virgil-jwt 1.0.0

data/lib/virgil/jwt/bytes.rb

@@ -0,0 +1,125 @@
+# Copyright (C) 2015-2019 Virgil Security Inc.
+#
+# Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#   (1) Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+#   (2) Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+#
+#   (3) Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, bytes, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+require 'base64'
+require 'json'
+
+module Virgil
+  module Jwt
+    class Bytes < Array
+      # Initializes a new array of bytes from specified string, which encodes binary data.
+      # @param str [String] String to decode.
+      # @param encoding [VirgilStringEncoding] The character encoding of string.
+      # @raise [ArgumentError] if encoding is undefined
+      def self.from_string(str, encoding = VirgilStringEncoding::UTF8)
+        case encoding
+        when VirgilStringEncoding::BASE64
+          from_base64(str)
+        when VirgilStringEncoding::HEX
+          from_hex(str)
+        when VirgilStringEncoding::UTF8
+          from_utf8(str)
+        else
+          raise ArgumentError, 'Encoding is undefined'
+        end
+      end
+
+      # Decodes the current bytes to a string according to the specified
+      # character encoding.
+      # @param encoding [VirgilStringEncoding] The character encoding to encode to.
+      #    equivalent string representation if raw bytes in selected encoding.
+      # @return [String]
+      # @raise [ArgumentError] if encoding is undefined
+      def to_string(encoding = VirgilStringEncoding::UTF8)
+        case encoding
+        when VirgilStringEncoding::BASE64
+          to_base64
+        when VirgilStringEncoding::HEX
+          to_hex
+        when VirgilStringEncoding::UTF8
+          to_s
+        else
+          raise ArgumentError, 'Encoding is undefined'
+        end
+      end
+
+      # Converts all the bytes to its equivalent string representation in utf8.
+      def to_s
+        pack('c*')
+      end
+
+      # Initializes a new array of bytes from specified string,
+      # which encodes binary data as base-64 digits.
+      def self.from_base64(str)
+        new(Base64.decode64(str).bytes)
+      end
+
+      # Initializes a new array of bytes from specified string,
+      # which encodes binary data as utf8.
+      def self.from_utf8(str)
+        new(str.bytes)
+      end
+
+      # Initializes a new array of bytes from specified string,
+      # which encodes binary data as hexadecimal digits.
+      def self.from_hex(str)
+        new(str.scan(/../).map { |x| x.hex })
+      end
+
+      # Converts all the bytes to its equivalent string representation that
+      # is encoded with base-64 digits.
+      def to_base64
+        Base64.strict_encode64(to_s)
+      end
+
+      # Encodes all the bytes into a utf8 string.
+      def to_utf8
+        to_s
+      end
+
+      # Converts the numeric value of each element of a current array of bytes to its
+      # equivalent hexadecimal string representation.
+      def to_hex
+        to_s.each_byte.map { |b| b.to_s(16) }.join
+      end
+
+    end
+
+    module VirgilStringEncoding
+      BASE64 = 1
+      HEX = 2
+      UTF8 = 3
+    end
+  end
+end

data/lib/virgil/jwt/caching_jwt_provider.rb

@@ -0,0 +1,74 @@
+# Copyright (C) 2015-2019 Virgil Security Inc.
+#
+# Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#   (1) Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+#   (2) Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+#
+#   (3) Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, bytes, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+require 'thread'
+
+module Virgil
+  module Jwt
+
+    # Provides an opportunity to
+    # get cached access token or renew it using callback mechanism.
+    class CachingJwtProvider < AccessTokenProvider
+
+      # Callback, that takes an instance of [TokenContext]
+      # and returns string representation of generated instance of [AccessToken]
+      # @return [Proc]
+      attr_reader :renew_access_token_proc
+
+      @@mutex = Mutex.new
+      def initialize(obtain_token_proc)
+        Validation.check_type_argument!(Proc, obtain_token_proc)
+        @renew_access_token_proc = obtain_token_proc
+      end
+
+      # Gets cached or renewed access token.
+      # @param token_context an instance of [TokenContext]
+      # @return The instance of [AccessToken]
+      def get_token(token_context)
+        Validation.check_type_argument!(TokenContext, token_context)
+
+        if !@jwt || (@jwt.body_content.expires_at <= Time.at(Time.now.utc.to_i + 5).utc)
+          @@mutex.synchronize {
+            jwt_str = @renew_access_token_proc.call(token_context)
+            @jwt = Jwt.from(jwt_str)
+          }
+        end
+        @jwt
+      end
+
+      private
+
+      attr_reader :jwt
+    end
+  end
+end

data/lib/virgil/jwt/callback_jwt_provider.rb

@@ -0,0 +1,60 @@
+# Copyright (C) 2015-2019 Virgil Security Inc.
+#
+# Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#   (1) Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+#   (2) Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+#
+#   (3) Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, bytes, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+module Virgil
+  module Jwt
+    # provides an opportunity to
+    # get access token using callback mechanism.
+    class CallbackJwtProvider < AccessTokenProvider
+
+      # Callback, that takes an instance of [TokenContext]
+      # and returns string representation of generated instance of [AccessToken]
+      attr_reader :obtain_access_token_proc
+
+      def initialize(obtain_token_proc)
+        Validation.check_type_argument!(Proc, obtain_token_proc)
+        @obtain_access_token_proc = obtain_token_proc
+      end
+
+      # Gets access token.
+      # @param token_context [TokenContext]
+      # @return [AccessToken] Access token
+      def get_token(token_context)
+        Validation.check_type_argument!(TokenContext, token_context)
+        jwt_str = @obtain_access_token_proc.call(token_context)
+        Jwt.from(jwt_str)
+      end
+    end
+  end
+end

data/lib/virgil/jwt/const_access_token_provider.rb

@@ -0,0 +1,56 @@
+# Copyright (C) 2015-2019 Virgil Security Inc.
+#
+# Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#   (1) Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+#   (2) Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+#
+#   (3) Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, bytes, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+module Virgil
+  module Jwt
+    # Provides an opportunity to use constant access token.
+    class ConstAccessTokenProvider < AccessTokenProvider
+      def initialize(token)
+        @access_token = token
+      end
+
+      # Gets access token.
+      # @param token_context [TokenContext] can be null as
+      # it does not affect the result.
+      # @return [AccessToken]
+      def get_token(token_context)
+        access_token
+      end
+
+      private
+
+      attr_reader :access_token
+    end
+  end
+end

data/lib/virgil/jwt/jwt.rb

@@ -0,0 +1,132 @@
+# Copyright (C) 2015-2019 Virgil Security Inc.
+#
+# Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#   (1) Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+#   (2) Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+#
+#   (3) Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, bytes, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+module Virgil
+  module Jwt
+    # Implements [AccessToken] in terms of Virgil JWT.
+    class Jwt < AccessToken
+      # Gets a jwt body
+      # @return [JwtBodyContent]
+      attr_reader :body_content
+
+      # Gets a jwt header
+      # @return [JwtHeaderContent]
+      attr_reader :header_content
+
+      # Gets a digital signature of jwt
+      # @return [Bytes]
+      attr_reader :signature_data
+
+      # String representation of jwt without signature.
+      # It equals to:
+      # Base64.urlsafe_encode64(JWT Header) + "." + Base64.urlsafe_encode64(JWT Body)
+      # @return [String]
+      attr_reader :unsigned_data
+
+      #  Initializes a new instance of the [Jwt] class using specified header,
+      # body and signature.
+      # @param header_content [JwtHeaderContext] jwt header
+      # @param body_content [JwtBodyContent] jwt body
+      # @param signature_data [Bytes] jwt signature data
+      def initialize(header_content:, body_content:, signature_data:)
+        @header_content = header_content
+        @body_content = body_content
+        @signature_data = signature_data
+        @string_representation = "#{header_base64}.#{body_base64}"
+        @unsigned_data = Bytes.from_string(@string_representation)
+        @string_representation += ".#{signature_base64}" unless @signature_data.nil?
+      end
+
+      #  Initializes a new instance of the [Jwt] class using
+      # its string representation
+      # @param jwt_str [String] string representation of signed jwt.
+      # It must be equal to:
+      #  Base64.urlsafe_encode64(jwt_header.to_base64) + "."
+      # + Base64.urlsafe_encode64(JWT Body) "."
+      # + Base64.urlsafe_encode64(Jwt Signature).
+      # @return [Jwt]
+      def self.from(jwt_str)
+        begin
+          parts = jwt_str.split('.')
+          raise ArgumentError unless parts.size == 3
+          signature_data = Bytes.new(Base64.urlsafe_decode64(parts[2]).bytes)
+          new(header_content: parse_header_content(parts[0]),
+              body_content: parse_body_content(parts[1]),
+              signature_data: signature_data)
+        rescue StandardError
+          raise ArgumentError, 'Wrong JWT format.'
+        end
+
+      end
+
+      # String representation of jwt.
+      # @return [String]
+      def to_s
+        @string_representation
+      end
+
+      # Whether or not token is expired.
+      # @return [TrueClass]
+      def expired?
+        Time.now.utc >= @body_content.expires_at
+      end
+
+      private
+
+      attr_reader :string_representation
+
+      def self.parse_body_content(str)
+        body_json =  Base64.urlsafe_decode64(str)
+        JwtBodyContent.restore_from_json(body_json)
+      end
+
+      def self.parse_header_content(str)
+        header_json = Base64.urlsafe_decode64(str)
+        JwtHeaderContent.restore_from_json(header_json)
+      end
+
+      def header_base64
+        Base64.urlsafe_encode64(@header_content.to_json, padding: false)
+      end
+
+      def body_base64
+        Base64.urlsafe_encode64(@body_content.to_json, padding: false)
+      end
+
+      def signature_base64
+        Base64.urlsafe_encode64(@signature_data.to_s, padding: false)
+      end
+    end
+  end
+end