Class: JOSE::JWK

Inherits:
Struct
  • Object
show all
Defined in:
lib/jose/jwk.rb

Defined Under Namespace

Modules: KTY, PEM Classes: KTY_EC, KTY_OKP_Ed25519, KTY_OKP_Ed25519ph, KTY_OKP_Ed448, KTY_OKP_Ed448ph, KTY_OKP_X25519, KTY_OKP_X448, KTY_RSA, KTY_oct, Set

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#fieldsObject

Returns the value of attribute fields

Returns:

  • (Object)

    the current value of fields



2
3
4
 
# File 'lib/jose/jwk.rb', line 2

def fields
  @fields
end

#keysObject

Returns the value of attribute keys

Returns:

  • (Object)

    the current value of keys



2
3
4
 
# File 'lib/jose/jwk.rb', line 2

def keys
  @keys
end

#ktyObject

Returns the value of attribute kty

Returns:

  • (Object)

    the current value of kty



2
3
4
 
# File 'lib/jose/jwk.rb', line 2

def kty
  @kty
end

Class Method Details

.block_decrypt(jwk, encrypted) ⇒ Object

API



216
217
218
 
# File 'lib/jose/jwk.rb', line 216

def self.block_decrypt(jwk, encrypted)
  return from(jwk).block_decrypt(encrypted)
end

.block_encrypt(jwk, plain_text, jwe = nil) ⇒ Object 



224
225
226
 
# File 'lib/jose/jwk.rb', line 224

def self.block_encrypt(jwk, plain_text, jwe = nil)
  return from(jwk).block_encrypt(plain_text, jwe)
end

.block_encryptor(jwe) ⇒ Object 



233
234
235
 
# File 'lib/jose/jwk.rb', line 233

def self.block_encryptor(jwe)
  return from(jwe).block_encryptor
end

.box_decrypt(jwk, encrypted) ⇒ Object 



241
242
243
 
# File 'lib/jose/jwk.rb', line 241

def self.box_decrypt(jwk, encrypted)
  return from(jwk).box_decrypt(encrypted)
end

.from(object, modules = nil, key = nil) ⇒ Object

Decode API



6
7
8
9
10
11
12
13
14
15
16
17
 
# File 'lib/jose/jwk.rb', line 6

def self.from(object, modules = nil, key = nil)
  case object
  when JOSE::Map, Hash
    return from_map(object, modules, key)
  when String
    return from_binary(object, modules, key)
  when JOSE::JWK
    return object
  else
    raise ArgumentError, "'object' must be a Hash, String, or JOSE::JWK"
  end
end

.from_binary(object, modules = nil, key = nil) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/jose/jwk.rb', line 19

def self.from_binary(object, modules = nil, key = nil)
  if (modules.is_a?(String) or modules.is_a?(JOSE::JWK)) and key.nil?
    key = modules
    modules = {}
  end
  modules ||= {}
  case object
  when String
    if key
      plain_text, jwe = JOSE::JWE.block_decrypt(key, object)
      return from_binary(plain_text, modules), jwe
    else
      return from_map(JOSE.decode(object), modules)
    end
  else
    raise ArgumentError, "'object' must be a String"
  end
end

.from_file(file, modules = nil, key = nil) ⇒ Object 



38
39
40
 
# File 'lib/jose/jwk.rb', line 38

def self.from_file(file, modules = nil, key = nil)
  return from_binary(File.binread(file), modules, key)
end

.from_key(object, modules = {}) ⇒ Object 



42
43
44
45
 
# File 'lib/jose/jwk.rb', line 42

def self.from_key(object, modules = {})
  kty = modules[:kty] || JOSE::JWK::KTY
  return JOSE::JWK.new(nil, *kty.from_key(object))
end

