Hello community, here is the log from the commit of package rubygem-json-jwt for openSUSE:Factory checked in at 2018-05-08 13:37:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-json-jwt (Old) and /work/SRC/openSUSE:Factory/.rubygem-json-jwt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-json-jwt" Tue May 8 13:37:02 2018 rev:3 rq:603057 version:1.9.4 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-json-jwt/rubygem-json-jwt.changes 2018-02-26 23:25:45.289033241 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-json-jwt.new/rubygem-json-jwt.changes 2018-05-08 13:37:02.862186033 +0200 @@ -1,0 +2,18 @@ +Tue May 1 04:07:52 UTC 2018 - [email protected] + +- updated to version 1.9.4 + no changelog found + +------------------------------------------------------------------- +Fri Apr 27 10:07:24 UTC 2018 - [email protected] + +- updated to version 1.9.3 + no changelog found + +------------------------------------------------------------------- +Wed Feb 28 05:30:12 UTC 2018 - [email protected] + +- updated to version 1.9.2 + no changelog found + +------------------------------------------------------------------- Old: ---- json-jwt-1.9.1.gem New: ---- json-jwt-1.9.4.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-json-jwt.spec ++++++ --- /var/tmp/diff_new_pack.9KWr1q/_old 2018-05-08 13:37:03.650157594 +0200 +++ /var/tmp/diff_new_pack.9KWr1q/_new 2018-05-08 13:37:03.682156439 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-json-jwt -Version: 1.9.1 +Version: 1.9.4 Release: 0 %define mod_name json-jwt %define mod_full_name %{mod_name}-%{version} ++++++ json-jwt-1.9.1.gem -> json-jwt-1.9.4.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/VERSION new/VERSION --- old/VERSION 2018-02-23 14:35:33.000000000 +0100 +++ new/VERSION 2018-05-01 05:21:53.000000000 +0200 @@ -1 +1 @@ -1.9.1 \ No newline at end of file +1.9.4 \ No newline at end of file Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/json-jwt.gemspec new/json-jwt.gemspec --- old/json-jwt.gemspec 2018-02-23 14:35:33.000000000 +0100 +++ new/json-jwt.gemspec 2018-05-01 05:21:53.000000000 +0200 @@ -11,10 +11,9 @@ gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) } gem.require_paths = ['lib'] - gem.add_runtime_dependency 'url_safe_base64' gem.add_runtime_dependency 'activesupport' gem.add_runtime_dependency 'bindata' - gem.add_runtime_dependency 'securecompare' + gem.add_runtime_dependency 'aes_key_wrap' gem.add_development_dependency 'rake' gem.add_development_dependency 'simplecov' gem.add_development_dependency 'rspec' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/json/jose.rb new/lib/json/jose.rb --- old/lib/json/jose.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/lib/json/jose.rb 2018-05-01 05:21:53.000000000 +0200 @@ -1,4 +1,4 @@ -require 'securecompare' +require 'active_support/security_utils' module JSON module JOSE @@ -6,7 +6,6 @@ included do extend ClassMethods - include SecureCompare register_header_keys :alg, :jku, :jwk, :x5u, :x5t, :x5c, :kid, :typ, :cty, :crit alias_method :algorithm, :alg @@ -33,6 +32,18 @@ end end + def secure_compare(a, b) + if ActiveSupport::SecurityUtils.respond_to?(:fixed_length_secure_compare) + begin + ActiveSupport::SecurityUtils.fixed_length_secure_compare(a, b) + rescue ArgumentError + false + end + else + ActiveSupport::SecurityUtils.secure_compare(a, b) + end + end + module ClassMethods def register_header_keys(*keys) keys.each do |header_key| @@ -51,9 +62,9 @@ else decode_compact_serialized input, key_or_secret, algorithms, encryption_methods end - rescue JSON::ParserError + rescue JSON::ParserError, ArgumentError raise JWT::InvalidFormat.new("Invalid JSON Format") end end end -end \ No newline at end of file +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/json/jwe.rb new/lib/json/jwe.rb --- old/lib/json/jwe.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/lib/json/jwe.rb 2018-05-01 05:21:53.000000000 +0200 @@ -1,5 +1,6 @@ require 'securerandom' require 'bindata' +require 'aes_key_wrap' module JSON class JWE @@ -31,7 +32,7 @@ self.mac_key, self.encryption_key = derive_encryption_and_mac_keys cipher.key = encryption_key self.iv = cipher.random_iv # NOTE: 'iv' has to be set after 'key' for GCM - self.auth_data = UrlSafeBase64.encode64 header.to_json + self.auth_data = Base64.urlsafe_encode64 header.to_json, padding: false cipher.auth_data = auth_data if gcm? self.cipher_text = cipher.update(plain_text) + cipher.final self @@ -47,6 +48,8 @@ cipher.key = encryption_key cipher.iv = iv # NOTE: 'iv' has to be set after 'key' for GCM if gcm? + # https://github.com/ruby/openssl/issues/63 + raise DecryptionFailed.new('Invalid authentication tag') if authentication_tag.length < 16 cipher.auth_tag = authentication_tag cipher.auth_data = auth_data end @@ -63,7 +66,7 @@ cipher_text, authentication_tag ].collect do |segment| - UrlSafeBase64.encode64 segment.to_s + Base64.urlsafe_encode64 segment.to_s, padding: false end.join('.') end @@ -71,21 +74,21 @@ case options[:syntax] when :general { - protected: UrlSafeBase64.encode64(header.to_json), + protected: Base64.urlsafe_encode64(header.to_json, padding: false), recipients: [{ - encrypted_key: UrlSafeBase64.encode64(jwe_encrypted_key) + encrypted_key: Base64.urlsafe_encode64(jwe_encrypted_key, padding: false) }], - iv: UrlSafeBase64.encode64(iv), - ciphertext: UrlSafeBase64.encode64(cipher_text), - tag: UrlSafeBase64.encode64(authentication_tag) + iv: Base64.urlsafe_encode64(iv, padding: false), + ciphertext: Base64.urlsafe_encode64(cipher_text, padding: false), + tag: Base64.urlsafe_encode64(authentication_tag, padding: false) } else { - protected: UrlSafeBase64.encode64(header.to_json), - encrypted_key: UrlSafeBase64.encode64(jwe_encrypted_key), - iv: UrlSafeBase64.encode64(iv), - ciphertext: UrlSafeBase64.encode64(cipher_text), - tag: UrlSafeBase64.encode64(authentication_tag) + protected: Base64.urlsafe_encode64(header.to_json, padding: false), + encrypted_key: Base64.urlsafe_encode64(jwe_encrypted_key, padding: false), + iv: Base64.urlsafe_encode64(iv, padding: false), + ciphertext: Base64.urlsafe_encode64(cipher_text, padding: false), + tag: Base64.urlsafe_encode64(authentication_tag, padding: false) } end end @@ -160,10 +163,8 @@ public_key_or_secret.public_encrypt content_encryption_key when :'RSA-OAEP' public_key_or_secret.public_encrypt content_encryption_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING - when :A128KW - raise NotImplementedError.new('A128KW not supported yet') - when :A256KW - raise NotImplementedError.new('A256KW not supported yet') + when :A128KW, :A256KW + AESKeyWrap.wrap content_encryption_key, public_key_or_secret when :dir '' when :'ECDH-ES' @@ -214,10 +215,8 @@ private_key_or_secret.private_decrypt jwe_encrypted_key when :'RSA-OAEP' private_key_or_secret.private_decrypt jwe_encrypted_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING - when :A128KW - raise NotImplementedError.new('A128KW not supported yet') - when :A256KW - raise