fix protected_header issue

thien0291 · Jun 9, 2024 · 3f968e6 · 3f968e6
1 parent b4f2420
commit 3f968e6
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 20 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,4 +8,5 @@
 /tmp/
 
 json_jws-*
-/bin/build
+/bin/build
+.byebug_history
diff --git a/README.md b/README.md
@@ -54,8 +54,8 @@ verify_result = JSON_JWS.verify(json_jws, [jwk])
 print "verify_result: ", verify_result
 
 puts "\n\nAdd another signature"
-# json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, { "alg" => "RS256", "extra" => "field" }, payload)
-json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, header, payload)
+json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, { "alg" => "RS256", "extra" => "field" })
+# json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, header)
 puts "json_jws_2: \n", json_jws_2
 
 puts "\n\nVerify json jws 2"

diff --git a/bin/console b/bin/console
@@ -46,8 +46,8 @@ verify_result = JSON_JWS.verify(json_jws, [jwk])
 print "verify_result: ", verify_result
 
 puts "\n\nAdd another signature"
-# json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, { "alg" => "RS256", "extra" => "field" }, payload)
-json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, header, payload)
+json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, { "alg" => "RS256", "extra" => "field" })
+# json_jws_2 = JSON_JWS.add_signature(json_jws, jwk2, header)
 puts "json_jws_2: \n", json_jws_2
 
 puts "\n\nVerify json jws 2"

diff --git a/lib/json_jws/encode.rb b/lib/json_jws/encode.rb
@@ -8,12 +8,13 @@ def encode(jwk, header, payload)
     protected_header = Base64.urlsafe_encode64(header.to_json)
     payload = payload.to_json unless payload.is_a?(String)
 
+    protected_header, signature = build_signature(jwk, header, payload)
     {
       "payload" => Base64.urlsafe_encode64(payload),
       "signatures" => [
         {
           "protected" => protected_header,
-          "signature" => build_signature(jwk, header, payload),
+          "signature" => signature,
         },
       ],
     }

diff --git a/lib/json_jws/sign.rb b/lib/json_jws/sign.rb
@@ -7,19 +7,18 @@ def build_signature(jwk, header, payload)
     payload = payload.to_json unless payload.is_a?(String)
     raise "header must be a Hash" unless header.is_a?(Hash)
 
-    encoded_payload = Base64.urlsafe_encode64(payload)
-    encoded_header = Base64.urlsafe_encode64(header.to_json)
-
-    JOSE::JWS.sign(jwk, payload, header).to_hash["signature"]
+    jose_signed_map = JOSE::JWS.sign(jwk, payload, header)
+    jose_signed_map.to_hash.slice("protected", "signature").values
   end
 
-  def add_signature(jws, jwk, header, payload)
-    protected_header = Base64.urlsafe_encode64(header.to_json)
-    payload = payload.to_json unless payload.is_a?(String)
+  def add_signature(jws, jwk, protected_header)
+    encoded_protected_header = Base64.urlsafe_encode64(protected_header.to_json)
+    raw_payload = Base64.decode64(jws["payload"])
+    protected_header, signature = build_signature(jwk, protected_header, raw_payload)
 
     jws["signatures"] << {
       "protected" => protected_header,
-      "signature" => build_signature(jwk, header, payload),
+      "signature" => signature,
     }
 
     jws

diff --git a/lib/json_jws/verify.rb b/lib/json_jws/verify.rb
@@ -14,18 +14,15 @@ def verify_signature(jwk, b64_payload, jws_json_signature)
   end
 
   def verify(jws, jwks)
-
     # verify payload is base64 encoded
-    begin
-      Base64.urlsafe_decode64(jws["payload"])
-    rescue
-      return false
-    end
+    Base64.urlsafe_decode64(jws["payload"])
 
     jws["signatures"].each_with_index do |signature, index|
       return false unless verify_signature(jwks[index], jws["payload"], signature)
     end
 
     true
+  rescue
+    return false
   end
 end