience array contains multiple valid audiences' do
+      claims = { 'aud' => %w(example.org example.com example.net) }.extend(Sandal::Claims)
+      claims.validate_aud(%w(example.com example.org))
+    end
+
+    it 'raises a ClaimError when the audience claim is missing and a valid audience is given' do
+      claims = {}.extend(Sandal::Claims)
+      expect { claims.validate_aud(%w(example.org)) }.to raise_error Sandal::ClaimError
+    end
+
+    it 'raises a ClaimError when the audience string is empty and a valid audience is given' do
+      claims = { 'aud' => '' }.extend(Sandal::Claims)
+      expect { claims.validate_aud(%w(example.org)) }.to raise_error Sandal::ClaimError
+    end
+
+    it 'raises a ClaimError when the audience string does not contain a valid audience' do
+      claims = { 'aud' => 'example.com' }.extend(Sandal::Claims)
+      expect { claims.validate_aud(%w(example.org example.net)) }.to raise_error Sandal::ClaimError
+    end
+
+    it 'raises a ClaimError when the audience array is empty and a valid audience is given' do
+      claims = { 'aud' => [] }.extend(Sandal::Claims)
+      expect { claims.validate_aud(%w(example.org)) }.to raise_error Sandal::ClaimError
+    end
+
+    it 'raises a ClaimError when the audience array does not contain a valid audience' do
+      claims = { 'aud' => %w(example.com example.net) }.extend(Sandal::Claims)
+      expect { claims.validate_aud(%w(example.org)) }.to raise_error Sandal::ClaimError
+    end
+
+  end
+
+  context '#validate_exp' do
+
+    it 'succeeds when the expires claim is missing' do
+      claims = {}.extend(Sandal::Claims)
+      claims.validate_exp
+    end
+
+    it 'succeeds when the expiry time is in the future' do
+      claims = { 'exp' => (Time.now + 300).to_i }.extend(Sandal::Claims)
+      claims.validate_exp
+    end
+
+    it 'succeeds when the expiry time is in the past but within the max clock skew' do
+      claims = { 'exp' => (Time.now - 60).to_i }.extend(Sandal::Claims)
+      claims.validate_exp(120)
+    end
+
+    it 'raises a ClaimError when the expiry time is in the past with no clock skew' do
+      claims = { 'exp' => (Time.now - 300).to_i }.extend(Sandal::Claims)
+      expect { claims.validate_exp }.to raise_error Sandal::ClaimError
+    end
+
+    it 'raises a ClaimError when the expiry time is in the past and outside the max clock skew' do
+      claims = { 'exp' => (Time.now - 300).to_i }.extend(Sandal::Claims)
+      expect { claims.validate_exp(120) }.to raise_error Sandal::ClaimError
+    end
+
+  end
+
+  context '#validate_iss' do
+
+    it 'succeeds when the issuer claim is missing and no valid issuers are given' do
+      claims = {}.extend(Sandal::Claims)
+      claims.validate_iss([])
+    end
+
+    it 'succeeds when the issuer string is empty and no valid issuers are given' do
+      claims = { 'iss' => '' }.extend(Sandal::Claims)
+      claims.validate_iss([])
+    end
+
+    it 'succeeds when the issuer string is the same as the valid issuer' do
+      claims = { 'iss' => 'example.org' }.extend(Sandal::Claims)
+      claims.validate_iss(%w(example.org))
+    end
+
+    it 'succeeds when the issuer string is the same as a valid issuer' do
+      claims = { 'iss' => 'example.org' }.extend(Sandal::Claims)
+      claims.validate_iss(%w(example.org example.com))
+    end
+
+    it 'raises a ClaimError when the issuer claim is missing and a valid issuer is given' do
+      claims = {}.extend(Sandal::Claims)
+      expect { claims.validate_iss(%w(example.org)) }.to raise_error Sandal::ClaimError
+    end
+
+    it 'raises a ClaimError when the issuer string is empty and a valid issuer is given' do
+      claims = { 'iss' => '' }.extend(Sandal::Claims)
+      expect { claims.validate_iss(%w(example.org)) }.to raise_error Sandal::ClaimError
+    end
+
+    it 'raises a ClaimError when the issuer string is not a valid issuer' do
+      claims = { 'iss' => 'example.com' }.extend(Sandal::Claims)
+      expect { claims.validate_iss(%w(example.org example.net)) }.to raise_error Sandal::ClaimError
+    end
+
+  end
+
+  context '#validate_nbf' do
+
+    it 'succeeds when the not-before claim is missing' do
+      claims = {}.extend(Sandal::Claims)
+      claims.validate_nbf
+    end
+
+    it 'succeeds when the not-before time is in the past' do
+      claims = { 'nbf' => (Time.now - 300).to_i }.extend(Sandal::Claims)
+      claims.validate_nbf
+    end
+
+    it 'succeeds when the not-before time is in the future but within the max clock skew' do
+      claims = { 'nbf' => (Time.now + 60).to_i }.extend(Sandal::Claims)
+      claims.validate_nbf(120)
+    end
+
+    it 'raises a ClaimError when the not-before time is in the future with no clock skew' do
+      claims = { 'nbf' => (Time.now + 300).to_i }.extend(Sandal::Claims)
+      expect { claims.validate_nbf }.to raise_error Sandal::ClaimError
+    end
+
+    it 'raises a ClaimError when the not-before time is in the future and outside the max clock skew' do
+      claims = { 'nbf' => (Time.now + 300).to_i }.extend(Sandal::Claims)
+      expect { claims.validate_nbf(120) }.to raise_error Sandal::ClaimError
+    end
+
+  end
+
+end

data/spec/sandal/enc/a128cbc_hs256_spec.rb

@@ -1,10 +1,11 @@
 require 'helper'
 require 'openssl'
-require 'securerandom'
+require_relative 'shared_examples'
 
 # TODO: These tests are really for the Sandal module rather than just the algorithm -- move them!
 
 describe Sandal::Enc::A128CBC_HS256 do
+  include_examples 'algorithm compatibility', Sandal::Enc::A128CBC_HS256
 
   # these tests don't run with jruby as it errors when you try and set rsa.d parameter directly
   context 'using the example RSA key from JWE section A.2', :jruby_incompatible do
@@ -20,7 +21,7 @@ describe Sandal::Enc::A128CBC_HS256 do
       token = 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2In0.ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q.AxY8DCtDaGlsbGljb3RoZQ.Rxsjg6PIExcmGSF7LnSEkDqWIKfAw1wZz2XpabV5PwQsolKwEauWYZNE9Q1hZJEZ.8LXqMd0JLGsxMaB5uoNaMpg7uUW_p40RlaZHCwMIyzk'
       payload = Sandal.decrypt_token(token) do |header|
         alg = Sandal::Enc::Alg::RSA1_5.new(@rsa)
-        encrypter = Sandal::Enc::A128CBC_HS256.new(alg)
+        Sandal::Enc::A128CBC_HS256.new(alg)
       end
       payload.should == 'No matter where you go, there you are.'
     end
@@ -29,7 +30,7 @@ describe Sandal::Enc::A128CBC_HS256 do
       token = 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2In0.ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q.AxY8DCtDaGlsbGljb3RoZQ.Rxsjg6PIExcmGSF7LnSEkDqWIKfAw1wZz2XpabV5PwQsolKwEauWYZNE9Q1hZJEZ.7V5ZDko0v_mf2PAc4JMiUg'
       expect { Sandal.decrypt_token(token) do |header|
         alg = Sandal::Enc::Alg::RSA1_5.new(@rsa)
-        encrypter = Sandal::Enc::A128CBC_HS256.new(alg)
+        Sandal::Enc::A128CBC_HS256.new(alg)
       end }.to raise_error Sandal::TokenError, 'Invalid integrity value.'
     end
 
