3.2.2 release

ChangeLog.txt

@@ -1,6 +1,11 @@
 
 ChangeLog for jsjws
 
+* 3.2.2 Release (2015-Apr-26)
+ - isSafeJSONString undefined bugfix
+ - readSafeJSONString undefined bugfix
+ - sample codes bugfix
+
 * 3.2.0 Release (2015-Apr-19)
  - JWS.verify method updated to mitigate signature replacement
    attacks:

index.html

@@ -23,7 +23,7 @@ <h2 id="project_tagline">jsjws : pure JavaScript implementation of JWT ( JSON We
             <a class="tar_download_link" href="https://github.com/kjur/jsjws/tarball/master">Download this project as a tar.gz file</a>
           </section>
           <a href="http://kjur.github.io/jsjws/">TOP</a> | 
-          <a href="https://github.com/kjur/jsjws/tags/" target="_blank">DOWNLOADS</a> | 
+          <a href="https://github.com/kjur/jsjws/releases" target="_blank">DOWNLOADS</a> | 
           <a href="https://github.com/kjur/jsjws/wiki#programming-tutorial">TUTORIALS</a> | 
           <a href="http://kjur.github.io/jsjws/api/" target="_blank">API REFERENCE</a> | 
           <a href="http://kjur.github.io/jsjws/index.html#demo" target="_blank">DEMOS</a> | 
@@ -66,6 +66,10 @@ <h3>FEATURES</h3>
 
 <h3>NEWS</h3>
 <dl>
+<dt><b>2015-Apr-26</b>: 
+<dd>
+3.2.2 released. Bugfix release for safe JSON strings and samples..
+
 <dt><b>2015-Apr-19</b>: 
 <dd>
 3.2.0 released. Mitigation for some signature replacement attacks in <a href="http://kjur.github.io/jsjws/api/symbols/KJUR.jws.JWS.html#.verify">JWS.verify</a>.
@@ -150,16 +154,9 @@ <h3>DOWNLOAD</h3>
 </li>
 <li>Alternatively, you can download a zip file for the
 <a href="https://github.com/kjur/jsjws/archive/master.zip">latest development version</a> 
-or a <a href="https://github.com/kjur/jsjws/tags/">previous releases</a>.
+or a <a href="https://github.com/kjur/jsjws/releases">previous releases</a>.
 </li>
 </ul>
-
-<ul>
-<li><a href="jsjws-1.2.tgz">Release 1.2 (jsjws-1.2.tgz)</a>: May 21, 2012 - JWS-JS support</li>
-<li><a href="jsjws-1.1.tgz">Release 1.1 (jsjws-1.1.tgz)</a>: May 07, 2012 - UTF-8, X.509 certificate and PKCS#1 private key support</li>
-<li><a href="jsjws-1.0.1.tgz">Release 1.0.1 (jsjws-1.0.1.tgz)</a>: May 06, 2012 - API document added</li>
-<li><a href="jsjws-1.0.tgz">Release 1.0 (jsjws-1.0.tgz)</a>: May 04, 2012 - First release</li>
-</ul>
 <a href="http://github.com/kjur/jsjws/blob/master/ChangeLog.txt">See 'ChangeLog.txt' in detail.</a>
 
 <h3><a href="api/">API DOCUMENT</a></h3>

jws-3.2.js

@@ -1,9 +1,9 @@
-/*! jws-3.2.1 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsjws/license
+/*! jws-3.2.2 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsjws/license
  */
 /*
  * jws.js - JSON Web Signature Class
  *
- * version: 3.2.1 (2015 Apr 19)
+ * version: 3.2.2 (2015 Apr 26)
  *
  * Copyright (c) 2010-2015 Kenji Urushima ([email protected])
  *
@@ -18,7 +18,7 @@
  * @fileOverview
  * @name jws-3.2.js
  * @author Kenji Urushima [email protected]
- * @version 3.2.1 (2015-Apr-19)
+ * @version 3.2.2 (2015-Apr-26)
  * @since jsjws 1.0
  * @license <a href="http://kjur.github.io/jsjws/license/">MIT License</a>
  */
@@ -69,6 +69,7 @@ if (typeof KJUR.jws == "undefined" || !KJUR.jws) KJUR.jws = {};
  * NOTE1: HS384 is supported since jsjws 3.0.2 with jsrsasign 4.1.4.<br/>
  */
 KJUR.jws.JWS = function() {
+	var ns1 = KJUR.jws.JWS;
 
