sandal 0.5.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5ea79b1b4960ee68f883439155f86e455f840297
-  data.tar.gz: 88fe766c7e0dd6f42ffe8cc9e362bd4f9d4dcf1c
+  metadata.gz: e87dc3dc16b78944fbce50e48565012d79f087f6
+  data.tar.gz: 59b76ed79701856db73f2967da1818063fa58400
 SHA512:
-  metadata.gz: 8caf814bd10d413690942fde42d319a9b1d65afcef90c3ebf19f27f35b731e2d48c4d4225fb0700a60c9841c98ea46a6e34c610b40d93cf5584c605b6144621a
-  data.tar.gz: 978832491980e5e85b83bdac17e4c615cddc01594600785db0e7b7a621d459b7955003ab0352dac65ba803ded8890780cb609895528a6f35f60e107938dc8be6
+  metadata.gz: 2ebe5600b88a9026de7b5056b0d26832f259adb47556a5cbe7eb51d07e6ec9eddc08ae289769ce260bf053d424521cb21c4cd394c273bf11d084fab7c2122b3d
+  data.tar.gz: 78a7d2f1a4a13330719adb344534882ee8652dcf26ad3966c3f9532a61682daaddcc409fee36d7e5f008d1c0f5f4b2a9defc2ec9fff44a4f685b65d3c3633c8c

data/lib/sandal.rb

@@ -13,7 +13,6 @@ require "sandal/util"
 #
 # Currently supports draft-07 of the JWT spec, and draft-10 of the JWS and JWE specs.
 module Sandal
-  extend Sandal::Util
 
   # The base error for all errors raised by this library.
   class Error < StandardError; end
@@ -112,9 +111,9 @@ module Sandal
 
     payload = MultiJson.dump(payload) unless payload.is_a?(String)
 
-    sec_input = [header, payload].map { |p| jwt_base64_encode(p) }.join(".")
+    sec_input = [header, payload].map { |p| Sandal::Util.jwt_base64_encode(p) }.join(".")
     signature = signer.sign(sec_input)
-    [sec_input, jwt_base64_encode(signature)].join(".")
+    [sec_input, Sandal::Util.jwt_base64_encode(signature)].join(".")
   end
 
   # Creates an encrypted JSON Web Token.
@@ -206,7 +205,7 @@ module Sandal
 
   # Decodes the parts of a token.
   def self.decode_token_parts(parts)
-    parts = parts.map { |part| jwt_base64_decode(part) }
+    parts = parts.map { |part| Sandal::Util.jwt_base64_decode(part) }
     parts[0] = MultiJson.load(parts[0])
     parts
   rescue

data/lib/sandal/enc.rb

@@ -12,7 +12,7 @@ module Sandal
     def self.token_parts(token)
       parts = token.is_a?(Array) ? token : token.split(".")
       raise ArgumentError unless parts.length == 5
-      decoded_parts = parts.map { |part| jwt_base64_decode(part) }
+      decoded_parts = parts.map { |part| Sandal::Util.jwt_base64_decode(part) }
       return parts, decoded_parts
     rescue ArgumentError
       raise Sandal::InvalidTokenError, "Invalid token encoding."

data/lib/sandal/enc/acbc_hs.rb

@@ -6,7 +6,6 @@ module Sandal
 
     # Base implementation of the A*CBC-HS* family of encryption methods.
     class ACBC_HS
-      include Sandal::Util
 
       # The JWA name of the encryption method.
       attr_reader :name
@@ -44,13 +43,13 @@ module Sandal
         cipher.iv = iv = SecureRandom.random_bytes(16)
         ciphertext = cipher.update(payload) + cipher.final
 
-        auth_data = jwt_base64_encode(header)
+        auth_data = Sandal::Util.jwt_base64_encode(header)
         auth_data_length = [auth_data.length * 8].pack("Q>")
         mac_input = [auth_data, iv, ciphertext, auth_data_length].join
         mac = OpenSSL::HMAC.digest(@digest, mac_key, mac_input)
         auth_tag = mac[0...(mac.length / 2)]
 
