Class: JOSE::JWE

Inherits:
Struct
  • Object
show all
Defined in:
lib/jose/jwe.rb

Defined Under Namespace

Modules: ALG, ENC, ZIP Classes: ALG_AES_GCM_KW, ALG_AES_KW, ALG_ECDH_ES, ALG_PBES2, ALG_RSA, ALG_dir, ENC_AES_CBC_HMAC, ENC_AES_GCM, ZIP_DEF

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#algObject

Returns the value of attribute alg

Returns:

  • (Object)

    the current value of alg


15
16
17
# File 'lib/jose/jwe.rb', line 15

def alg
  @alg
end

#encObject

Returns the value of attribute enc

Returns:

  • (Object)

    the current value of enc


15
16
17
# File 'lib/jose/jwe.rb', line 15

def enc
  @enc
end

#fieldsObject

Returns the value of attribute fields

Returns:

  • (Object)

    the current value of fields


15
16
17
# File 'lib/jose/jwe.rb', line 15

def fields
  @fields
end

#zipObject

Returns the value of attribute zip

Returns:

  • (Object)

    the current value of zip


15
16
17
# File 'lib/jose/jwe.rb', line 15

def zip
  @zip
end

Class Method Details

.block_decrypt(key, encrypted) ⇒ Object

API


86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/jose/jwe.rb', line 86

def self.block_decrypt(key, encrypted)
  if encrypted.is_a?(String)
    encrypted = JOSE::JWE.expand(encrypted)
  end
  if encrypted.is_a?(Hash)
    encrypted = JOSE::EncryptedMap.new(encrypted)
  end
  if encrypted.is_a?(JOSE::Map) and encrypted['ciphertext'].is_a?(String) and encrypted['encrypted_key'].is_a?(String) and encrypted['iv'].is_a?(String) and encrypted['protected'].is_a?(String) and encrypted['tag'].is_a?(String)
    jwe = from_binary(JOSE.urlsafe_decode64(encrypted['protected']))
    encrypted_key = JOSE.urlsafe_decode64(encrypted['encrypted_key'])
    iv = JOSE.urlsafe_decode64(encrypted['iv'])
    cipher_text = JOSE.urlsafe_decode64(encrypted['ciphertext'])
    cipher_tag = JOSE.urlsafe_decode64(encrypted['tag'])
    if encrypted['aad'].is_a?(String)
      concat_aad = [encrypted['protected'], '.', encrypted['aad']].join
      return jwe.block_decrypt(key, concat_aad, cipher_text, cipher_tag, encrypted_key, iv), jwe
    else
      return jwe.block_decrypt(key, encrypted['protected'], cipher_text, cipher_tag, encrypted_key, iv), jwe
    end
  else
    raise ArgumentError, "'encrypted' is not a valid encrypted String, Hash, or JOSE::Map"
  end
end

.block_encrypt(key, block, jwe, cek = nil, iv = nil) ⇒ Object


115
116
117
# File 'lib/jose/jwe.rb', line 115

def self.block_encrypt(key, block, jwe, cek = nil, iv = nil)
  return from(jwe).block_encrypt(key, block, cek, iv)
end

.compact(map) ⇒ Object


153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
# File 'lib/jose/jwe.rb', line 153

def self.compact(map)
  if map.is_a?(Hash) or map.is_a?(JOSE::Map)
    if map.has_key?('aad')
      raise ArgumentError, "'map' with 'aad' cannot be compacted"
    end
    return JOSE::EncryptedBinary.new([
      map['protected'] || '',
      '.',
      map['encrypted_key'] || '',
      '.',
      map['iv'] || '',
      '.',
      map['ciphertext'] || '',
      '.',
      map['tag'] || ''
    ].join)
  else
    raise ArgumentError, "'map' must be a Hash or a JOSE::Map"
  end
end