.from_map(object, modules = nil, key = nil) ⇒ Object 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/jose/jwk.rb', line 47

def self.from_map(object, modules = nil, key = nil)
  if (modules.is_a?(String) or modules.is_a?(JOSE::JWK)) and key.nil?
    key = modules
    modules = {}
  end
  modules ||= {}
  case object
  when JOSE::Map, Hash
    if key
      plain_text, jwe = JOSE::JWE.block_decrypt(key, object)
      return from_binary(plain_text, modules), jwe
    else
      return from_fields(JOSE::JWK.new(nil, nil, JOSE::Map.new(object)), modules)
    end
  else
    raise ArgumentError, "'object' must be a String"
  end
end

.from_oct(object, modules = {}) ⇒ Object 



80
81
82
83
 
# File 'lib/jose/jwk.rb', line 80

def self.from_oct(object, modules = {})
  kty = modules[:kty] || JOSE::JWK::KTY_oct
  return JOSE::JWK.new(nil, *kty.from_oct(object))
end

.from_oct_file(file, modules = {}) ⇒ Object 



85
86
87
 
# File 'lib/jose/jwk.rb', line 85

def self.from_oct_file(file, modules = {})
  return from_oct(File.binread(file), modules)
end

.from_okp(object, modules = {}) ⇒ Object

Raises:

  • (ArgumentError) 


89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/jose/jwk.rb', line 89

def self.from_okp(object, modules = {})
  raise ArgumentError, "object must be an Array of length 2" if not object.is_a?(Array) or object.length != 2
  kty = modules[:kty] || case object[0]
  when :Ed25519
    JOSE::JWK::KTY_OKP_Ed25519
  when :Ed25519ph
    JOSE::JWK::KTY_OKP_Ed25519ph
  when :Ed448
    JOSE::JWK::KTY_OKP_Ed448
  when :Ed448ph
    JOSE::JWK::KTY_OKP_Ed448ph
  when :X25519
    JOSE::JWK::KTY_OKP_X25519
  when :X448
    JOSE::JWK::KTY_OKP_X448
  else
    raise ArgumentError, "unrecognized :okp object"
  end
  return JOSE::JWK.new(nil, *kty.from_okp(object))
end

.from_pem(object, modules = nil, password = nil) ⇒ Object 



66
67
68
69
70
71
72
73
74
 
# File 'lib/jose/jwk.rb', line 66

def self.from_pem(object, modules = nil, password = nil)
  if modules.is_a?(String) and password.nil?
    password = modules
    modules  = {}
  end
  modules ||= {}
  kty = modules[:kty] || JOSE::JWK::PEM
  return JOSE::JWK.new(nil, *kty.from_binary(object, password))
end

.from_pem_file(file, modules = nil, password = nil) ⇒ Object 



76
77
78
 
# File 'lib/jose/jwk.rb', line 76

def self.from_pem_file(file, modules = nil, password = nil)
  return from_pem(File.binread(file), modules, password)
end

.generate_key(params) ⇒ Object 



287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
 
# File 'lib/jose/jwk.rb', line 287

def self.generate_key(params)
  if params.is_a?(Array) and (params.length == 2 or params.length == 3)
    case params[0]
    when :ec
      return JOSE::JWK.new(nil, *JOSE::JWK::KTY_EC.generate_key(params))
    when :oct
      return JOSE::JWK.new(nil, *JOSE::JWK::KTY_oct.generate_key(params))
    when :okp
      case params[1]
      when :Ed25519
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_Ed25519.generate_key(params))
      when :Ed25519ph
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_Ed25519ph.generate_key(params))
      when :Ed448
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_Ed448.generate_key(params))
      when :Ed448ph
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_Ed448ph.generate_key(params))
      when :X25519
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_X25519.generate_key(params))
      when :X448
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_X448.generate_key(params))
      else
        raise ArgumentError, "invalid :okp key generation params"
      end
    when :rsa
      return JOSE::JWK.new(nil, *JOSE::JWK::KTY_RSA.generate_key(params))
    else
      raise ArgumentError, "invalid key generation params"
    end
  elsif params.is_a?(JOSE::JWK)
    return params.generate_key
  elsif params.respond_to?(:generate_key)
    return JOSE::JWK.new(nil, *params.generate_key(JOSE::Map[]))
  else
    raise ArgumentError, "invalid key generation params"
  end
end