@@ -40,45 +41,8 @@ describe Sandal::Enc::A128CBC_HS256 do
     expect { Sandal.decrypt_token(token) do |header|
       rsa = OpenSSL::PKey::RSA.new(2048)
       alg = Sandal::Enc::Alg::RSA1_5.new(rsa)
-      encrypter = Sandal::Enc::A128CBC_HS256.new(alg)
-    end }.to raise_error Sandal::TokenError, 'Failed to decrypt the content master key.'
-  end
-
-  it 'can encrypt and decrypt tokens with the "dir" algorithm' do
-    payload = 'Some text to encrypt'
-    content_master_key = SecureRandom.random_bytes(16)
-
-    encrypter = Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::Direct.new(content_master_key))
-    token = Sandal.encrypt_token(payload, encrypter)
-
-    output = Sandal.decrypt_token(token) { encrypter }
-    output.should == payload
-  end
-
-  it 'can encrypt and decrypt tokens with the RSA1_5 algorithm' do
-    payload = 'Some other text to encrypt'
-    rsa = OpenSSL::PKey::RSA.new(2048)
-
-    encrypter = Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA1_5.new(rsa.public_key))
-    token = Sandal.encrypt_token(payload, encrypter)
-
-    output = Sandal.decrypt_token(token) do 
-      Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA1_5.new(rsa))
-    end
-    output.should == payload
-  end
-
-  it 'can encrypt and decrypt tokens with the RSA-OAEP algorithm' do
-    payload = 'Some more text to encrypt'
-    rsa = OpenSSL::PKey::RSA.new(2048)
-
-    encrypter = Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa.public_key))
-    token = Sandal.encrypt_token(payload, encrypter)
-
-    output = Sandal.decrypt_token(token) do 
-      Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa))
-    end
-    output.should == payload
+      Sandal::Enc::A128CBC_HS256.new(alg)
+    end }.to raise_error Sandal::TokenError, 'Cannot decrypt content master key.'
   end
 
 end

data/spec/sandal/enc/a128gcm_spec.rb

@@ -1,26 +1,13 @@
 require 'helper'
 require 'openssl'
-require 'securerandom'
+require_relative 'shared_examples'
 
 # TODO: These tests are really for the Sandal module rather than just the algorithm -- move them!
 
 if defined? Sandal::Enc::A128GCM
 
 describe Sandal::Enc::A128GCM do
-
-  it 'can encrypt and decrypt tokens with the RSA-OAEP algorithm' do
-    payload = 'Some more text to encrypt'
-    rsa = OpenSSL::PKey::RSA.new(2048)
-
-    encrypter = Sandal::Enc::A128GCM.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa.public_key))
-    token = Sandal.encrypt_token(payload, encrypter)
-
-    output = Sandal.decrypt_token(token) do 
-      Sandal::Enc::A128GCM.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa))
-    end
-    output.should == payload
-  end
-
+  include_examples 'algorithm compatibility', Sandal::Enc::A128GCM
 end
 
 end

data/spec/sandal/enc/a256cbc_hs512_spec.rb

@@ -0,0 +1,10 @@
+require 'helper'
+require 'openssl'
+require_relative 'shared_examples'
+
+# TODO: These tests are really for the Sandal module rather than just the algorithm -- move them!
+
+describe Sandal::Enc::A256CBC_HS512 do
+  include_examples 'algorithm compatibility', Sandal::Enc::A256CBC_HS512
+end
+

