Class: JWT::JWK::EC

Inherits:

KeyBase

• Object
• KeyBase
• JWT::JWK::EC

Defined in:

lib/jwt/jwk/ec.rb

Overview

rubocop:disable Metrics/ClassLength

Constant Summary

KTY =

'EC'

KTYS =

[KTY, OpenSSL::PKey::EC, JWT::JWK::EC].freeze

BINARY =

2

EC_PUBLIC_KEY_ELEMENTS =

%i[kty crv x y].freeze

EC_PRIVATE_KEY_ELEMENTS =

%i[d].freeze

EC_KEY_ELEMENTS =

(EC_PRIVATE_KEY_ELEMENTS + EC_PUBLIC_KEY_ELEMENTS).freeze

ZERO_BYTE =

"\0".b.freeze

Class Method Summary

• .import(jwk_data) ⇒ Object
• .to_openssl_curve(crv) ⇒ Object

Instance Method Summary

• #[]=(key, value) ⇒ Object
• #export(options = {}) ⇒ Object
• #initialize(key, params = nil, options = {}) ⇒ EC constructor

  A new instance of EC.

• #key_digest ⇒ Object
• #keypair ⇒ Object
• #members ⇒ Object
• #private? ⇒ Boolean
• #public_key ⇒ Object
• #signing_key ⇒ Object
• #verify_key ⇒ Object

Methods inherited from KeyBase

#<=>, #==, #[], #hash, inherited, #kid

Constructor Details

#initialize(key, params = nil, options = {}) ⇒ EC

Returns a new instance of EC.

# File 'lib/jwt/jwk/ec.rb', line 16

def initialize(key, params = nil, options = {})
  params ||= {}

  # For backwards compatibility when kid was a String
  params = { kid: params } if params.is_a?(String)

  key_params = extract_key_params(key)

  params = params.transform_keys(&:to_sym)
  check_jwk_params!(key_params, params)

  super(options, key_params.merge(params))
end

Class Method Details

.import(jwk_data) ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 232

def import(jwk_data)
  new(jwk_data)
end

.to_openssl_curve(crv) ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 236

def to_openssl_curve(crv)
  # The JWK specs and OpenSSL use different names for the same curves.
  # See https://tools.ietf.org/html/rfc5480#section-2.1.1.1 for some
  # pointers on different names for common curves.
  case crv
  when 'P-256' then 'prime256v1'
  when 'P-384' then 'secp384r1'
  when 'P-521' then 'secp521r1'
  when 'P-256K' then 'secp256k1'
  else raise JWT::JWKError, 'Invalid curve provided'
  end
end

Instance Method Details

#[]=(key, value) ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 67

def []=(key, value)
  if EC_KEY_ELEMENTS.include?(key.to_sym)
    raise ArgumentError, 'cannot overwrite cryptographic key attributes'
  end

  super(key, value)
end

#export(options = {}) ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 54

def export(options = {})
  exported = parameters.clone
  exported.reject! { |k, _| EC_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
  exported
end

#key_digest ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 60

def key_digest
  _crv, x_octets, y_octets = keypair_components(ec_key)
  sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(x_octets, BINARY)),
                                      OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(y_octets, BINARY))])
  OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
end

#keypair ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 30

def keypair
  ec_key
end

#members ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 50

def members
  EC_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
end

#private? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/jwt/jwk/ec.rb', line 34

def private?
  ec_key.private_key?
end

#public_key ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 46

def public_key
  ec_key
end

#signing_key ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 38

def signing_key
  ec_key
end

#verify_key ⇒ Object

# File 'lib/jwt/jwk/ec.rb', line 42

def verify_key
  ec_key
end