NotImplementedError.new('A256KW not supported yet') + when :A128KW, :A256KW + AESKeyWrap.unwrap jwe_encrypted_key, private_key_or_secret when :dir private_key_or_secret when :'ECDH-ES' @@ -255,7 +254,11 @@ end jwe = new _header_json_, jwe.jwe_encrypted_key, jwe.iv, jwe.cipher_text, jwe.authentication_tag = input.split('.').collect do |segment| - UrlSafeBase64.decode64 segment + begin + Base64.urlsafe_decode64 segment + rescue ArgumentError + raise DecryptionFailed + end end jwe.auth_data = input.split('.').first jwe.header = JSON.parse(_header_json_).with_indifferent_access diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/json/jwk/jwkizable.rb new/lib/json/jwk/jwkizable.rb --- old/lib/json/jwk/jwkizable.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/lib/json/jwk/jwkizable.rb 2018-05-01 05:21:53.000000000 +0200 @@ -5,17 +5,17 @@ def to_jwk(ex_params = {}) params = { kty: :RSA, - e: UrlSafeBase64.encode64(e.to_s(2)), - n: UrlSafeBase64.encode64(n.to_s(2)) + e: Base64.urlsafe_encode64(e.to_s(2), padding: false), + n: Base64.urlsafe_encode64(n.to_s(2), padding: false) }.merge ex_params if private? params.merge!( - d: UrlSafeBase64.encode64(d.to_s(2)), - p: UrlSafeBase64.encode64(p.to_s(2)), - q: UrlSafeBase64.encode64(q.to_s(2)), - dp: UrlSafeBase64.encode64(dmp1.to_s(2)), - dq: UrlSafeBase64.encode64(dmq1.to_s(2)), - qi: UrlSafeBase64.encode64(iqmp.to_s(2)), + d: Base64.urlsafe_encode64(d.to_s(2), padding: false), + p: Base64.urlsafe_encode64(p.to_s(2), padding: false), + q: Base64.urlsafe_encode64(q.to_s(2), padding: false), + dp: Base64.urlsafe_encode64(dmp1.to_s(2), padding: false), + dq: Base64.urlsafe_encode64(dmq1.to_s(2), padding: false), + qi: Base64.urlsafe_encode64(iqmp.to_s(2), padding: false), ) end JWK.new params @@ -27,10 +27,10 @@ params = { kty: :EC, crv: curve_name, - x: UrlSafeBase64.encode64([coordinates[:x]].pack('H*')), - y: UrlSafeBase64.encode64([coordinates[:y]].pack('H*')) + x: Base64.urlsafe_encode64([coordinates[:x]].pack('H*'), padding: false), + y: Base64.urlsafe_encode64([coordinates[:y]].pack('H*'), padding: false) }.merge ex_params - params[:d] = UrlSafeBase64.encode64([coordinates[:d]].pack('H*')) if private_key? + params[:d] = Base64.urlsafe_encode64([coordinates[:d]].pack('H*'), padding: false) if private_key? JWK.new params end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/json/jwk.rb new/lib/json/jwk.rb --- old/lib/json/jwk.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/lib/json/jwk.rb 2018-05-01 05:21:53.000000000 +0200 @@ -34,7 +34,7 @@ else raise UnknownAlgorithm.new('Unknown Digest Algorithm') end - UrlSafeBase64.encode64 digest.digest(normalize.to_json) + Base64.urlsafe_encode64 digest.digest(normalize.to_json), padding: false end def to_key @@ -98,7 +98,7 @@ def to_rsa_key e, n, d, p, q, dp, dq, qi = [:e, :n, :d, :p, :q, :dp, :dq, :qi].collect do |key| if self[key] - OpenSSL::BN.new UrlSafeBase64.decode64(self[key]), 2 + OpenSSL::BN.new Base64.urlsafe_decode64(self[key]), 2 end end key = OpenSSL::PKey::RSA.new @@ -132,7 +132,7 @@ end x, y, d = [:x, :y, :d].collect do |key| if self[key] - UrlSafeBase64.decode64(self[key]) + Base64.urlsafe_decode64(self[key]) end end key = OpenSSL::PKey::EC.new curve_name diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/json/jws.rb new/lib/json/jws.rb --- old/lib/json/jws.