.merge(left, right) ⇒ Object 



329
330
331
 
# File 'lib/jose/jwk.rb', line 329

def self.merge(left, right)
  return from(left).merge(right)
end

.shared_secret(your_jwk, my_jwk) ⇒ Object 



347
348
349
 
# File 'lib/jose/jwk.rb', line 347

def self.shared_secret(your_jwk, my_jwk)
  return from(your_jwk).shared_secret(from(my_jwk))
end

.sign(jwk, plain_text, jws = nil, header = nil) ⇒ Object 



358
359
360
 
# File 'lib/jose/jwk.rb', line 358

def self.sign(jwk, plain_text, jws = nil, header = nil)
  return from(jwk).sign(plain_text, jws, header)
end

.signer(jwk) ⇒ Object 



367
368
369
 
# File 'lib/jose/jwk.rb', line 367

def self.signer(jwk)
  return from(jwk).signer
end

.thumbprint(digest_type, jwk = nil) ⇒ Object

See tools.ietf.org/html/rfc7638



392
393
394
395
396
397
398
 
# File 'lib/jose/jwk.rb', line 392

def self.thumbprint(digest_type, jwk = nil)
  if jwk.nil?
    jwk = digest_type
    digest_type = nil
  end
  return from(jwk).thumbprint(digest_type)
end

.to_binary(jwk, key = nil, jwe = nil) ⇒ Object

Encode API



112
113
114
 
# File 'lib/jose/jwk.rb', line 112

def self.to_binary(jwk, key = nil, jwe = nil)
  return from(jwk).to_binary(key, jwe)
end

.to_file(jwk, file, key = nil, jwe = nil) ⇒ Object 



127
128
129
 
# File 'lib/jose/jwk.rb', line 127

def self.to_file(jwk, file, key = nil, jwe = nil)
  return from(jwk).to_file(file, key, jwe)
end

.to_key(jwk) ⇒ Object 



135
136
137
 
# File 'lib/jose/jwk.rb', line 135

def self.to_key(jwk)
  return from(jwk).to_key
end

.to_map(jwk, key = nil, jwe = nil) ⇒ Object 



143
144
145
 
# File 'lib/jose/jwk.rb', line 143

def self.to_map(jwk, key = nil, jwe = nil)
  return from(jwk).to_map(key, jwe)
end

.to_oct(jwk) ⇒ Object 



158
159
160
 
# File 'lib/jose/jwk.rb', line 158

def self.to_oct(jwk)
  return from(jwk).to_oct
end

.to_okp(jwk) ⇒ Object 



166
167
168
 
# File 'lib/jose/jwk.rb', line 166

def self.to_okp(jwk)
  return from(jwk).to_okp
end

.to_pem(jwk, password = nil) ⇒ Object 



174
175
176
 
# File 'lib/jose/jwk.rb', line 174

def self.to_pem(jwk, password = nil)
  return from(jwk).to_pem(password)
end

.to_public(jwk) ⇒ Object 



182
183
184
 
# File 'lib/jose/jwk.rb', line 182

def self.to_public(jwk)
  return from(jwk).to_public
end

.to_public_key(jwk) ⇒ Object 



190
191
192
 
# File 'lib/jose/jwk.rb', line 190

def self.to_public_key(jwk)
  return from(jwk).to_public_key
end

.to_public_map(jwk) ⇒ Object 



198
199
200
 
# File 'lib/jose/jwk.rb', line 198

def self.to_public_map(jwk)
  return from(jwk).to_public_map
end

.to_thumbprint_map(jwk) ⇒ Object 



206
207
208
 
# File 'lib/jose/jwk.rb', line 206

def self.to_thumbprint_map(jwk)
  return from(jwk).to_thumbprint_map
end

.verify(signed, jwk) ⇒ Object 



375
376
377
 
# File 'lib/jose/jwk.rb', line 375

def self.verify(signed, jwk)
  return from(jwk).verify(signed)
end

.verify_strict(signed, allow, jwk) ⇒ Object 



383
384
385
 
# File 'lib/jose/jwk.rb', line 383

def self.verify_strict(signed, allow, jwk)
  return from(jwk).verify_strict(signed, allow)
end