-        remainder = [encrypted_key, iv, ciphertext, auth_tag].map { |part| jwt_base64_encode(part) }
+        remainder = [encrypted_key, iv, ciphertext, auth_tag].map { |part| Sandal::Util.jwt_base64_encode(part) }
         [auth_data, *remainder].join(".")
       end
 

data/lib/sandal/enc/agcm.rb

@@ -6,7 +6,6 @@ module Sandal
 
     # Base implementation of the A*GCM family of encryption methods.
     class AGCM
-      include Sandal::Util
 
       @@iv_size = 96
       @@auth_tag_size = 128
@@ -41,12 +40,12 @@ module Sandal
         cipher.key = key
         cipher.iv = iv = SecureRandom.random_bytes(@@iv_size / 8)
 
-        auth_data = jwt_base64_encode(header)
+        auth_data = Sandal::Util.jwt_base64_encode(header)
         cipher.auth_data  = auth_data
 
         ciphertext = cipher.update(payload) + cipher.final
         remaining_parts = [encrypted_key, iv, ciphertext, cipher.auth_tag(@@auth_tag_size / 8)]
-        remaining_parts.map! { |part| jwt_base64_encode(part) }
+        remaining_parts.map! { |part| Sandal::Util.jwt_base64_encode(part) }
         [auth_data, *remaining_parts].join(".")
       end
 

data/lib/sandal/sig/hs.rb

@@ -5,7 +5,6 @@ module Sandal
 
     # Base implementation of the HMAC-SHA family of signature algorithms.
     class HS
-      include Sandal::Util
 
       # The JWA name of the algorithm.
       attr_reader :name
@@ -36,7 +35,7 @@ module Sandal
       # @param payload [String] The payload of the token.
       # @return [Boolean] true if the signature is correct; otherwise false.
       def valid?(signature, payload)
-        jwt_strings_equal?(sign(payload), signature)
+        Sandal::Util.jwt_strings_equal?(sign(payload), signature)
       end
 
     end

data/lib/sandal/util.rb

@@ -5,8 +5,6 @@ module Sandal
   # Implements some JWT utility functions. Shouldn't be needed by most people 
   # but may be useful if you're developing an extension to the library.
   module Util
-
-    private
     
     # A string equality function that compares Unicode codepoints, and also 
     # doesn't short-circuit the equality check to help protect against timing 
@@ -19,7 +17,7 @@ module Sandal
     # @param a [String] The first string.
     # @param b [String] The second string.
     # @return [Boolean] true if the strings are equal; otherwise false.
-    def jwt_strings_equal?(a, b)
+    def self.jwt_strings_equal?(a, b)
       return true if a.object_id == b.object_id
       return false if a.nil? || b.nil? || a.length != b.length
       a.codepoints.zip(b.codepoints).reduce(0) { |r, (x, y)| r |= x ^ y } == 0
@@ -29,7 +27,7 @@ module Sandal
     #
     # @param s [String] The string to encode.
     # @return [String] The encoded base64 string.
-    def jwt_base64_encode(s)
+    def self.jwt_base64_encode(s)
       Base64.urlsafe_encode64(s).gsub(/=+$/, "")
     end
 
@@ -38,7 +36,7 @@ module Sandal
     # @param s [String] The base64 string to decode.
     # @return [String] The decoded string.
     # @raise [ArgumentError] The base64 string is invalid or contains padding.
-    def jwt_base64_decode(s)
+    def self.jwt_base64_decode(s)
       if s.end_with?("=")
         raise ArgumentError, "Base64 strings must not contain padding."
       end

data/lib/sandal/version.rb

@@ -1,4 +1,4 @@
 module Sandal
   # The semantic version of the library.
-  VERSION = "0.5.0"
+  VERSION = "0.5.1"
 end

data/sandal.gemspec

@@ -1,33 +1,33 @@
 ($LOAD_PATH << File.expand_path("../lib", __FILE__)).uniq!
-require 'sandal/version'
+require "sandal/version"
 
 Gem::Specification.new do |s|
-  s.name = 'sandal'
+  s.name = "sandal"
   s.version = Sandal::VERSION
-  s.summary = 'A JSON Web Token (JWT) library.'
-  s.description = 'A ruby library for creating and reading JSON Web Tokens (JWT), supporting JSON Web Signatures (JWS) and JSON Web Encryption (JWE).'
-  s.author = 'Greg Beech'
-  s.email = 'greg@gregbeech.com'
-  s.homepage = 'http://rubygems.org/gems/sandal'
-  s.license = 'MIT'
+  s.summary = "A JSON Web Token (JWT) library."
+  s.description = "A ruby library for creating and reading JSON Web Tokens (JWT), supporting JSON Web Signatures (JWS) and JSON Web Encryption (JWE)."
+  s.author = "Greg Beech"
+  s.email = "greg@gregbeech.com"
+  s.homepage = "http://rubygems.org/gems/sandal"
+  s.license = "MIT"
 
   s.files = `git ls-files`.split($/)
   s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.test_files = s.files.grep(%r{^(test|spec|features)/})
-  s.require_paths = ['lib']
-  s.extra_rdoc_files = ['README.md', 'LICENSE.md']
+  s.require_paths = ["lib"]
+  s.extra_rdoc_files = ["README.md", "LICENSE.md", "CHANGELOG.md"]
 
-  s.add_runtime_dependency 'multi_json', '~> 1.7'
-  s.add_runtime_dependency 'jruby-openssl', '~> 0.7', '>= 0.7.3' if RUBY_PLATFORM == 'java'
+  s.add_runtime_dependency "multi_json", "~> 1.7"
+  s.add_runtime_dependency "jruby-openssl", "~> 0.7", ">= 0.7.3" if RUBY_PLATFORM == "java"
 
-  s.add_development_dependency 'bundler', '>= 1.3'
-  s.add_development_dependency 'rake', '>= 10.0'
-  s.add_development_dependency 'rspec', '>= 2.13'
-  s.add_development_dependency 'simplecov', '>= 0.7'
-  s.add_development_dependency 'coveralls', '>= 0.6'
-  s.add_development_dependency 'yard', '>= 0.8'
-  s.add_development_dependency 'redcarpet', '>= 2.2' unless RUBY_PLATFORM == 'java' # for yard
-  s.add_development_dependency 'kramdown', '>= 1.0' if RUBY_PLATFORM == 'java'      # for yard
+  s.add_development_dependency "bundler", ">= 1.3"
+  s.add_development_dependency "rake", ">= 10.0"
+  s.add_development_dependency "rspec", ">= 2.13"
+  s.add_development_dependency "simplecov", ">= 0.7"
+  s.add_development_dependency "coveralls", ">= 0.6"
+  s.add_development_dependency "yard", ">= 0.8"
+  s.add_development_dependency "redcarpet", ">= 2.2" unless RUBY_PLATFORM == "java" # for yard
+  s.add_development_dependency "kramdown", ">= 1.0" if RUBY_PLATFORM == "java"      # for yard
 
-  s.requirements << 'openssl 1.0.1c for EC signature methods'
+  s.requirements << "openssl 1.0.1c for EC signature methods"
 end

data/spec/sandal/enc/alg/rsa_spec.rb

@@ -1,8 +1,6 @@
 require "helper"
 require "openssl"
 
-include Sandal::Util
-
 shared_examples "encryption and decryption" do |enc_class|
 
   it "can encrypt and decrypt a content master key" do

data/spec/sandal/sig/es_spec.rb

@@ -1,8 +1,6 @@
 require "helper"
 require "openssl"
 
-include Sandal::Util
-
 # EC isn't implemented in jruby-openssl at the moment
 if defined? Sandal::Sig::ES
 