data/spec/sandal/enc/a256gcm_spec.rb

@@ -0,0 +1,52 @@
+require 'helper'
+require 'openssl'
+require_relative 'shared_examples'
+
+# TODO: These tests are really for the Sandal module rather than just the algorithm -- move them!
+
+if defined? Sandal::Enc::A256GCM
+
+describe Sandal::Enc::A256GCM do
+  include_examples 'algorithm compatibility', Sandal::Enc::A256GCM
+
+  # these tests don't run with jruby as it errors when you try and set rsa.d parameter directly
+  context 'using the example RSA key from JWE section A.1', :jruby_incompatible do
+
+    before :all do
+      @rsa = OpenSSL::PKey::RSA.new(2048)
+      @rsa.n = make_bn([161, 168, 84, 34, 133, 176, 208, 173, 46, 176, 163, 110, 57, 30, 135, 227, 9, 31, 226, 128, 84, 92, 116, 241, 70, 248, 27, 227, 193, 62, 5, 91, 241, 145, 224, 205, 141, 176, 184, 133, 239, 43, 81, 103, 9, 161, 153, 157, 179, 104, 123, 51, 189, 34, 152, 69, 97, 69, 78, 93, 140, 131, 87, 182, 169, 101, 92, 142, 3, 22, 167, 8, 212, 56, 35, 79, 210, 222, 192, 208, 252, 49, 109, 138, 173, 253, 210, 166, 201, 63, 102, 74, 5, 158, 41, 90, 144, 108, 160, 79, 10, 89, 222, 231, 172, 31, 227, 197, 0, 19, 72, 81, 138, 78, 136, 221, 121, 118, 196, 17, 146, 10, 244, 188, 72, 113, 55, 221, 162, 217, 171, 27, 57, 233, 210, 101, 236, 154, 199, 56, 138, 239, 101, 48, 198, 186, 202, 160, 76, 111, 234, 71, 57, 183, 5, 211, 171, 136, 126, 64, 40, 75, 58, 89, 244, 254, 107, 84, 103, 7, 236, 69, 163, 18, 180, 251, 58, 153, 46, 151, 174, 12, 103, 197, 181, 161, 162, 55, 250, 235, 123, 110, 17, 11, 158, 24, 47, 133, 8, 199, 235, 107, 126, 130, 246, 73, 195, 20, 108, 202, 176, 214, 187, 45, 146, 182, 118, 54, 32, 200, 61, 201, 71, 243, 1, 255, 131, 84, 37, 111, 211, 168, 228, 45, 192, 118, 27, 197, 235, 232, 36, 10, 230, 248, 190, 82, 182, 140, 35, 204, 108, 190, 253, 186, 186, 27])
+      @rsa.e = make_bn([1, 0, 1])
+      @rsa.d = make_bn([144, 183, 109, 34, 62, 134, 108, 57, 44, 252, 10, 66, 73, 54, 16, 181, 233, 92, 54, 219, 101, 42, 35, 178, 63, 51, 43, 92, 119, 136, 251, 41, 53, 23, 191, 164, 164, 60, 88, 227, 229, 152, 228, 213, 149, 228, 169, 237, 104, 71, 151, 75, 88, 252, 216, 77, 251, 231, 28, 97, 88, 193, 215, 202, 248, 216, 121, 195, 211, 245, 250, 112, 71, 243, 61, 129, 95, 39, 244, 122, 225, 217, 169, 211, 165, 48, 253, 220, 59, 122, 219, 42, 86, 223, 32, 236, 39, 48, 103, 78, 122, 216, 187, 88, 176, 89, 24, 1, 42, 177, 24, 99, 142, 170, 1, 146, 43, 3, 108, 64, 194, 121, 182, 95, 187, 134, 71, 88, 96, 134, 74, 131, 167, 69, 106, 143, 121, 27, 72, 44, 245, 95, 39, 194, 179, 175, 203, 122, 16, 112, 183, 17, 200, 202, 31, 17, 138, 156, 184, 210, 157, 184, 154, 131, 128, 110, 12, 85, 195, 122, 241, 79, 251, 229, 183, 117, 21, 123, 133, 142, 220, 153, 9, 59, 57, 105, 81, 255, 138, 77, 82, 54, 62, 216, 38, 249, 208, 17, 197, 49, 45, 19, 232, 157, 251, 131, 137, 175, 72, 126, 43, 229, 69, 179, 117, 82, 157, 213, 83, 35, 57, 210, 197, 252, 171, 143, 194, 11, 47, 163, 6, 253, 75, 252, 96, 11, 187, 84, 130, 210, 7, 121, 78, 91, 79, 57, 251, 138, 132, 220, 60, 224, 173, 56, 224, 201])
+    end
+
+    it 'can decrypt the example token' do
+      token = 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.M2XxpbORKezKSzzQL_95-GjiudRBTqn_omS8z9xgoRb7L0Jw5UsEbxmtyHn2T71mrZLkjg4Mp8gbhYoltPkEOHvAopz25-vZ8C2e1cOaAo5WPcbSIuFcB4DjBOM3t0UAO6JHkWLuAEYoe58lcxIQneyKdaYSLbV9cKqoUoFQpvKWYRHZbfszIyfsa18rmgTjzrtLDTPnc09DSJE24aQ8w3i8RXEDthW9T1J6LsTH_vwHdwUgkI-tC2PNeGrnM-dNSfzF3Y7-lwcGy0FsdXkPXytvDV7y4pZeeUiQ-0VdibIN2AjjfW60nfrPuOjepMFG6BBBbR37pHcyzext9epOAQ.48V1_ALb6US04U3b._e21tGGhac_peEFkLXr2dMPUZiUkrw.7V5ZDko0v_mf2PAc4JMiUg'
+      payload = Sandal.decrypt_token(token) do |header|
+        alg = Sandal::Enc::Alg::RSA_OAEP.new(@rsa)
+        Sandal::Enc::A256GCM.new(alg)
+      end
+      payload.should == 'Live long and prosper.'
+    end
+
+    it 'raises a token error when the integrity value is changed' do
+      token = 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.M2XxpbORKezKSzzQL_95-GjiudRBTqn_omS8z9xgoRb7L0Jw5UsEbxmtyHn2T71mrZLkjg4Mp8gbhYoltPkEOHvAopz25-vZ8C2e1cOaAo5WPcbSIuFcB4DjBOM3t0UAO6JHkWLuAEYoe58lcxIQneyKdaYSLbV9cKqoUoFQpvKWYRHZbfszIyfsa18rmgTjzrtLDTPnc09DSJE24aQ8w3i8RXEDthW9T1J6LsTH_vwHdwUgkI-tC2PNeGrnM-dNSfzF3Y7-lwcGy0FsdXkPXytvDV7y4pZeeUiQ-0VdibIN2AjjfW60nfrPuOjepMFG6BBBbR37pHcyzext9epOAQ.48V1_ALb6US04U3b._e21tGGhac_peEFkLXr2dMPUZiUkrw.8LXqMd0JLGsxMaB5uoNaMpg7uUW_p40RlaZHCwMIyzk'
+      expect { Sandal.decrypt_token(token) do |header|
+        alg = Sandal::Enc::Alg::RSA_OAEP.new(@rsa)
+        Sandal::Enc::A256GCM.new(alg)
+      end }.to raise_error Sandal::TokenError, 'Invalid token.'
+    end
+
+  end
+
+  it 'raises a token error when the RSA keys JWE section A.1 are changed' do
+    token = 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.M2XxpbORKezKSzzQL_95-GjiudRBTqn_omS8z9xgoRb7L0Jw5UsEbxmtyHn2T71mrZLkjg4Mp8gbhYoltPkEOHvAopz25-vZ8C2e1cOaAo5WPcbSIuFcB4DjBOM3t0UAO6JHkWLuAEYoe58lcxIQneyKdaYSLbV9cKqoUoFQpvKWYRHZbfszIyfsa18rmgTjzrtLDTPnc09DSJE24aQ8w3i8RXEDthW9T1J6LsTH_vwHdwUgkI-tC2PNeGrnM-dNSfzF3Y7-lwcGy0FsdXkPXytvDV7y4pZeeUiQ-0VdibIN2AjjfW60nfrPuOjepMFG6BBBbR37pHcyzext9epOAQ.48V1_ALb6US04U3b._e21tGGhac_peEFkLXr2dMPUZiUkrw.8LXqMd0JLGsxMaB5uoNaMpg7uUW_p40RlaZHCwMIyzk'
+    expect { Sandal.decrypt_token(token) do |header|
+      rsa = OpenSSL::PKey::RSA.new(2048)
+      alg = Sandal::Enc::Alg::RSA_OAEP.new(rsa)
+      Sandal::Enc::A256GCM.new(alg)
+    end }.to raise_error Sandal::TokenError, 'Cannot decrypt content master key.'
+  end
+
+end
+
+end