Instance Method Details

#block_decrypt(encrypted) ⇒ Object 



220
221
222
 
# File 'lib/jose/jwk.rb', line 220

def block_decrypt(encrypted)
  return JOSE::JWE.block_decrypt(self, encrypted)
end

#block_encrypt(plain_text, jwe = nil) ⇒ Object 



228
229
230
231
 
# File 'lib/jose/jwk.rb', line 228

def block_encrypt(plain_text, jwe = nil)
  jwe ||= block_encryptor
  return JOSE::JWE.block_encrypt(self, plain_text, jwe)
end

#block_encryptorObject 



237
238
239
 
# File 'lib/jose/jwk.rb', line 237

def block_encryptor
  return kty.block_encryptor(fields)
end

#box_decrypt(encrypted) ⇒ Object 



245
246
247
 
# File 'lib/jose/jwk.rb', line 245

def box_decrypt(encrypted)
  return JOSE::JWE.block_decrypt(self, encrypted)
end

#box_encrypt(plain_text, my_private_jwk = nil, jwe = nil) ⇒ Object

Generates an ephemeral private key based on other public key curve.



250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
 
# File 'lib/jose/jwk.rb', line 250

def box_encrypt(plain_text, my_private_jwk = nil, jwe = nil)
  generated_jwk = nil
  other_public_jwk = self
  if my_private_jwk.nil?
    generated_jwk = my_private_jwk = other_public_jwk.generate_key
  end
  if not my_private_jwk.is_a?(JOSE::JWK)
    my_private_jwk = JOSE::JWK.from(my_private_jwk)
  end
  if jwe.nil?
    jwe = other_public_jwk.block_encryptor
  end
  if jwe.is_a?(Hash)
    jwe = JOSE::Map.new(jwe)
  end
  if jwe.is_a?(JOSE::Map)
    if jwe['apu'].nil?
      jwe = jwe.put('apu', my_private_jwk.fields['kid'] || my_private_jwk.thumbprint)
    end
    if jwe['apv'].nil?
      jwe = jwe.put('apv', other_public_jwk.fields['kid'] || other_public_jwk.thumbprint)
    end
    if jwe['epk'].nil?
      jwe = jwe.put('epk', my_private_jwk.to_public_map)
    end
  end
  if generated_jwk
    return JOSE::JWE.block_encrypt([other_public_jwk, my_private_jwk], plain_text, jwe), generated_jwk
  else
    return JOSE::JWE.block_encrypt([other_public_jwk, my_private_jwk], plain_text, jwe)
  end
end

#derive_key(*args) ⇒ Object 



283
284
285
 
# File 'lib/jose/jwk.rb', line 283

def derive_key(*args)
  return kty.derive_key(*args)
end

#generate_keyObject 



325
326
327
 
# File 'lib/jose/jwk.rb', line 325

def generate_key
  return JOSE::JWK.new(nil, *kty.generate_key(fields))
end

#merge(object) ⇒ Object 



333
334
335
336
337
338
339
340
341
342
343
344
345
 
# File 'lib/jose/jwk.rb', line 333

def merge(object)
  object = case object
  when JOSE::Map, Hash
    object
  when String
    JOSE.decode(object)
  when JOSE::JWK
    object.to_map
  else
    raise ArgumentError, "'object' must be a Hash, String, or JOSE::JWK"
  end
  return JOSE::JWK.from_map(self.to_map.merge(object))
end

#shared_secret(other_jwk) ⇒ Object

Raises:

  • (ArgumentError) 


