Class: JOSE::JWK

Inherits:
Struct
  • Object
show all
Defined in:
lib/jose/jwk.rb

Defined Under Namespace

Modules: KTY, OpenSSHKey, PEM Classes: KTY_EC, KTY_OKP_Ed25519, KTY_OKP_Ed25519ph, KTY_OKP_Ed448, KTY_OKP_Ed448ph, KTY_OKP_X25519, KTY_OKP_X448, KTY_RSA, KTY_oct, Set

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#fieldsObject

Returns the value of attribute fields


2
3
4
# File 'lib/jose/jwk.rb', line 2

def fields
  @fields
end

#keysObject

Returns the value of attribute keys


2
3
4
# File 'lib/jose/jwk.rb', line 2

def keys
  @keys
end

#ktyObject

Returns the value of attribute kty


2
3
4
# File 'lib/jose/jwk.rb', line 2

def kty
  @kty
end

Class Method Details

.block_decrypt(jwk, encrypted) ⇒ Object

API


259
260
261
# File 'lib/jose/jwk.rb', line 259

def self.block_decrypt(jwk, encrypted)
  return from(jwk).block_decrypt(encrypted)
end

.block_encrypt(jwk, plain_text, jwe = nil) ⇒ Object


267
268
269
# File 'lib/jose/jwk.rb', line 267

def self.block_encrypt(jwk, plain_text, jwe = nil)
  return from(jwk).block_encrypt(plain_text, jwe)
end

.block_encryptor(jwe) ⇒ Object


276
277
278
# File 'lib/jose/jwk.rb', line 276

def self.block_encryptor(jwe)
  return from(jwe).block_encryptor
end

.box_decrypt(jwk, encrypted) ⇒ Object


284
285
286
# File 'lib/jose/jwk.rb', line 284

def self.box_decrypt(jwk, encrypted)
  return from(jwk).box_decrypt(encrypted)
end

.from(object, modules = nil, key = nil) ⇒ Object

Decode API


6
7
8
9
10
11
12
13
14
15
16
17
# File 'lib/jose/jwk.rb', line 6

def self.from(object, modules = nil, key = nil)
  case object
  when JOSE::Map, Hash
    return from_map(object, modules, key)
  when String
    return from_binary(object, modules, key)
  when JOSE::JWK
    return object
  else
    raise ArgumentError, "'object' must be a Hash, String, or JOSE::JWK"
  end
end

.from_binary(object, modules = nil, key = nil) ⇒ Object


19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/jose/jwk.rb', line 19

def self.from_binary(object, modules = nil, key = nil)
  if (modules.is_a?(String) or modules.is_a?(JOSE::JWK)) and key.nil?
    key = modules
    modules = {}
  end
  modules ||= {}
  case object
  when String
    if key
      plain_text, jwe = JOSE::JWE.block_decrypt(key, object)
      return from_binary(plain_text, modules), jwe
    else
      return from_map(JOSE.decode(object), modules)
    end
  else
    raise ArgumentError, "'object' must be a String"
  end
end

.from_file(file, modules = nil, key = nil) ⇒ Object


38
39
40
# File 'lib/jose/jwk.rb', line 38

def self.from_file(file, modules = nil, key = nil)
  return from_binary(File.binread(file), modules, key)
end

.from_key(object, modules = {}) ⇒ Object


42
43
44
45
# File 'lib/jose/jwk.rb', line 42

def self.from_key(object, modules = {})
  kty = modules[:kty] || JOSE::JWK::KTY
  return JOSE::JWK.new(nil, *kty.from_key(object))
end

.from_map(object, modules = nil, key = nil) ⇒ Object


47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/jose/jwk.rb', line 47

def self.from_map(object, modules = nil, key = nil)
  if (modules.is_a?(String) or modules.is_a?(JOSE::JWK)) and key.nil?
    key = modules
    modules = {}
  end
  modules ||= {}
  case object
  when JOSE::Map, Hash
    if key
      plain_text, jwe = JOSE::JWE.block_decrypt(key, object)
      return from_binary(plain_text, modules), jwe
    else
      return from_fields(JOSE::JWK.new(nil, nil, JOSE::Map.new(object)), modules)
    end
  else
    raise ArgumentError, "'object' must be a String"
  end
end