data/spec/sandal/enc/alg/direct_spec.rb

@@ -0,0 +1,55 @@
+require 'helper'
+require 'openssl'
+
+describe Sandal::Enc::Alg::Direct do
+
+  context '#name' do
+
+    it 'is "dir"' do
+      alg = Sandal::Enc::Alg::Direct.new('some cmk')
+      alg.name.should == 'dir'
+    end
+
+  end
+
+  context '#cmk' do
+
+    it 'returns the real CMK' do
+      cmk = 'the real cmk'
+      alg = Sandal::Enc::Alg::Direct.new(cmk)
+      alg.cmk.should == cmk
+    end
+
+  end
+
+  context '#encrypt_cmk' do
+
+    it 'returns an empty string' do
+      alg = Sandal::Enc::Alg::Direct.new('the real cmk')
+      alg.encrypt_cmk('any value').should == ''
+    end
+
+  end
+
+  context '#decrypt_cmk' do
+
+    it 'returns the real CMK when the value to decrypt is nil' do
+      cmk = 'the real cmk'
+      alg = Sandal::Enc::Alg::Direct.new(cmk)
+      alg.decrypt_cmk(nil).should == cmk
+    end
+
+    it 'returns the real CMK when the value to decrypt is empty' do
+      cmk = 'the real cmk'
+      alg = Sandal::Enc::Alg::Direct.new(cmk)
+      alg.decrypt_cmk('').should == cmk
+    end
+
+    it 'raises a TokenError if the value to decrypt is not nil or empty' do
+      alg = Sandal::Enc::Alg::Direct.new('the real cmk')
+      expect { alg.decrypt_cmk('a value') }.to raise_error Sandal::TokenError
+    end
+
+  end
+
+end