From f4f9184a01bc7442411bbcffd9b6a86784fa5f53 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Sat, 14 May 2016 18:23:31 -0500
Subject: Rename JWT to JSONWebToken

---
 lib/json_web_token/rsa_token.rb | 42 +++++++++++++++++++++++++++++++++++++
 lib/json_web_token/token.rb     | 46 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 lib/json_web_token/rsa_token.rb
 create mode 100644 lib/json_web_token/token.rb

(limited to 'lib/json_web_token')

diff --git a/lib/json_web_token/rsa_token.rb b/lib/json_web_token/rsa_token.rb
new file mode 100644
index 00000000000..d6d6af7089c
--- /dev/null
+++ b/lib/json_web_token/rsa_token.rb
@@ -0,0 +1,42 @@
+module JSONWebToken
+  class RSAToken < Token
+    attr_reader :key_file
+
+    def initialize(key_file)
+      super()
+      @key_file = key_file
+    end
+
+    def encoded
+      headers = {
+        kid: kid
+      }
+      JWT.encode(payload, key, 'RS256', headers)
+    end
+
+    private
+
+    def key_data
+      @key_data ||= File.read(key_file)
+    end
+
+    def key
+      @key ||= OpenSSL::PKey::RSA.new(key_data)
+    end
+
+    def public_key
+      key.public_key
+    end
+
+    def kid
+      # calculate sha256 from DER encoded ASN1
+      kid = Digest::SHA256.digest(public_key.to_der)
+
+      # we encode only 30 bytes with base32
+      kid = Base32.encode(kid[0..29])
+
+      # insert colon every 4 characters
+      kid.scan(/.{4}/).join(':')
+    end
+  end
+end
diff --git a/lib/json_web_token/token.rb b/lib/json_web_token/token.rb
new file mode 100644
index 00000000000..5b67715b0b2
--- /dev/null
+++ b/lib/json_web_token/token.rb
@@ -0,0 +1,46 @@
+module JSONWebToken
+  class Token
+    attr_accessor :issuer, :subject, :audience, :id
+    attr_accessor :issued_at, :not_before, :expire_time
+
+    def initialize
+      @id = SecureRandom.uuid
+      @issued_at = Time.now
+      # we give a few seconds for time shift
+      @not_before = issued_at - 5.seconds
+      # default 60 seconds should be more than enough for this authentication token
+      @expire_time = issued_at + 1.minute
+      @custom_payload = {}
+    end
+
+    def [](key)
+      @custom_payload[key]
+    end
+
+    def []=(key, value)
+      @custom_payload[key] = value
+    end
+
+    def encoded
+      raise NotImplementedError
+    end
+
+    def payload
+      @custom_payload.merge(default_payload)
+    end
+
+    private
+
+    def default_payload
+      {
+        jti: id,
+        aud: audience,
+        sub: subject,
+        iss: issuer,
+        iat: issued_at.to_i,
+        nbf: not_before.to_i,
+        exp: expire_time.to_i
+      }.compact
+    end
+  end
+end
-- 
cgit v1.2.3