     // === utility =============================================================
 
@@ -112,7 +113,7 @@ KJUR.jws.JWS = function() {
 	this.parsedJWS.headS = sHead;
 	this.parsedJWS.payloadS = sPayload;
 
-	if (! this.isSafeJSONString(sHead, this.parsedJWS, 'headP'))
+	if (! ns1.isSafeJSONString(sHead, this.parsedJWS, 'headP'))
 	    throw "malformed JSON string for JWS Head: " + sHead;
     };
 
@@ -273,7 +274,7 @@ KJUR.jws.JWS = function() {
      * @deprecated from 3.0.0 please move to {@link KJUR.jws.JWS.sign}
      */
     this.generateJWSByNED = function(sHead, sPayload, hN, hE, hD) {
-	if (! this.isSafeJSONString(sHead)) throw "JWS Head is not safe JSON string: " + sHead;
+	if (! ns1.isSafeJSONString(sHead)) throw "JWS Head is not safe JSON string: " + sHead;
 	var sSI = _getSignatureInputByString(sHead, sPayload);
 	var hSigValue = _jws_generateSignatureValueBySI_NED(sHead, sPayload, sSI, hN, hE, hD);
 	var b64SigValue = hextob64u(hSigValue);
@@ -302,7 +303,7 @@ KJUR.jws.JWS = function() {
      */
     this.generateJWSByKey = function(sHead, sPayload, key) {
 	var obj = {};
-	if (!this.isSafeJSONString(sHead, obj, 'headP'))
+	if (! ns1.isSafeJSONString(sHead, obj, 'headP'))
 	    throw "JWS Head is not safe JSON string: " + sHead;
 	var sSI = _getSignatureInputByString(sHead, sPayload);
 	var b64SigValue = _jws_generateSignatureValueBySI_Key(sHead, sPayload, sSI, key, obj.headP);
@@ -341,7 +342,7 @@ KJUR.jws.JWS = function() {
      * @deprecated from 3.0.0 please move to {@link KJUR.jws.JWS.sign}
      */
     this.generateJWSByP1PrvKey = function(sHead, sPayload, sPemPrvKey) {
-	if (! this.isSafeJSONString(sHead)) throw "JWS Head is not safe JSON string: " + sHead;
+	if (! ns1.isSafeJSONString(sHead)) throw "JWS Head is not safe JSON string: " + sHead;
 	var sSI = _getSignatureInputByString(sHead, sPayload);
 	var hSigValue = _jws_generateSignatureValueBySI_PemPrvKey(sHead, sPayload, sSI, sPemPrvKey);
 	var b64SigValue = hextob64u(hSigValue);
@@ -652,13 +653,13 @@ KJUR.jws.JWS.jwsalg2sigalg = {
 KJUR.jws.JWS.isSafeJSONString = function(s, h, p) {
     var o = null;
     try {
-	o = jsonParse(s);
-	if (typeof o != "object") return 0;
-	if (o.constructor === Array) return 0;
-	if (h) h[p] = o;
-	return 1;
+		o = jsonParse(s);
+		if (typeof o != "object") return 0;
+		if (o.constructor === Array) return 0;
+		if (h) h[p] = o;
+		return 1;
     } catch (ex) {
-	return 0;
+		return 0;
     }
 };
 
@@ -677,12 +678,12 @@ KJUR.jws.JWS.isSafeJSONString = function(s, h, p) {
 KJUR.jws.JWS.readSafeJSONString = function(s) {
     var o = null;
     try {
-	o = jsonParse(s);
-	if (typeof o != "object") return null;
-	if (o.constructor === Array) return null;
-	return o;
+		o = jsonParse(s);
+		if (typeof o != "object") return null;
+		if (o.constructor === Array) return null;
+		return o;
     } catch (ex) {
-	return null;
+		return null;
     }
 };
 