.from_oct(object, modules = {}) ⇒ Object


80
81
82
83
# File 'lib/jose/jwk.rb', line 80

def self.from_oct(object, modules = {})
  kty = modules[:kty] || JOSE::JWK::KTY_oct
  return JOSE::JWK.new(nil, *kty.from_oct(object))
end

.from_oct_file(file, modules = {}) ⇒ Object


85
86
87
# File 'lib/jose/jwk.rb', line 85

def self.from_oct_file(file, modules = {})
  return from_oct(File.binread(file), modules)
end

.from_okp(object, modules = {}) ⇒ Object

Raises:

  • (ArgumentError)

89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/jose/jwk.rb', line 89

def self.from_okp(object, modules = {})
  raise ArgumentError, "object must be an Array of length 2" if not object.is_a?(Array) or object.length != 2
  kty = modules[:kty] || case object[0]
  when :Ed25519
    JOSE::JWK::KTY_OKP_Ed25519
  when :Ed25519ph
    JOSE::JWK::KTY_OKP_Ed25519ph
  when :Ed448
    JOSE::JWK::KTY_OKP_Ed448
  when :Ed448ph
    JOSE::JWK::KTY_OKP_Ed448ph
  when :X25519
    JOSE::JWK::KTY_OKP_X25519
  when :X448
    JOSE::JWK::KTY_OKP_X448
  else
    raise ArgumentError, "unrecognized :okp object"
  end
  return JOSE::JWK.new(nil, *kty.from_okp(object))
end

.from_openssh_key(object, modules = {}) ⇒ Object

Raises:

  • (ArgumentError)

110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# File 'lib/jose/jwk.rb', line 110

def self.from_openssh_key(object, modules = {})
  raise ArgumentError, "object must be a String or Array" if not object.is_a?(String) and not object.is_a?(Array)
  keys = object
  if object.is_a?(String)
    keys = JOSE::JWK::OpenSSHKey.from_binary(object)
  end
  ((pk_type, pk), key), = keys[0]
  sk_type, sk_pk, = key
  if pk_type and pk and key and sk_type and sk_pk and pk_type == sk_type and pk == sk_pk
    kty = modules[:kty] || case pk_type
    when 'ssh-ed25519'
      JOSE::JWK::KTY_OKP_Ed25519
    when 'ssh-ed25519ph'
      JOSE::JWK::KTY_OKP_Ed25519ph
    when 'ssh-ed448'
      JOSE::JWK::KTY_OKP_Ed448
    when 'ssh-ed448ph'
      JOSE::JWK::KTY_OKP_Ed448ph
    when 'ssh-x25519'
      JOSE::JWK::KTY_OKP_X25519
    when 'ssh-x448'
      JOSE::JWK::KTY_OKP_X448
    else
      raise ArgumentError, "unrecognized openssh key type: #{pk_type.inspect}"
    end
    return JOSE::JWK.new(nil, *kty.from_openssh_key(key))
  else
    raise ArgumentError, "unrecognized openssh key format"
  end
end

.from_openssh_key_file(file, modules = {}) ⇒ Object


141
142
143
# File 'lib/jose/jwk.rb', line 141

def self.from_openssh_key_file(file, modules = {})
  return from_openssh_key(File.binread(file), modules)
end

.from_pem(object, modules = nil, password = nil) ⇒ Object


66
67
68
69
70
71
72
73
74
# File 'lib/jose/jwk.rb', line 66

def self.from_pem(object, modules = nil, password = nil)
  if modules.is_a?(String) and password.nil?
    password = modules
    modules  = {}
  end
  modules ||= {}
  kty = modules[:kty] || JOSE::JWK::PEM
  return JOSE::JWK.new(nil, *kty.from_binary(object, password))
end

.from_pem_file(file, modules = nil, password = nil) ⇒ Object


76
77
78
# File 'lib/jose/jwk.rb', line 76

def self.from_pem_file(file, modules = nil, password = nil)
  return from_pem(File.binread(file), modules, password)
end