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/lib/json/jws.rb 2018-05-01 05:21:53.000000000 +0200 @@ -70,6 +70,7 @@ end def autodetected_algorithm_from(private_key_or_secret) + private_key_or_secret = with_jwk_support private_key_or_secret case private_key_or_secret when String :HS256 @@ -96,7 +97,7 @@ header.to_json, self.to_json ].collect do |segment| - UrlSafeBase64.encode64 segment + Base64.urlsafe_encode64 segment, padding: false end.join('.') end @@ -180,7 +181,7 @@ raise InvalidFormat.new("Invalid JWS Format. JWS should include #{NUM_OF_SEGMENTS} segments.") end header, claims, signature = input.split('.', JWS::NUM_OF_SEGMENTS).collect do |segment| - UrlSafeBase64.decode64 segment.to_s + Base64.urlsafe_decode64 segment.to_s end header, claims = [header, claims].collect do |json| JSON.parse(json).with_indifferent_access diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/json/jwt.rb new/lib/json/jwt.rb --- old/lib/json/jwt.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/lib/json/jwt.rb 2018-05-01 05:21:53.000000000 +0200 @@ -1,5 +1,5 @@ require 'openssl' -require 'url_safe_base64' +require 'base64' require 'active_support' require 'active_support/core_ext' require 'json/jose' @@ -46,7 +46,7 @@ self.to_json, signature ].collect do |segment| - UrlSafeBase64.encode64 segment.to_s + Base64.urlsafe_encode64 segment.to_s, padding: false end.join('.') end @@ -54,17 +54,17 @@ case options[:syntax] when :general { - payload: UrlSafeBase64.encode64(self.to_json), + payload: Base64.urlsafe_encode64(self.to_json, padding: false), signatures: [{ - protected: UrlSafeBase64.encode64(header.to_json), - signature: UrlSafeBase64.encode64(signature.to_s) + protected: Base64.urlsafe_encode64(header.to_json, padding: false), + signature: Base64.urlsafe_encode64(signature.to_s, padding: false) }] } when :flattened { - protected: UrlSafeBase64.encode64(header.to_json), - payload: UrlSafeBase64.encode64(self.to_json), - signature: UrlSafeBase64.encode64(signature.to_s) + protected: Base64.urlsafe_encode64(header.to_json, padding: false), + payload: Base64.urlsafe_encode64(self.to_json, padding: false), + signature: Base64.urlsafe_encode64(signature.to_s, padding: false) } else super diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2018-02-23 14:35:33.000000000 +0100 +++ new/metadata 2018-05-01 05:21:53.000000000 +0200 @@ -1,30 +1,16 @@ --- !ruby/object:Gem::Specification name: json-jwt version: !ruby/object:Gem::Version - version: 1.9.1 + version: 1.9.4 platform: ruby authors: - nov matake autorequire: bindir: bin cert_chain: [] -date: 2018-02-23 00:00:00.000000000 Z +date: 2018-05-01 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency - name: url_safe_base64 - requirement: !ruby/object:Gem::Requirement - requirements: - - - ">=" - - !ruby/object:Gem::Version - version: '0' - type: :runtime - prerelease: false - version_requirements: !ruby/object:Gem::Requirement - requirements: - - - ">=" - - !ruby/object:Gem::Version - version: '0' -- !ruby/object:Gem::Dependency name: activesupport requirement: !ruby/object:Gem::Requirement requirements: @@ -53,7 +39,7 @@ - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency - name: securecompare + name: aes_key_wrap requirement: !ruby/object:Gem::Requirement requirements: - - ">=" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/json/jwe_spec.rb new/spec/json/jwe_spec.rb --- old/spec/json/jwe_spec.