@@ -111,7 +109,7 @@ describe Sandal::Sig::ES do
       r = make_bn([14, 209, 33, 83, 121, 99, 108, 72, 60, 47, 127, 21, 88, 7, 212, 2, 163, 178, 40, 3, 58, 249, 124, 126, 23, 129, 154, 195, 22, 158, 166, 101])
       s = make_bn([197, 10, 7, 211, 140, 60, 112, 229, 216, 241, 45, 175, 8, 74, 84, 128, 166, 101, 144, 197, 242, 147, 80, 154, 143, 63, 127, 138, 131, 163, 84, 213])
       signature = Sandal::Sig::ES.encode_jws_signature(r, s, 256)
-      base64_signature = jwt_base64_encode(signature)
+      base64_signature = Sandal::Util.jwt_base64_encode(signature)
       base64_signature.should == "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q"
     end
 
@@ -119,7 +117,7 @@ describe Sandal::Sig::ES do
       r = make_bn([1, 220, 12, 129, 231, 171, 194, 209, 232, 135, 233, 117, 247, 105, 122, 210, 26, 125, 192, 1, 217, 21, 82, 91, 45, 240, 255, 83, 19, 34, 239, 71, 48, 157, 147, 152, 105, 18, 53, 108, 163, 214, 68, 231, 62, 153, 150, 106, 194, 164, 246, 72, 143, 138, 24, 50, 129, 223, 133, 206, 209, 172, 63, 237, 119, 109])
       s = make_bn([0, 111, 6, 105, 44, 5, 41, 208, 128, 61, 152, 40, 92, 61, 152, 4, 150, 66, 60, 69, 247, 196, 170, 81, 193, 199, 78, 59, 194, 169, 16, 124, 9, 143, 42, 142, 131, 48, 206, 238, 34, 175, 83, 203, 220, 159, 3, 107, 155, 22, 27, 73, 111, 68, 68, 21, 238, 144, 229, 232, 148, 188, 222, 59, 242, 103])
       signature = Sandal::Sig::ES.encode_jws_signature(r, s, 521)
-      base64_signature = jwt_base64_encode(signature)
+      base64_signature = Sandal::Util.jwt_base64_encode(signature)
       base64_signature.should == "AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn"
     end
 
@@ -144,7 +142,7 @@ describe Sandal::Sig::ES256 do
       y = make_bn([199, 241, 68, 205, 27, 189, 155, 126, 135, 44, 223, 237, 185, 238, 185, 244, 179, 105, 93, 110, 169, 11, 36, 173, 138, 70, 35, 40, 133, 136, 229, 173])
       d = make_bn([142, 155, 16, 158, 113, 144, 152, 191, 152, 4, 135, 223, 31, 93, 119, 233, 203, 41, 96, 110, 190, 210, 38, 59, 95, 87, 194, 19, 223, 132, 244, 178])
       data = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
-      signature = jwt_base64_decode("DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q")
+      signature = Sandal::Util.jwt_base64_decode("DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q")
 
       group = OpenSSL::PKey::EC::Group.new("prime256v1") 
       public_key = OpenSSL::PKey::EC.new(group)
@@ -186,7 +184,7 @@ describe Sandal::Sig::ES512 do
       y = make_bn([0, 52, 166, 68, 14, 55, 103, 80, 210, 55, 31, 209, 189, 194, 200, 243, 183, 29, 47, 78, 229, 234, 52, 50, 200, 21, 204, 163, 21, 96, 254, 93, 147, 135, 236, 119, 75, 85, 131, 134, 48, 229, 203, 191, 90, 140, 190, 10, 145, 221, 0, 100, 198, 153, 154, 31, 110, 110, 103, 250, 221, 237, 228, 200, 200, 246])
       d = make_bn([1, 142, 105, 111, 176, 52, 80, 88, 129, 221, 17, 11, 72, 62, 184, 125, 50, 206, 73, 95, 227, 107, 55, 69, 237, 242, 216, 202, 228, 240, 242, 83, 159, 70, 21, 160, 233, 142, 171, 82, 179, 192, 197, 234, 196, 206, 7, 81, 133, 168, 231, 187, 71, 222, 172, 29, 29, 231, 123, 204, 246, 97, 53, 230, 61, 130]  )
       data = "eyJhbGciOiJFUzUxMiJ9.UGF5bG9hZA"
-      signature = jwt_base64_decode("AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn")
+      signature = Sandal::Util.jwt_base64_decode("AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn")
 
       group = OpenSSL::PKey::EC::Group.new("secp521r1") 
       public_key = OpenSSL::PKey::EC.new(group)

data/spec/sandal/util_spec.rb

@@ -2,24 +2,22 @@ require 'helper'
 require 'openssl'
 require 'benchmark'
 
