Baseline

.gitignore

@@ -0,0 +1 @@
+node_modules

.npmignore

@@ -0,0 +1,4 @@
+support
+test
+examples
+*.sock

Cakefile

@@ -0,0 +1,30 @@
+{exec, spawn} = require 'child_process'
+
+handleError = (err) ->
+  if err
+    console.log "\n\x33[1;36m=>\x33[1;37m Remember that you need: coffee-script@0.9.4 and mocha@0.5.2\x33[0;37m\n"
+    console.log err.stack
+
+print = (data) -> console.log data.toString().trim()
+
+task 'install', 'Executes an install of the required packages.', ->
+  exec 'npm install'
+
+task 'build', 'Compile Coffeescript source to Javascript', ->
+  exec 'mkdir -p lib && coffee -c -o lib src', handleError
+  exec 'find lib -name "*.js" -print0 | xargs -0 jslint --stupid'
+
+task 'clean', 'Remove generated Javascripts', ->
+  exec 'rm -fr lib', handleError
+
+task 'test', 'Test the app', (options) ->
+  console.log "\n\x1B[00;33m=>\x1B[00;32m Running tests..\x1B[00;33m\n"
+  mocha = spawn 'mocha', '-c -b --compilers coffee:coffee-script'.split(' ')
+  mocha.stdout.on 'data', print
+  mocha.stderr.on 'data', print
+
+
+task 'dev', 'Continuous compilation', ->
+  coffee = spawn 'coffee', '-wc --bare -o lib src'.split(' ')
+  coffee.stdout.on 'data', print
+  coffee.stderr.on 'data', print

History.md

@@ -0,0 +1,5 @@
+
+0.0.1 / 2010-01-03
+==================
+
+  * Initial release

Makefile

@@ -0,0 +1,28 @@
+REPORTER = dot
+
+install:
+	npm install
+
+dev:
+	cake dev
+
+build:
+	cake build
+
+test:
+	cake test
+
+tdd:
+	mocha -c -w -b --compilers coffee:coffee-script
+
+gen_test_keys:
+	# openssl genrsa -des3 -passout pass:nosecret -out privkey.pem 2048
+	# Generate the RSA keys and certificate
+	openssl req -x509 -nodes -days 365 -newkey rsa:2048 -sha1 -subj \
+		'/C=US/ST=CA/L=San Francisco /CN=www.hashgo.com' -keyout \
+		test/mytest-rsakey.pem -out test/mytest-rsacert.pem
+	openssl pkcs12 -passout pass:notasecret -export -in test/mytest-rsacert.pem -inkey test/mytest-rsakey.pem -out test/test-myrsacert.pi12 -name "Testing PKCS12 Certificate"
+
+all: install build test
+
+.PHONY: all 

Readme.md

@@ -0,0 +1,44 @@
+
+# Jot
+
+  Node.js implementation of JSON Web Token (JWT) with support for signatures (JWS), encryption (JWE) and web keys (JWK). 
+
+  "*JSON Web Token (JWT) is a means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that may be digitally signed using JSON Web Signature (JWS) and/or encrypted using JSON Web Encryption (JWE).*"
+
+  The suggested pronunciation of JWT is the same as the English word "jot".
+
+  This package implements the following IETF drafts:
+
+* [JWT](http://tools.ietf.org/html/draft-jones-json-web-token-10) draft-jones-json-web-token-10
+* [JWA](https://www.ietf.org/id/draft-ietf-jose-json-web-algorithms-02.txt) draft-ietf-jose-json-web-algorithms-02
+* [JWS](http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-02) draft-ietf-jose-json-web-signature-02
+* [JWE](http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-02) draft-ietf-jose-json-web-encryption-02
+* [JWK](http://tools.ietf.org/html/draft-ietf-jose-json-web-key-02) draft-ietf-jose-json-web-key-02
+
+## Dependencies
+Pleae review the `pacagke.json` for the full set of dependencies.
+
+## License 
+
+(The MIT License)
+
+Copyright (c) 2012 Bernardo <bernardo.gomezpalacio@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

index.js

@@ -0,0 +1,2 @@
+
+module.exports = require('./lib/jot');

package.json

@@ -0,0 +1,18 @@
+{
+  "name": "jot",
+  "version": "0.0.1",
+  "description": "Node implementation of JSON Web Token (JWT) with support for signatures (JWS), encryption (JWE) and web keys (JWK). ",
+  "keywords": [ "jwt", "jws", "jwe", "jwk" ],
+  "author": "Bernardo <bernardo.gomezpalacio@gmail.com>",
+  "dependencies": {
+    "node-base64": "0.0.1"
+  },
+  "devDependencies": {
+    "mocha": "*",
+    "should": "*"
+  },
+  "engines" : {
+    "node" : "0.8.*"
+  },
+  "main": "index"
+}