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/spec/json/jwe_spec.rb 2018-05-01 05:21:53.000000000 +0200 @@ -73,6 +73,14 @@ it :TODO end + context 'when alg=A128KW' do + it :TODO + end + + context 'when alg=A256KW' do + it :TODO + end + context 'when unknonw/unsupported algorithm given' do let(:key) { public_key } let(:alg) { :RSA1_5 } @@ -89,7 +97,7 @@ it_behaves_like :unexpected_algorithm_for_encryption end - [:A128KW, :A256KW, :'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg| + [:'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg| context "when alg=#{alg}" do let(:alg) { alg } it_behaves_like :unsupported_algorithm_for_encryption @@ -161,6 +169,24 @@ end end + shared_examples_for :verify_gcm_authentication_tag do + let(:jwe_string) do + _jwe_ = JSON::JWE.new plain_text + _jwe_.alg, _jwe_.enc = alg, enc + _jwe_.encrypt! key + header, key, iv, cipher_text, auth_tag = _jwe_.to_s.split('.') + truncated_auth_tag = Base64.urlsafe_decode64(auth_tag).slice(0..-2) + truncated_auth_tag = Base64.urlsafe_encode64(truncated_auth_tag, padding: false) + [header, key, iv, cipher_text, truncated_auth_tag].join('.') + end + + it do + expect do + jwe.decrypt! key + end.to raise_error JSON::JWE::DecryptionFailed + end + end + shared_examples_for :unexpected_algorithm_for_decryption do it do expect do @@ -185,6 +211,7 @@ let(:enc) { :A128GCM } if gcm_supported? it_behaves_like :decryptable + it_behaves_like :verify_gcm_authentication_tag else it_behaves_like :gcm_decryption_unsupported end @@ -194,6 +221,7 @@ let(:enc) { :A256GCM } if gcm_supported? it_behaves_like :decryptable + it_behaves_like :verify_gcm_authentication_tag else it_behaves_like :gcm_decryption_unsupported end @@ -218,6 +246,7 @@ let(:enc) { :A128GCM } if gcm_supported? it_behaves_like :decryptable + it_behaves_like :verify_gcm_authentication_tag else it_behaves_like :gcm_decryption_unsupported end @@ -227,6 +256,7 @@ let(:enc) { :A256GCM } if gcm_supported? it_behaves_like :decryptable + it_behaves_like :verify_gcm_authentication_tag else it_behaves_like :gcm_decryption_unsupported end @@ -254,6 +284,7 @@ let(:key_size) { 16 } if gcm_supported? it_behaves_like :decryptable + it_behaves_like :verify_gcm_authentication_tag else it_behaves_like :gcm_decryption_unsupported end @@ -264,6 +295,7 @@ let(:key_size) { 32 } if gcm_supported? it_behaves_like :decryptable + it_behaves_like :verify_gcm_authentication_tag else it_behaves_like :gcm_decryption_unsupported end @@ -284,6 +316,14 @@ end end + context 'when alg=A128KW' do + it :TODO + end + + context 'when alg=A256KW' do + it :TODO + end + context 'when unknonw/unsupported algorithm given' do let(:input) { 'header.key.iv.cipher_text.auth_tag' } let(:key) { public_key } @@ -300,7 +340,7 @@ it_behaves_like :unexpected_algorithm_for_decryption end - [:A128KW, :A256KW, :'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg| + [:'ECDH-ES', :'ECDH-ES+A128KW', :'ECDH-ES+A256KW'].each do |alg| context "when alg=#{alg}" do let(:alg) { alg } it_behaves_like :unsupported_algorithm_for_decryption diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/json/jwk_spec.rb new/spec/json/jwk_spec.rb --- old/spec/json/jwk_spec.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/spec/json/jwk_spec.rb 2018-05-01 05:21:53.000000000 +0200 @@ -79,8 +79,8 @@ let(:jwk) { JSON::JWK.new public_key } it { jwk.keys.collect(&:to_sym).should include :kty, :e, :n } its(:kty) { jwk[:kty].should == :RSA } - its(:e) { jwk[:e].should == UrlSafeBase64.encode64(public_key.e.to_s(2)) } - its(:n) { jwk[:n].should == UrlSafeBase64.encode64(public_key.n.to_s(2)) } + its(:e) { jwk[:e].should == Base64.urlsafe_encode64(public_key.e.to_s(2), padding: false) } + its(:n) { jwk[:n].should == Base64.urlsafe_encode64(public_key.n.to_s(2), padding: false) } context 'when kid/use options given' do let(:jwk) { JSON::JWK.new public_key, kid: '12345', use: :sig } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/json/jws_spec.rb new/spec/json/jws_spec.rb --- old/spec/json/jws_spec.