.expand(binary) ⇒ Object


182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
# File 'lib/jose/jwe.rb', line 182

def self.expand(binary)
  if binary.is_a?(String)
    parts = binary.split('.')
    if parts.length == 5
      protected_binary, encrypted_key, initialization_vector, cipher_text, authentication_tag = parts
      return JOSE::EncryptedMap[
        'ciphertext'    => cipher_text,
        'encrypted_key' => encrypted_key,
        'iv'            => initialization_vector,
        'protected'     => protected_binary,
        'tag'           => authentication_tag
      ]
    else
      raise ArgumentError, "'binary' is not a valid encrypted String"
    end
  else
    raise ArgumentError, "'binary' must be a String"
  end
end

.from(object, modules = {}) ⇒ Object

Decode API


19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/jose/jwe.rb', line 19

def self.from(object, modules = {})
  case object
  when JOSE::Map, Hash
    return from_map(object, modules)
  when String
    return from_binary(object, modules)
  when JOSE::JWE
    return object
  else
    raise ArgumentError, "'object' must be a Hash, String, or JOSE::JWE"
  end
end

.from_binary(object, modules = {}) ⇒ Object


32
33
34
35
36
37
38
39
# File 'lib/jose/jwe.rb', line 32

def self.from_binary(object, modules = {})
  case object
  when String
    return from_map(JOSE.decode(object), modules)
  else
    raise ArgumentError, "'object' must be a String"
  end
end

.from_file(file, modules = {}) ⇒ Object


41
42
43
# File 'lib/jose/jwe.rb', line 41

def self.from_file(file, modules = {})
  return from_binary(File.binread(file), modules)
end

.from_map(object, modules = {}) ⇒ Object


45
46
47
48
49
50
51
52
# File 'lib/jose/jwe.rb', line 45

def self.from_map(object, modules = {})
  case object
  when JOSE::Map, Hash
    return from_fields(JOSE::JWE.new(nil, nil, nil, JOSE::Map.new(object)), modules)
  else
    raise ArgumentError, "'object' must be a Hash"
  end
end

.generate_key(object, modules = {}) ⇒ Object


202
203
204
# File 'lib/jose/jwe.rb', line 202

def self.generate_key(object, modules = {})
  return from(object, modules).generate_key
end

.merge(left, right) ⇒ Object


221
222
223
# File 'lib/jose/jwe.rb', line 221

def self.merge(left, right)
  return from(left).merge(right)
end

.peek_protected(encrypted) ⇒ Object


247
248
249
250
251
252
# File 'lib/jose/jwe.rb', line 247

def self.peek_protected(encrypted)
  if encrypted.is_a?(String)
    encrypted = expand(encrypted)
  end
  return JOSE::Map.new(JOSE.decode(JOSE.urlsafe_decode64(encrypted['protected'])))
end

.to_binary(jwe) ⇒ Object

Encode API


56
57
58
# File 'lib/jose/jwe.rb', line 56

def self.to_binary(jwe)
  return from(jwe).to_binary
end

.to_file(jwe, file) ⇒ Object


64
65
66
# File 'lib/jose/jwe.rb', line 64

def self.to_file(jwe, file)
  return from(jwe).to_file(file)
end

.to_map(jwe) ⇒ Object


72
73
74
# File 'lib/jose/jwe.rb', line 72

def self.to_map(jwe)
  return from(jwe).to_map
end

Instance Method Details

#block_decrypt(key, aad, cipher_text, cipher_tag, encrypted_key, iv) ⇒ Object


110
111
112
113
# File 'lib/jose/jwe.rb', line 110

def block_decrypt(key, aad, cipher_text, cipher_tag, encrypted_key, iv)
  cek = key_decrypt(key, encrypted_key)
  return uncompress(enc.block_decrypt([aad, cipher_text, cipher_tag], cek, iv))
end