351
352
353
354
355
356
 
# File 'lib/jose/jwk.rb', line 351

def shared_secret(other_jwk)
  other_jwk = from(other_jwk) if not other_jwk.is_a?(JOSE::JWK)
  raise ArgumentError, "key types must match" if other_jwk.kty.class != kty.class
  raise ArgumentError, "key type does not support shared secret computations" if not kty.respond_to?(:derive_key)
  return kty.derive_key(other_jwk)
end

#sign(plain_text, jws = nil, header = nil) ⇒ Object 



362
363
364
365
 
# File 'lib/jose/jwk.rb', line 362

def sign(plain_text, jws = nil, header = nil)
  jws ||= signer
  return JOSE::JWS.sign(self, plain_text, jws, header)
end

#signerObject 



371
372
373
 
# File 'lib/jose/jwk.rb', line 371

def signer
  return kty.signer(fields)
end

#thumbprint(digest_type = nil) ⇒ Object 



400
401
402
403
404
 
# File 'lib/jose/jwk.rb', line 400

def thumbprint(digest_type = nil)
  digest_type ||= 'SHA256'
  thumbprint_binary = JOSE.encode(to_thumbprint_map)
  return JOSE.urlsafe_encode64(OpenSSL::Digest.new(digest_type).digest(thumbprint_binary))
end

#to_binary(key = nil, jwe = nil) ⇒ Object 



116
117
118
119
120
121
122
123
124
125
 
# File 'lib/jose/jwk.rb', line 116

def to_binary(key = nil, jwe = nil)
  if not key.nil?
    jwe ||= kty.key_encryptor(fields, key)
  end
  if key and jwe
    return to_map(key, jwe).compact
  else
    return JOSE.encode(to_map)
  end
end

#to_file(file, key = nil, jwe = nil) ⇒ Object 



131
132
133
 
# File 'lib/jose/jwk.rb', line 131

def to_file(file, key = nil, jwe = nil)
  return File.binwrite(file, to_binary(key, jwe))
end

#to_keyObject 



139
140
141
 
# File 'lib/jose/jwk.rb', line 139

def to_key
  return kty.to_key
end

#to_map(key = nil, jwe = nil) ⇒ Object 



147
148
149
150
151
152
153
154
155
156
 
# File 'lib/jose/jwk.rb', line 147

def to_map(key = nil, jwe = nil)
  if not key.nil?
    jwe ||= kty.key_encryptor(fields, key)
  end
  if key and jwe
    return JOSE::JWE.block_encrypt(key, to_binary, jwe)
  else
    return kty.to_map(fields)
  end
end

#to_octObject 



162
163
164
 
# File 'lib/jose/jwk.rb', line 162

def to_oct
  return kty.to_oct
end

#to_okpObject 



170
171
172
 
# File 'lib/jose/jwk.rb', line 170

def to_okp
  return kty.to_okp
end

#to_pem(password = nil) ⇒ Object 



178
179
180
 
# File 'lib/jose/jwk.rb', line 178

def to_pem(password = nil)
  return kty.to_pem(password)
end

#to_publicObject 



186
187
188
 
# File 'lib/jose/jwk.rb', line 186

def to_public
  return JOSE::JWK.from_map(to_public_map)
end

#to_public_keyObject 



194
195
196
 
# File 'lib/jose/jwk.rb', line 194

def to_public_key
  return to_public.to_key
end

#to_public_mapObject 



202
203
204
 
# File 'lib/jose/jwk.rb', line 202

def to_public_map
  return kty.to_public_map(fields)
end

#to_thumbprint_mapObject 



210
211
212
 
# File 'lib/jose/jwk.rb', line 210

def to_thumbprint_map
  return kty.to_thumbprint_map(fields)
end

#verify(signed) ⇒ Object 



379
380
381
 
# File 'lib/jose/jwk.rb', line 379

def verify(signed)
  return JOSE::JWS.verify(self, signed)
end

#verify_strict(signed, allow) ⇒ Object 



387
388
389
 
# File 'lib/jose/jwk.rb', line 387

def verify_strict(signed, allow)
  return JOSE::JWS.verify_strict(self, allow, signed)
end