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/spec/json/jws_spec.rb 2018-05-01 05:21:53.000000000 +0200 @@ -48,7 +48,7 @@ describe '#sign!' do shared_examples_for :generate_expected_signature do it do - UrlSafeBase64.encode64(signed.signature).should == expected_signature[alg] + Base64.urlsafe_encode64(signed.signature, padding: false).should == expected_signature[alg] end end subject { signed } @@ -279,10 +279,10 @@ context 'when general' do it 'should return General JWS JSON Serialization' do signed.to_json(syntax: :general).should == { - payload: UrlSafeBase64.encode64(claims.to_json), + payload: Base64.urlsafe_encode64(claims.to_json, padding: false), signatures: [{ - protected: UrlSafeBase64.encode64(signed.header.to_json), - signature: UrlSafeBase64.encode64(signed.signature) + protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false), + signature: Base64.urlsafe_encode64(signed.signature, padding: false) }] }.to_json end @@ -290,10 +290,10 @@ context 'when not signed yet' do it 'should not fail' do jws.to_json(syntax: :general).should == { - payload: UrlSafeBase64.encode64(claims.to_json), + payload: Base64.urlsafe_encode64(claims.to_json, padding: false), signatures: [{ - protected: UrlSafeBase64.encode64(jws.header.to_json), - signature: UrlSafeBase64.encode64('') + protected: Base64.urlsafe_encode64(jws.header.to_json, padding: false), + signature: Base64.urlsafe_encode64('', padding: false) }] }.to_json end @@ -303,18 +303,18 @@ context 'when flattened' do it 'should return Flattened JWS JSON Serialization' do signed.to_json(syntax: :flattened).should == { - protected: UrlSafeBase64.encode64(signed.header.to_json), - payload: UrlSafeBase64.encode64(claims.to_json), - signature: UrlSafeBase64.encode64(signed.signature) + protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false), + payload: Base64.urlsafe_encode64(claims.to_json, padding: false), + signature: Base64.urlsafe_encode64(signed.signature, padding: false) }.to_json end context 'when not signed yet' do it 'should not fail' do jws.to_json(syntax: :flattened).should == { - protected: UrlSafeBase64.encode64(jws.header.to_json), - payload: UrlSafeBase64.encode64(claims.to_json), - signature: UrlSafeBase64.encode64('') + protected: Base64.urlsafe_encode64(jws.header.to_json, padding: false), + payload: Base64.urlsafe_encode64(claims.to_json, padding: false), + signature: Base64.urlsafe_encode64('', padding: false) }.to_json end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/json/jwt_spec.rb new/spec/json/jwt_spec.rb --- old/spec/json/jwt_spec.rb 2018-02-23 14:35:33.000000000 +0100 +++ new/spec/json/jwt_spec.rb 2018-05-01 05:21:53.000000000 +0200 @@ -77,6 +77,33 @@ its(:alg) { should == :ES512 } end end + + context 'when key is JWK with kty=okt' do + let(:key) { JSON::JWK.new shared_secret } + its(:alg) { should == :HS256 } + end + + context 'when key is JWK with kty=RSA' do + let(:key) { JSON::JWK.new private_key } + its(:alg) { should == :RS256 } + end + + context 'when key is JWK with kty=EC' do + context 'when prime256v1' do + let(:key) { JSON::JWK.new private_key(:ecdsa) } + its(:alg) { should == :ES256 } + end + + context 'when secp384r1' do + let(:key) { JSON::JWK.new private_key(:ecdsa, digest_length: 