JWE

Methods

Public Class

__rodauth_oauth_decrypt_from_jwks
__rodauth_oauth_encrypt_from_jwks
find_key_by_alg_enc
find_key_by_kid

Public Class methods

__rodauth_oauth_decrypt_from_jwks(payload, jwks, alg: "RSA-OAEP", enc: "A128GCM")

this is a monkey-patch! it’s necessary, as the original jwe does not support jwks. if this works long term, it may be merged upstreamm.

[show source]

   # File lib/rodauth/oauth/jwe_extensions.rb
 9 def self.__rodauth_oauth_decrypt_from_jwks(payload, jwks, alg: "RSA-OAEP", enc: "A128GCM")
10   header, enc_key, iv, ciphertext, tag = Serialization::Compact.decode(payload)
11   header = JSON.parse(header)
12 
13   key = find_key_by_kid(jwks, header["kid"], alg, enc)
14 
15   check_params(header, key)
16 
17   cek = Alg.decrypt_cek(header["alg"], key, enc_key)
18   cipher = Enc.for(header["enc"], cek, iv, tag)
19 
20   plaintext = cipher.decrypt(ciphertext, payload.split(".").first)
21 
22   apply_zip(header, plaintext, :decompress)
23 end

__rodauth_oauth_encrypt_from_jwks(payload, jwks, alg: "RSA-OAEP", enc: "A128GCM", **more_headers)

[show source]

   # File lib/rodauth/oauth/jwe_extensions.rb
25 def self.__rodauth_oauth_encrypt_from_jwks(payload, jwks, alg: "RSA-OAEP", enc: "A128GCM", **more_headers)
26   header = generate_header(alg, enc, more_headers)
27 
28   key = find_key_by_alg_enc(jwks, alg, enc)
29 
30   check_params(header, key)
31   payload = apply_zip(header, payload, :compress)
32 
33   cipher = Enc.for(enc)
34   cipher.cek = key if alg == "dir"
35 
36   json_hdr = header.to_json
37   ciphertext = cipher.encrypt(payload, Base64.jwe_encode(json_hdr))
38 
39   generate_serialization(json_hdr, Alg.encrypt_cek(alg, key, cipher.cek), ciphertext, cipher)
40 end

find_key_by_alg_enc(jwks, alg, enc)

[show source]

   # File lib/rodauth/oauth/jwe_extensions.rb
54 def self.find_key_by_alg_enc(jwks, alg, enc)
55   jwk = jwks.find do |key, _|
56     (key[:alg] || key["alg"]) == alg &&
57       (key[:enc] || key["enc"]) == enc
58   end
59 
60   raise DecodeError, "No key found" unless jwk
61 
62   ::JWT::JWK.import(jwk).keypair
63 end

find_key_by_kid(jwks, kid, alg, enc)

[show source]

   # File lib/rodauth/oauth/jwe_extensions.rb
42 def self.find_key_by_kid(jwks, kid, alg, enc)
43   raise DecodeError, "No key id (kid) found from token headers" unless kid
44 
45   jwk = jwks.find { |key, _| (key[:kid] || key["kid"]) == kid }
46 
47   raise DecodeError, "Could not find public key for kid #{kid}" unless jwk
48   raise DecodeError, "Expected a different encryption algorithm" unless alg == (jwk[:alg] || jwk["alg"])
49   raise DecodeError, "Expected a different encryption method" unless enc == (jwk[:enc] || jwk["enc"])
50 
51   ::JWT::JWK.import(jwk).keypair
52 end

module JWE

Methods

Public Class

Public Class methods