.generate_key(params) ⇒ Object


330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
# File 'lib/jose/jwk.rb', line 330

def self.generate_key(params)
  if params.is_a?(Array) and (params.length == 2 or params.length == 3)
    case params[0]
    when :ec
      return JOSE::JWK.new(nil, *JOSE::JWK::KTY_EC.generate_key(params))
    when :oct
      return JOSE::JWK.new(nil, *JOSE::JWK::KTY_oct.generate_key(params))
    when :okp
      case params[1]
      when :Ed25519
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_Ed25519.generate_key(params))
      when :Ed25519ph
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_Ed25519ph.generate_key(params))
      when :Ed448
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_Ed448.generate_key(params))
      when :Ed448ph
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_Ed448ph.generate_key(params))
      when :X25519
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_X25519.generate_key(params))
      when :X448
        return JOSE::JWK.new(nil, *JOSE::JWK::KTY_OKP_X448.generate_key(params))
      else
        raise ArgumentError, "invalid :okp key generation params"
      end
    when :rsa
      return JOSE::JWK.new(nil, *JOSE::JWK::KTY_RSA.generate_key(params))
    else
      raise ArgumentError, "invalid key generation params"
    end
  elsif params.is_a?(JOSE::JWK)
    return params.generate_key
  elsif params.respond_to?(:generate_key)
    return JOSE::JWK.new(nil, *params.generate_key(JOSE::Map[]))
  else
    raise ArgumentError, "invalid key generation params"
  end
end

.merge(left, right) ⇒ Object


372
373
374
# File 'lib/jose/jwk.rb', line 372

def self.merge(left, right)
  return from(left).merge(right)
end

.shared_secret(your_jwk, my_jwk) ⇒ Object


390
391
392
# File 'lib/jose/jwk.rb', line 390

def self.shared_secret(your_jwk, my_jwk)
  return from(your_jwk).shared_secret(from(my_jwk))
end

.sign(jwk, plain_text, jws = nil, header = nil) ⇒ Object


401
402
403
# File 'lib/jose/jwk.rb', line 401

def self.sign(jwk, plain_text, jws = nil, header = nil)
  return from(jwk).sign(plain_text, jws, header)
end

.signer(jwk) ⇒ Object


410
411
412
# File 'lib/jose/jwk.rb', line 410

def self.signer(jwk)
  return from(jwk).signer
end

.thumbprint(digest_type, jwk = nil) ⇒ Object


435
436
437
438
439
440
441
# File 'lib/jose/jwk.rb', line 435

def self.thumbprint(digest_type, jwk = nil)
  if jwk.nil?
    jwk = digest_type
    digest_type = nil
  end
  return from(jwk).thumbprint(digest_type)
end

.to_binary(jwk, key = nil, jwe = nil) ⇒ Object

Encode API


147
148
149
# File 'lib/jose/jwk.rb', line 147

def self.to_binary(jwk, key = nil, jwe = nil)
  return from(jwk).to_binary(key, jwe)
end

.to_file(jwk, file, key = nil, jwe = nil) ⇒ Object


162
163
164
# File 'lib/jose/jwk.rb', line 162

def self.to_file(jwk, file, key = nil, jwe = nil)
  return from(jwk).to_file(file, key, jwe)
end

.to_key(jwk) ⇒ Object


170
171
172
# File 'lib/jose/jwk.rb', line 170

def self.to_key(jwk)
  return from(jwk).to_key
end

.to_map(jwk, key = nil, jwe = nil) ⇒ Object


178
179
180
# File 'lib/jose/jwk.rb', line 178

def self.to_map(jwk, key = nil, jwe = nil)
  return from(jwk).to_map(key, jwe)
end

.to_oct(jwk) ⇒ Object


193
194
195
# File 'lib/jose/jwk.rb', line 193

def self.to_oct(jwk)
  return from(jwk).to_oct
end

.to_okp(jwk) ⇒ Object


201
202
203
# File 'lib/jose/jwk.rb', line 201

def self.to_okp(jwk)
  return from(jwk).to_okp
end

.to_openssh_key(jwk) ⇒ Object


209
210
211
# File 'lib/jose/jwk.rb', line 209

def self.to_openssh_key(jwk)
  return from(jwk).to_openssh_key
end

.to_pem(jwk, password = nil) ⇒ Object


217
218
219
# File 'lib/jose/jwk.rb', line 217

def self.to_pem(jwk, password = nil)
  return from(jwk).to_pem(password)
end

.to_public(jwk) ⇒ Object


225
226
227
# File 'lib/jose/jwk.rb', line 225

def self.to_public(jwk)
  return from(jwk).to_public
end

.to_public_key(jwk) ⇒ Object


233
234
235
# File 'lib/jose/jwk.rb', line 233

def self.to_public_key(jwk)
  return from(jwk).to_public_key
end

.to_public_map(jwk) ⇒ Object


241
242
243
# File 'lib/jose/jwk.rb', line 241

def self.to_public_map(jwk)
  return from(jwk).to_public_map
end

.to_thumbprint_map(jwk) ⇒ Object


249
250
251
# File 'lib/jose/jwk.rb', line 249

def self.to_thumbprint_map(jwk)
  return from(jwk).to_thumbprint_map
end

.verify(signed, jwk) ⇒ Object


418
419
420
# File 'lib/jose/jwk.rb', line 418

def self.verify(signed, jwk)
  return from(jwk).verify(signed)
end

.verify_strict(signed, allow, jwk) ⇒ Object


426
427
428
# File 'lib/jose/jwk.rb', line 426

def self.verify_strict(signed, allow, jwk)
  return from(jwk).verify_strict(signed, allow)
end

Instance Method Details

#block_decrypt(encrypted) ⇒ Object


263
264
265
# File 'lib/jose/jwk.rb', line 263

def block_decrypt(encrypted)
  return JOSE::JWE.block_decrypt(self, encrypted)
end

#block_encrypt(plain_text, jwe = nil) ⇒ Object


271
272
273
274
# File 'lib/jose/jwk.rb', line 271

def block_encrypt(plain_text, jwe = nil)
  jwe ||= block_encryptor
  return JOSE::JWE.block_encrypt(self, plain_text, jwe)
end

#block_encryptorObject


280
281
282
# File 'lib/jose/jwk.rb', line 280

def block_encryptor
  return kty.block_encryptor(fields)
end

#box_decrypt(encrypted) ⇒ Object


288
289
290
# File 'lib/jose/jwk.rb', line 288

def box_decrypt(encrypted)
  return JOSE::JWE.block_decrypt(self, encrypted)
end

#box_encrypt(plain_text, my_private_jwk = nil, jwe = nil) ⇒ Object

Generates an ephemeral private key based on other public key curve.


293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
# File 'lib/jose/jwk.rb', line 293

def box_encrypt(plain_text, my_private_jwk = nil, jwe = nil)
  generated_jwk = nil
  other_public_jwk = self
  if my_private_jwk.nil?
    generated_jwk = my_private_jwk = other_public_jwk.generate_key
  end
  if not my_private_jwk.is_a?(JOSE::JWK)
    my_private_jwk = JOSE::JWK.from(my_private_jwk)
  end
  if jwe.nil?
    jwe = other_public_jwk.block_encryptor
  end
  if jwe.is_a?(Hash)
    jwe = JOSE::Map.new(jwe)
  end
  if jwe.is_a?(JOSE::Map)
    if jwe['apu'].nil?
      jwe = jwe.put('apu', my_private_jwk.fields['kid'] || my_private_jwk.thumbprint)
    end
    if jwe['apv'].nil?
      jwe = jwe.put('apv', other_public_jwk.fields['kid'] || other_public_jwk.thumbprint)
    end
    if jwe['epk'].nil?
      jwe = jwe.put('epk', my_private_jwk.to_public_map)
    end
  end
  if generated_jwk
    return JOSE::JWE.block_encrypt([other_public_jwk, my_private_jwk], plain_text, jwe), generated_jwk
  else
    return JOSE::JWE.block_encrypt([other_public_jwk, my_private_jwk], plain_text, jwe)
  end
end

#derive_key(*args) ⇒ Object


326
327
328
# File 'lib/jose/jwk.rb', line 326

def derive_key(*args)
  return kty.derive_key(*args)
end

#generate_keyObject


368
369
370
# File 'lib/jose/jwk.rb', line 368

def generate_key
  return JOSE::JWK.new(nil, *kty.generate_key(fields))
end

#merge(object) ⇒ Object


376
377
378
379
380
381
382
383
384
385
386
387
388
# File 'lib/jose/jwk.rb', line 376

def merge(object)
  object = case object
  when JOSE::Map, Hash
    object
  when String
    JOSE.decode(object)
  when JOSE::JWK
    object.to_map
  else
    raise ArgumentError, "'object' must be a Hash, String, or JOSE::JWK"
  end
  return JOSE::JWK.from_map(self.to_map.merge(object))
end