jwsjs-2.0.js

@@ -1,11 +1,11 @@
-/*! jwsjs-2.0.0 (c) 2013 Kenji Urushima | kjur.github.com/jsjws/license
+/*! jwsjs-2.0.1 (c) 2010-2015 Kenji Urushima | kjur.github.com/jsjws/license
  */
 /*
  * jwsjs.js - JSON Web Signature JSON Serialization (JWSJS) Class
  *
- * version: 2.0.0 (2013 Jul 20)
+ * version: 2.0.1 (2015 Apr 26)
  *
- * Copyright (c) 2010-2013 Kenji Urushima ([email protected])
+ * Copyright (c) 2010-2015 Kenji Urushima ([email protected])
  *
  * This software is licensed under the terms of the MIT License.
  * http://kjur.github.com/jsjws/license/
@@ -18,7 +18,7 @@
  * @fileOverview
  * @name jwsjs-2.0.js
  * @author Kenji Urushima [email protected]
- * @version 2.0.0 (2013 Jul 20)
+ * @version 2.0.1 (2015 Apr 26)
  * @since jsjws 1.2
  * @license <a href="http://kjur.github.io/jsjws/license/">MIT License</a>
  */
@@ -41,6 +41,8 @@ if (typeof KJUR.jws == "undefined" || !KJUR.jws) KJUR.jws = {};
  * @see <a href="http://tools.ietf.org/html/draft-jones-json-web-signature-json-serialization-01">IETF I-D JSON Web Signature JSON Serialization (JWS-JS) specification</a>
  */
 KJUR.jws.JWSJS = function() {
+	var ns1 = KJUR.jws.JWS;
+
     this.aHeader = [];
     this.sPayload = "";
     this.aSignature = [];
@@ -53,9 +55,9 @@ KJUR.jws.JWSJS = function() {
      * @function
      */
     this.init = function() {
-	this.aHeader = [];
-	this.sPayload = "";
-	this.aSignature = [];
+		this.aHeader = [];
+		this.sPayload = "";
+		this.aSignature = [];
     };
 
     /**
@@ -66,14 +68,14 @@ KJUR.jws.JWSJS = function() {
      * @function
      */
     this.initWithJWS = function(sJWS) {
-	this.init();
+		this.init();
 
-	var jws = new KJUR.jws.JWS();
-	jws.parseJWS(sJWS);
+		var jws = new KJUR.jws.JWS();
+		jws.parseJWS(sJWS);
 
-	this.aHeader.push(jws.parsedJWS.headB64U);
-	this.sPayload = jws.parsedJWS.payloadB64U;
-	this.aSignature.push(jws.parsedJWS.sigvalB64U);
+		this.aHeader.push(jws.parsedJWS.headB64U);
+		this.sPayload = jws.parsedJWS.payloadB64U;
+		this.aSignature.push(jws.parsedJWS.sigvalB64U);
     };
 
     // == add signature ===================================================================
@@ -86,13 +88,13 @@ KJUR.jws.JWSJS = function() {
      * @param {String} sPemPrvKey string of PKCS1 private key
      */
     this.addSignatureByHeaderKey = function(sHead, sPemPrvKey) {
-	var sPayload = b64utoutf8(this.sPayload);
+		var sPayload = b64utoutf8(this.sPayload);
 
-	var jws = new KJUR.jws.JWS();
-	var sJWS = jws.generateJWSByP1PrvKey(sHead, sPayload, sPemPrvKey);
+		var jws = new KJUR.jws.JWS();
+		var sJWS = jws.generateJWSByP1PrvKey(sHead, sPayload, sPemPrvKey);
 
-	this.aHeader.push(jws.parsedJWS.headB64U);
-	this.aSignature.push(jws.parsedJWS.sigvalB64U);
+		this.aHeader.push(jws.parsedJWS.headB64U);
+		this.aSignature.push(jws.parsedJWS.sigvalB64U);
     };
 
     /**
@@ -106,12 +108,12 @@ KJUR.jws.JWSJS = function() {
      * @param {String} sPemPrvKey string of PKCS1 private key
      */
     this.addSignatureByHeaderPayloadKey = function(sHead, sPayload, sPemPrvKey) {
-	var jws = new KJUR.jws.JWS();
-	var sJWS = jws.generateJWSByP1PrvKey(sHead, sPayload, sPemPrvKey);
+		var jws = new KJUR.jws.JWS();
+		var sJWS = jws.generateJWSByP1PrvKey(sHead, sPayload, sPemPrvKey);
 