384) } + its(:alg) { should == :ES384 } + end + + context 'when secp521r1' do + let(:key) { JSON::JWK.new private_key(:ecdsa, digest_length: 512) } + its(:alg) { should == :ES512 } + end + end end context 'when non-JWK key is given' do @@ -202,7 +229,7 @@ header, payload, signature = jws.to_s.split('.') malformed_header = {alg: :none}.to_json [ - UrlSafeBase64.encode64(malformed_header), + Base64.urlsafe_encode64(malformed_header, padding: false), payload, '' ].join('.') @@ -226,7 +253,7 @@ header, payload, signature = jws.to_s.split('.') malformed_header = {alg: :none}.to_json [ - UrlSafeBase64.encode64(malformed_header), + Base64.urlsafe_encode64(malformed_header, padding: false), payload, '' ].join('.') @@ -246,12 +273,12 @@ malformed_signature = OpenSSL::HMAC.digest( OpenSSL::Digest.new('SHA256'), public_key.to_s, - [UrlSafeBase64.encode64(malformed_header), payload].join('.') + [Base64.urlsafe_encode64(malformed_header, padding: false), payload].join('.') ) [ - UrlSafeBase64.encode64(malformed_header), + Base64.urlsafe_encode64(malformed_header, padding: false), payload, - UrlSafeBase64.encode64(malformed_signature) + Base64.urlsafe_encode64(malformed_signature, padding: false) ].join('.') end @@ -276,14 +303,14 @@ digest = OpenSSL::Digest.new('SHA256') malformed_signature = private_key.sign_pss( digest, - [UrlSafeBase64.encode64(malformed_header), payload].join('.'), + [Base64.urlsafe_encode64(malformed_header, padding: false), payload].join('.'), salt_length: :digest, mgf1_hash: digest ) [ - UrlSafeBase64.encode64(malformed_header), + Base64.urlsafe_encode64(malformed_header, padding: false), payload, - UrlSafeBase64.encode64(malformed_signature) + Base64.urlsafe_encode64(malformed_signature, padding: false) ].join('.') end @@ -310,12 +337,12 @@ malformed_header = {alg: :RS512}.to_json malformed_signature = private_key.sign( OpenSSL::Digest.new('SHA512'), - [UrlSafeBase64.encode64(malformed_header), payload].join('.') + [Base64.urlsafe_encode64(malformed_header, padding: false), payload].join('.') ) [ - UrlSafeBase64.encode64(malformed_header), + Base64.urlsafe_encode64(malformed_header, padding: false), payload, - UrlSafeBase64.encode64(malformed_signature) + Base64.urlsafe_encode64(malformed_signature, padding: false) ].join('.') end @@ -377,10 +404,10 @@ context 'when general' do let(:serialized) do { - payload: UrlSafeBase64.encode64(claims.to_json), + payload: Base64.urlsafe_encode64(claims.to_json, padding: false), signatures: [{ - protected: UrlSafeBase64.encode64(signed.header.to_json), - signature: UrlSafeBase64.encode64(signed.signature) + protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false), + signature: Base64.urlsafe_encode64(signed.signature, padding: false) }] } end @@ -390,9 +417,9 @@ context 'when flattened' do let(:serialized) do { - protected: UrlSafeBase64.encode64(signed.header.to_json), - payload: UrlSafeBase64.encode64(claims.to_json), - signature: UrlSafeBase64.encode64(signed.signature) + protected: Base64.urlsafe_encode64(signed.header.to_json, padding: false), + payload: Base64.urlsafe_encode64(claims.to_json, padding: false), + signature: Base64.urlsafe_encode64(signed.signature, padding: false) } end it_behaves_like :json_serialization_parser @@ -465,7 +492,7 @@ context 'when too many dots' do it do expect do - JSON::JWT.decode 'header.payload.signature.something.wrong' + JSON::JWT.decode 'header.payload.signature.too.many.dots' end.to raise_error JSON::JWT::InvalidFormat end end