src/jwa.coffee

@@ -0,0 +1,136 @@
+crypto      = require "crypto"
+querystring = require "querystring"
+
+#
+# Based on [JSON Web Algorithms (JWA) v02](https://www.ietf.org/id/draft-ietf-jose-json-web-algorithms-02.txt)
+#
+# The JSON Web Algorithms (JWA) specification enumerates cryptographic
+# algorithms and identifiers to be used with the JSON Web Signature
+# (JWS) [JWS] and JSON Web Encryption (JWE) [JWE] specifications.
+# Enumerating the algorithms and identifiers for them in this
+# specification, rather than in the JWS and JWE specifications, is
+# intended to allow them to remain unchanged in the face of changes in
+# the set of required, recommended, optional, and deprecated algorithms
+# over time.  This specification also describes the semantics and
+# operations that are specific to these algorithms and algorithm
+# families.
+#
+#
+#
+#   +--------------------+----------------------------------------------+
+#   | alg Parameter      | Digital Signature or MAC Algorithm           |
+#   | Value              |                                              |
+#   +--------------------+----------------------------------------------+
+#   | HS256              | HMAC using SHA-256 hash algorithm            |
+#   | HS384              | HMAC using SHA-384 hash algorithm            |
+#   | HS512              | HMAC using SHA-512 hash algorithm            |
+#   | RS256              | RSA using SHA-256 hash algorithm             |
+#   | RS384              | RSA using SHA-384 hash algorithm             |
+#   | RS512              | RSA using SHA-512 hash algorithm             |
+#   | ES256              | ECDSA using P-256 curve and SHA-256 hash     |
+#   |                    | algorithm                                    |
+#   | ES384              | ECDSA using P-384 curve and SHA-384 hash     |
+#   |                    | algorithm                                    |
+#   | ES512              | ECDSA using P-521 curve and SHA-512 hash     |
+#   |                    | algorithm                                    |
+#   | none               | No digital signature or MAC value included   |
+#   +--------------------+----------------------------------------------+
+#
+#  Of these algorithms, only HMAC SHA-256 and "none" MUST be implemented
+#  by conforming JWS implementations.  It is RECOMMENDED that
+#  implementations also support the RSA SHA-256 and ECDSA P-256 SHA-256
+#  algorithms.  Support for other algorithms and key sizes is OPTIONAL.
+#
+
+class HMACAlgorithm
+
+  _algOssl =
+    HS256 : "SHA256"
+    HS384 : "SHA384"
+    HS512 : "SHA512"
+
+    #
+    # Creates and returns a hmac object, a cryptographic hmac with the given algorithm and key.
+    # algorithm is dependent on the available algorithms supported by OpenSSL - see createHash above. key is the hmac key to be used.
+    #
+  constructor: (@alg = "HS256" , @key) ->
+    osslAlg = _algOssl[@alg]
+    new Error "Algorithm #{alg} is not supported by the specification." unless osslAlg
+    try
+      @hmac = crypto.createHmac osslAlg, @key
+    catch error
+      throw new Error "HMAC does not support algorithm #{@alg} => #{osslAlg}!"
+
+  update: (data) ->
+    throw new Error "There is no reference to the hmac object!" unless @hmac
+    @hmac.update data
+    @
+
+  digest: (encoding = "base64") ->
+    throw new Error "There is no reference to the hmac object!" unless @hmac
+    querystring.escape @hmac.digest(encoding)
+
+  sign: (encoding) -> @digest(encoding)
+
+
+module.exports.HMACAlgorithm =  HMACAlgorithm
+
+class SigningAlgorithm
+
+  _createSigner = (alg) ->
+    try
+      @signer = crypto.createSign(alg)
+    catch error
+      throw new Error "Unable to create a signer with algorithm #{alg}!"
+
+  _createVerifier = (alg) ->
+    try
+      verifier = crypto.createVerifier(alg)
+      return verifier
+    catch error
+      throw new Error "Unable to create a verifier with algorithm #{alg}!"
+
+  _assertSigner = () ->
+    throw new Error "The `signer` reference is undefined!" unless @signer
+
+  constructor: (@alg = "RSA-SHA256", @key_PEM) ->
+    _createSigner(@alg)
+
+  update: (data) ->
+    _assertSigner()
+    @signer.update data
+
+  sign: (format = "base64") ->
+    _assertSigner()
+    @signer.sign(@key_PEM, format)
+
+  verify: (publicKey, data, format) ->
+    verifier = _createVerifier(@alg)
+    @keyPEM.verifyString(@data, b64urltohex(sig))
+
+class VerifierAlgorithm
+
+  _createVerifier = (alg) ->
+    try
+      verifier = crypto.createVerifier(alg)
+      return verifier
+    catch error
+      throw new Error "Unable to create a verifier with algorithm #{alg}!"
+
+  _assertState = () ->
+    throw new Error "The `verifier` reference is undefined!" unless @verifier
+
+  constructor: (@alg = "RSA-SHA256") ->
+    _createVerifier(@alg)
+
+  update: (data) ->
+    _assertState()
+    @verifier.update data
+
+  verify: (objPEM, signature, format = "base64") ->
+    _assertState()
+    @verifier.verify(objPEM, signature, format)
+
+
+
+