#block_encrypt(key, block, cek = nil, iv = nil) ⇒ Object


119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# File 'lib/jose/jwe.rb', line 119

def block_encrypt(key, block, cek = nil, iv = nil)
  cek ||= next_cek(key)
  iv ||= next_iv
  aad, plain_text = block
  if plain_text.nil?
    plain_text = aad
    aad = nil
  end
  encrypted_key, jwe = key_encrypt(key, cek)
  protected_binary = JOSE.urlsafe_encode64(jwe.to_binary)
  if aad.nil?
    cipher_text, cipher_tag = enc.block_encrypt([protected_binary, jwe.compress(plain_text)], cek, iv)
    return JOSE::EncryptedMap[
      'ciphertext'    => JOSE.urlsafe_encode64(cipher_text),
      'encrypted_key' => JOSE.urlsafe_encode64(encrypted_key),
      'iv'            => JOSE.urlsafe_encode64(iv),
      'protected'     => protected_binary,
      'tag'           => JOSE.urlsafe_encode64(cipher_tag)
    ]
  else
    aad_b64 = JOSE.urlsafe_encode64(aad)
    concat_aad = [protected_binary, '.', aad_b64].join
    cipher_text, cipher_tag = enc.block_encrypt([concat_aad, jwe.compress(plain_text)], cek, iv)
    return JOSE::EncryptedMap[
      'aad'           => aad_b64,
      'ciphertext'    => JOSE.urlsafe_encode64(cipher_text),
      'encrypted_key' => JOSE.urlsafe_encode64(encrypted_key),
      'iv'            => JOSE.urlsafe_encode64(iv),
      'protected'     => protected_binary,
      'tag'           => JOSE.urlsafe_encode64(cipher_tag)
    ]
  end
end

#compress(plain_text) ⇒ Object


174
175
176
177
178
179
180
# File 'lib/jose/jwe.rb', line 174

def compress(plain_text)
  if zip.nil?
    return plain_text
  else
    return zip.compress(plain_text)
  end
end

#generate_keyObject


206
207
208
# File 'lib/jose/jwe.rb', line 206

def generate_key
  return alg.generate_key(fields, enc)
end

#key_decrypt(key, encrypted_key) ⇒ Object


210
211
212
# File 'lib/jose/jwe.rb', line 210

def key_decrypt(key, encrypted_key)
  return alg.key_decrypt(key, enc, encrypted_key)
end

#key_encrypt(key, decrypted_key) ⇒ Object


214
215
216
217
218
219
# File 'lib/jose/jwe.rb', line 214

def key_encrypt(key, decrypted_key)
  encrypted_key, new_alg = alg.key_encrypt(key, enc, decrypted_key)
  new_jwe = JOSE::JWE.from_map(to_map)
  new_jwe.alg = new_alg
  return encrypted_key, new_jwe
end

#merge(object) ⇒ Object


225
226
227
228
229
230
231
232
233
234
235
236
237
# File 'lib/jose/jwe.rb', line 225

def merge(object)
  object = case object
  when JOSE::Map, Hash
    object
  when String
    JOSE.decode(object)
  when JOSE::JWE
    object.to_map
  else
    raise ArgumentError, "'object' must be a Hash, String, or JOSE::JWE"
  end
  return JOSE::JWE.from_map(self.to_map.merge(object))
end

#next_cek(key) ⇒ Object


239
240
241
# File 'lib/jose/jwe.rb', line 239

def next_cek(key)
  return alg.next_cek(key, enc)
end

#next_ivObject


243
244
245
# File 'lib/jose/jwe.rb', line 243

def next_iv
  return enc.next_iv
end

#to_binaryObject


60
61
62
# File 'lib/jose/jwe.rb', line 60

def to_binary
  return JOSE.encode(to_map)
end

#to_file(file) ⇒ Object


68
69
70
# File 'lib/jose/jwe.rb', line 68

def to_file(file)
  return File.binwrite(file, to_binary)
end

#to_mapObject


76
77
78
79
80
81
82
# File 'lib/jose/jwe.rb', line 76

def to_map
  if zip.nil?
    return alg.to_map(enc.to_map(fields))
  else
    return alg.to_map(enc.to_map(zip.to_map(fields)))
  end
end

#uncompress(cipher_text) ⇒ Object


254
255
256
257
258
259
260
# File 'lib/jose/jwe.rb', line 254

def uncompress(cipher_text)
  if zip.nil?
    return cipher_text
  else
    return zip.uncompress(cipher_text)
  end
end