-include Sandal::Util
-
 describe Sandal::Util do
 
   context '#jwt_base64_decode' do
 
     it 'decodes base64 as per JWT example 6.1' do
       encoded = 'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ'
-      val = jwt_base64_decode(encoded)
+      val = Sandal::Util.jwt_base64_decode(encoded)
       val.should == %!{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}!
     end
 
     it 'raises an ArgumentError if base64 strings contain padding' do
-      expect { jwt_base64_decode('eyJpc3MiOiJq=') }.to raise_error ArgumentError
+      expect { Sandal::Util.jwt_base64_decode('eyJpc3MiOiJq=') }.to raise_error ArgumentError
     end
 
     it 'raises an ArgumentError if base64 strings are invalid' do
-      expect { jwt_base64_decode('not valid base64') }.to raise_error ArgumentError
+      expect { Sandal::Util.jwt_base64_decode('not valid base64') }.to raise_error ArgumentError
     end
 
   end
@@ -28,7 +26,7 @@ describe Sandal::Util do
 
     it 'encodes base64 as per JWT example 6.1' do
       src =  %!{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}!
-      encoded = jwt_base64_encode(src)
+      encoded = Sandal::Util.jwt_base64_encode(src)
       encoded.should == 'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ'
     end
 
@@ -37,31 +35,31 @@ describe Sandal::Util do
   context '#jwt_strings_equal?' do
 
     it 'compares nil strings as equal' do
-      jwt_strings_equal?(nil, nil).should == true
+      Sandal::Util.jwt_strings_equal?(nil, nil).should == true
     end
 
     it 'compares empty strings as equal' do
-      jwt_strings_equal?('', '').should == true
+      Sandal::Util.jwt_strings_equal?('', '').should == true
     end
 
     it 'compares nil strings as unequal to empty strings' do
-      jwt_strings_equal?(nil, '').should == false
-      jwt_strings_equal?('', nil).should == false
+      Sandal::Util.jwt_strings_equal?(nil, '').should == false
+      Sandal::Util.jwt_strings_equal?('', nil).should == false
     end
 
     it 'compares equal strings as equal' do
-      jwt_strings_equal?('hello', 'hello').should == true
-      jwt_strings_equal?('a longer string', 'a longer string').should == true
+      Sandal::Util.jwt_strings_equal?('hello', 'hello').should == true
+      Sandal::Util.jwt_strings_equal?('a longer string', 'a longer string').should == true
     end
 
     it 'compares unequal strings as unequal' do
-      jwt_strings_equal?('hello', 'world').should == false
-      jwt_strings_equal?('a longer string', 'a different longer string').should == false
+      Sandal::Util.jwt_strings_equal?('hello', 'world').should == false
+      Sandal::Util.jwt_strings_equal?('a longer string', 'a different longer string').should == false
     end
 
     it 'compares strings without short-circuiting', :timing_dependent do
       measure_equals = -> a, b do
-        Benchmark.realtime { 100.times { jwt_strings_equal?(a, b) } } 
+        Benchmark.realtime { 100.times { Sandal::Util.jwt_strings_equal?(a, b) } } 
       end
       ref = 'a' * 10000
       cmp1 = ('a' * 9999) + 'b'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sandal
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.1
 platform: ruby
 authors:
 - Greg Beech
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-07 00:00:00.000000000 Z
+date: 2013-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -130,6 +130,7 @@ extensions: []
 extra_rdoc_files:
 - README.md
 - LICENSE.md
+- CHANGELOG.md
 files:
 - .coveralls.yml
 - .gitignore