Adds unit testing for jws
This commit is contained in:
35
jwt/jws.go
35
jwt/jws.go
@@ -14,7 +14,11 @@ func EncodeJWS(j *JOSE, v interface{}, s Signer) ([]byte, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
j.Algorithm = s.Algorithm()
|
||||
if s != nil {
|
||||
j.Algorithm = s.Algorithm()
|
||||
} else {
|
||||
j.Algorithm = "none"
|
||||
}
|
||||
|
||||
header, err := j.EncodeJSON()
|
||||
if err != nil {
|
||||
@@ -24,17 +28,17 @@ func EncodeJWS(j *JOSE, v interface{}, s Signer) ([]byte, error) {
|
||||
//Allocate a buffer long enough for all payload
|
||||
res := make([]byte, Base64EncodedBufferLen(len(header))+Base64EncodedBufferLen(len(payload))+2)
|
||||
base64.URLEncoding.Encode(res, header)
|
||||
lengthHeader := Base64EncodedStrippedLen(len(res))
|
||||
lengthHeader := Base64EncodedStrippedLen(len(header))
|
||||
res[lengthHeader] = '.'
|
||||
base64.URLEncoding.Encode(res[lengthHeader+1:], payload)
|
||||
fullPayloadLength := