gitlab-org--gitlab-foss/lib/json_web_token/rsa_token.rb

# frozen_string_literal: true

module JSONWebToken
  class RSAToken < Token
    attr_reader :key_file

    def initialize(key_file)
      super()
      @key_file = key_file
    end

    def encoded
      headers = {
        kid: kid,
        typ: 'JWT'
      }
      JWT.encode(payload, key, 'RS256', headers)
    end

    private

    def key_data
      @key_data ||= File.read(key_file)
    end

    def key
      @key ||= OpenSSL::PKey::RSA.new(key_data)
    end

    def public_key
      key.public_key
    end

    def kid
      # calculate sha256 from DER encoded ASN1
      kid = Digest::SHA256.digest(public_key.to_der)

      # we encode only 30 bytes with base32
      kid = Base32.encode(kid[0..29])

      # insert colon every 4 characters
      kid.scan(/.{4}/).join(':')
    end
  end
end
Enable even more frozen string in lib/*/.rb Enables frozen string for the following files: * lib/generators/*/.rb * lib/gitaly/*/.rb * lib/google_api/*/.rb * lib/haml_lint/*/.rb * lib/json_web_token/*/.rb * lib/mattermost/*/.rb * lib/microsoft_teams/*/.rb * lib/object_storage/*/.rb * lib/omni_auth/*/.rb * lib/peek/*/.rb * lib/rouge/*/.rb * lib/rspec_flaky/*/.rb * lib/system_check/*/.rb Partially addresses #47424. 2018-10-08 14:50:39 +00:00			`# frozen_string_literal: true`

Rename JWT to JSONWebToken 2016-05-14 23:23:31 +00:00			`module JSONWebToken`
Split docker authentication service 2016-05-02 12:32:16 +00:00			`class RSAToken < Token`
			`attr_reader :key_file`

			`def initialize(key_file)`
			`super()`
			`@key_file = key_file`
			`end`

			`def encoded`
			`headers = {`
Set typ field in JSONWebToken::RSAToken ruby-jwt v2.0 removed the `typ` header in https://github.com/jwt/ruby-jwt/commit/cc41d53e00f8cbf015271b53f5ad761bd6ac2312. To ensure tokens don't get marked invalid during an upgrade, add it back to ensure backwards compatibility. 2018-12-29 15:37:08 +00:00			`kid: kid,`
			`typ: 'JWT'`
Split docker authentication service 2016-05-02 12:32:16 +00:00			`}`
			`JWT.encode(payload, key, 'RS256', headers)`
			`end`

			`private`

			`def key_data`
			`@key_data \|\|= File.read(key_file)`
			`end`

			`def key`
			`@key \|\|= OpenSSL::PKey::RSA.new(key_data)`
			`end`

Improve JWT::RSAToken::kid 2016-05-13 21:41:30 +00:00			`def public_key`
			`key.public_key`
			`end`

Split docker authentication service 2016-05-02 12:32:16 +00:00			`def kid`
Simplify JWT::RSAToken::kid 2016-05-14 21:04:26 +00:00			`# calculate sha256 from DER encoded ASN1`
			`kid = Digest::SHA256.digest(public_key.to_der)`

			`# we encode only 30 bytes with base32`
			`kid = Base32.encode(kid[0..29])`

			`# insert colon every 4 characters`
			`kid.scan(/.{4}/).join(':')`
Split docker authentication service 2016-05-02 12:32:16 +00:00			`end`
			`end`
			`end`