#shared_secret(other_jwk) ⇒ Object

Raises:

  • (ArgumentError)

394
395
396
397
398
399
# File 'lib/jose/jwk.rb', line 394

def shared_secret(other_jwk)
  other_jwk = from(other_jwk) if not other_jwk.is_a?(JOSE::JWK)
  raise ArgumentError, "key types must match" if other_jwk.kty.class != kty.class
  raise ArgumentError, "key type does not support shared secret computations" if not kty.respond_to?(:derive_key)
  return kty.derive_key(other_jwk)
end

#sign(plain_text, jws = nil, header = nil) ⇒ Object


405
406
407
408
# File 'lib/jose/jwk.rb', line 405

def sign(plain_text, jws = nil, header = nil)
  jws ||= signer
  return JOSE::JWS.sign(self, plain_text, jws, header)
end

#signerObject


414
415
416
# File 'lib/jose/jwk.rb', line 414

def signer
  return kty.signer(fields)
end

#thumbprint(digest_type = nil) ⇒ Object


443
444
445
446
447
# File 'lib/jose/jwk.rb', line 443

def thumbprint(digest_type = nil)
  digest_type ||= 'SHA256'
  thumbprint_binary = JOSE.encode(to_thumbprint_map)
  return JOSE.urlsafe_encode64(OpenSSL::Digest.new(digest_type).digest(thumbprint_binary))
end

#to_binary(key = nil, jwe = nil) ⇒ Object


151
152
153
154
155
156
157
158
159
160
# File 'lib/jose/jwk.rb', line 151

def to_binary(key = nil, jwe = nil)
  if not key.nil?
    jwe ||= kty.key_encryptor(fields, key)
  end
  if key and jwe
    return to_map(key, jwe).compact
  else
    return JOSE.encode(to_map)
  end
end

#to_file(file, key = nil, jwe = nil) ⇒ Object


166
167
168
# File 'lib/jose/jwk.rb', line 166

def to_file(file, key = nil, jwe = nil)
  return File.binwrite(file, to_binary(key, jwe))
end

#to_keyObject


174
175
176
# File 'lib/jose/jwk.rb', line 174

def to_key
  return kty.to_key
end

#to_map(key = nil, jwe = nil) ⇒ Object


182
183
184
185
186
187
188
189
190
191
# File 'lib/jose/jwk.rb', line 182

def to_map(key = nil, jwe = nil)
  if not key.nil?
    jwe ||= kty.key_encryptor(fields, key)
  end
  if key and jwe
    return JOSE::JWE.block_encrypt(key, to_binary, jwe)
  else
    return kty.to_map(fields)
  end
end

#to_octObject


197
198
199
# File 'lib/jose/jwk.rb', line 197

def to_oct
  return kty.to_oct
end

#to_okpObject


205
206
207
# File 'lib/jose/jwk.rb', line 205

def to_okp
  return kty.to_okp
end

#to_openssh_keyObject


213
214
215
# File 'lib/jose/jwk.rb', line 213

def to_openssh_key
  return kty.to_openssh_key(fields)
end

#to_pem(password = nil) ⇒ Object


221
222
223
# File 'lib/jose/jwk.rb', line 221

def to_pem(password = nil)
  return kty.to_pem(password)
end

#to_publicObject


229
230
231
# File 'lib/jose/jwk.rb', line 229

def to_public
  return JOSE::JWK.from_map(to_public_map)
end

#to_public_keyObject


237
238
239
# File 'lib/jose/jwk.rb', line 237

def to_public_key
  return to_public.to_key
end

#to_public_mapObject


245
246
247
# File 'lib/jose/jwk.rb', line 245

def to_public_map
  return kty.to_public_map(fields)
end

#to_thumbprint_mapObject


253
254
255
# File 'lib/jose/jwk.rb', line 253

def to_thumbprint_map
  return kty.to_thumbprint_map(fields)
end

#verify(signed) ⇒ Object


422
423
424
# File 'lib/jose/jwk.rb', line 422

def verify(signed)
  return JOSE::JWS.verify(self, signed)
end

#verify_strict(signed, allow) ⇒ Object


430
431
432
# File 'lib/jose/jwk.rb', line 430

def verify_strict(signed, allow)
  return JOSE::JWS.verify_strict(self, allow, signed)
end