jwt · anakinj · Dec 28, 2024 · Dec 28, 2024
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -41,8 +41,6 @@ jobs:
           - "3.4"
         gemfile:
           - gemfiles/standalone.gemfile
-          - gemfiles/rbnacl.gemfile
-          - gemfiles/rbnacl_pre_6.gemfile
         experimental: [false]
         include:
           - os: ubuntu-20.04
@@ -64,11 +62,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Install libsodium
-        run: |
-          sudo apt-get update -q
-          sudo apt-get install libsodium-dev -y
-
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
@@ -96,7 +89,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Download coverage reports from the test job
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: coverage-reports
 

diff --git a/Appraisals b/Appraisals
@@ -8,13 +8,3 @@ appraise 'openssl' do
   gem 'openssl', '~> 2.1'
   remove_gem 'rubocop'
 end
-
-appraise 'rbnacl' do
-  gem 'rbnacl', '>= 6'
-  remove_gem 'rubocop'
-end
-
-appraise 'rbnacl_pre_6' do
-  gem 'rbnacl', '< 6'
-  remove_gem 'rubocop'
-end
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@
 **Breaking changes:**
 - Require token signature to be verified before accessing payload [#648](https://github.com/jwt/ruby-jwt/pull/648) ([@anakinj](https://github.com/anakinj))
 - Drop support for the HS512256 algorithm [#650](https://github.com/jwt/ruby-jwt/pull/650) ([@anakinj](https://github.com/anakinj))
+- Remove dependency to rbnacl [#655](https://github.com/jwt/ruby-jwt/pull/655) ([@anakinj](https://github.com/anakinj))
 
 Take a look at the [upgrade guide](UPGRADING.md) for more details.
 

diff --git a/gemfiles/rbnacl.gemfile b/gemfiles/rbnacl.gemfile
diff --git a/gemfiles/rbnacl_pre_6.gemfile b/gemfiles/rbnacl_pre_6.gemfile
diff --git a/lib/jwt/jwa.rb b/lib/jwt/jwa.rb
@@ -2,12 +2,6 @@
 
 require 'openssl'
 
-begin
-  require 'rbnacl'
-rescue LoadError
-  raise if defined?(RbNaCl)
-end
-
 require_relative 'jwa/compat'
 require_relative 'jwa/signing_algorithm'
 require_relative 'jwa/ecdsa'
@@ -18,8 +12,6 @@
 require_relative 'jwa/unsupported'
 require_relative 'jwa/wrapper'
 
-require_relative 'jwa/eddsa' if JWT.rbnacl?
-
 module JWT
   # The JWA module contains all supported algorithms.
   module JWA

diff --git a/lib/jwt/jwa/eddsa.rb b/lib/jwt/jwa/eddsa.rb
diff --git a/lib/jwt/jwk.rb b/lib/jwt/jwk.rb
@@ -53,4 +53,3 @@ def generate_mappings
 require_relative 'jwk/ec'
 require_relative 'jwk/rsa'
 require_relative 'jwk/hmac'
-require_relative 'jwk/okp_rbnacl' if JWT.rbnacl?
diff --git a/lib/jwt/jwk/okp_rbnacl.rb b/lib/jwt/jwk/okp_rbnacl.rb
diff --git a/lib/jwt/version.rb b/lib/jwt/version.rb
@@ -32,22 +32,6 @@ def self.openssl_3?
     true if 3 * 0x10000000 <= OpenSSL::OPENSSL_VERSION_NUMBER
   end
 
-  # Checks if the RbNaCl library is defined.
-  #
-  # @return [Boolean] true if RbNaCl is defined, false otherwise.
-  # @api private
-  def self.rbnacl?
-    defined?(::RbNaCl)
-  end
-
-  # Checks if the RbNaCl library version is 6.0.0 or greater.
-  #
-  # @return [Boolean] true if RbNaCl version is 6.0.0 or greater, false otherwise.
-  # @api private
-  def self.rbnacl_6_or_greater?
-    rbnacl? && ::Gem::Version.new(::RbNaCl::VERSION) >= ::Gem::Version.new('6.0.0')
-  end
-
   # Checks if there is an OpenSSL 3 HMAC empty key regression.
   #
   # @return [Boolean] true if there is an OpenSSL 3 HMAC empty key regression, false otherwise.

diff --git a/spec/integration/readme_examples_spec.rb b/spec/integration/readme_examples_spec.rb
@@ -65,21 +65,6 @@
       ]
     end
 
-    if defined?(RbNaCl)
-      it 'EDDSA' do
-        eddsa_key = RbNaCl::Signatures::Ed25519::SigningKey.generate
-        eddsa_public = eddsa_key.verify_key
-
-        token = JWT.encode payload, eddsa_key, 'ED25519'
-        decoded_token = JWT.decode token, eddsa_public, true, algorithm: 'ED25519'
-
-        expect(decoded_token).to eq [
-          { 'data' => 'test' },
-          { 'alg' => 'ED25519' }
-        ]
-      end
-    end
-
     if Gem::Version.new(OpenSSL::VERSION) >= Gem::Version.new('2.1')
       it 'RSASSA-PSS' do
         rsa_private = OpenSSL::PKey::RSA.generate 2048

diff --git a/spec/jwt/jwa/eddsa_spec.rb b/spec/jwt/jwa/eddsa_spec.rb
diff --git a/spec/jwt/jwk/decode_with_jwk_spec.rb b/spec/jwt/jwk/decode_with_jwk_spec.rb
@@ -162,23 +162,6 @@
           )
         end
       end
-
-      if defined?(RbNaCl)
-        context 'when OKP keys are used' do
-          before do
-            skip('Requires the rbnacl gem') unless JWT.rbnacl?
-          end
-
-          let(:keypair) { RbNaCl::Signatures::Ed25519::SigningKey.new(SecureRandom.hex) }
-          let(:algorithm) { 'ED25519' }
-
-          it 'decodes the token' do
-            key_loader = ->(_options) { JSON.parse(JSON.generate(public_jwks)) }
-            payload, _header = described_class.decode(signed_token, nil, true, { algorithms: [algorithm], jwks: key_loader })
-            expect(payload).to eq(token_payload)
-          end
-        end
-      end
     end
   end
 end