-	this.aHeader.push(jws.parsedJWS.headB64U);
-	this.sPayload = jws.parsedJWS.payloadB64U;
-	this.aSignature.push(jws.parsedJWS.sigvalB64U);
+		this.aHeader.push(jws.parsedJWS.headB64U);
+		this.sPayload = jws.parsedJWS.payloadB64U;
+		this.aSignature.push(jws.parsedJWS.sigvalB64U);
     };
 
     // == verify signature ===================================================================
@@ -125,53 +127,52 @@ KJUR.jws.JWSJS = function() {
      * @throw if JWS-JS signature is invalid.
      */
     this.verifyWithCerts = function(aCert) {
-	if (this.aHeader.length != aCert.length) 
-	    throw "num headers does not match with num certs";
-	if (this.aSignature.length != aCert.length) 
-	    throw "num signatures does not match with num certs";
-
-	var payload = this.sPayload;
-	var errMsg = "";
-	for (var i = 0; i < aCert.length; i++) {
-	    var cert = aCert[i];
-	    var header = this.aHeader[i];
-	    var sig = this.aSignature[i];
-	    var sJWS = header + "." + payload + "." + sig;
-
-	    var jws = new KJUR.jws.JWS();
-	    try {
-		var result = jws.verifyJWSByPemX509Cert(sJWS, cert);
-		if (result != 1) {
-		    errMsg += (i + 1) + "th signature unmatch. ";
+		if (this.aHeader.length != aCert.length) 
+			throw "num headers does not match with num certs";
+		if (this.aSignature.length != aCert.length) 
+			throw "num signatures does not match with num certs";
+
+		var payload = this.sPayload;
+		var errMsg = "";
+		for (var i = 0; i < aCert.length; i++) {
+			var cert = aCert[i];
+			var header = this.aHeader[i];
+			var sig = this.aSignature[i];
+			var sJWS = header + "." + payload + "." + sig;
+
+			var jws = new KJUR.jws.JWS();
+			try {
+				var result = jws.verifyJWSByPemX509Cert(sJWS, cert);
+				if (result != 1) {
+					errMsg += (i + 1) + "th signature unmatch. ";
+				}
+			} catch (ex) {
+				errMsg += (i + 1) + "th signature fail(" + ex + "). ";
+			}
+		}
+
+		if (errMsg == "") {
+			return 1;
+		} else {
+			throw errMsg;
 		}
-	    } catch (ex) {
-		errMsg += (i + 1) + "th signature fail(" + ex + "). ";
-	    }
-	}
-
-	if (errMsg == "") {
-	    return 1;
-	} else {
-	    throw errMsg;
-	}
     };
 
     /**
      * read JWS-JS string.<br/>
-     * @name readJWSJS
+     * @name raedJWSJS
      * @memberOf KJUR.jws.JWSJS
      * @function
      * @param {String} string of JWS-JS to load.
      * @throw if sJWSJS is malformed or not JSON string.
      */
     this.readJWSJS = function(sJWSJS) {
-	var jws = new KJUR.jws.JWS();
-	var oJWSJS = jws.readSafeJSONString(sJWSJS);
-	if (oJWSJS == null) throw "argument is not JSON string: " + sJWSJS;
+		var oJWSJS = ns1.readSafeJSONString(sJWSJS);
+		if (oJWSJS == null) throw "argument is not JSON string: " + sJWSJS;
 
-	this.aHeader = oJWSJS.headers;
-	this.sPayload = oJWSJS.payload;
-	this.aSignature = oJWSJS.signatures;
+		this.aHeader = oJWSJS.headers;
+		this.sPayload = oJWSJS.payload;
+		this.aSignature = oJWSJS.signatures;
     };
 
     // == utility ===================================================================
@@ -182,9 +183,9 @@ KJUR.jws.JWSJS = function() {
      * @function
      */
     this.getJSON = function() {
-	return { "headers": this.aHeader,
-		 "payload": this.sPayload,
-		 "signatures": this.aSignature }; 
+		return { "headers": this.aHeader,
+				 "payload": this.sPayload,
+				 "signatures": this.aSignature }; 
     };
 
     /**
@@ -195,8 +196,8 @@ KJUR.jws.JWSJS = function() {
      * @return 1 if there is no signatures in this object, otherwise 0.
      */
     this.isEmpty = function() {
-	if (this.aHeader.length == 0) return 1; 
-	return 0;
+		if (this.aHeader.length == 0) return 1; 
+		return 0;
     };
 };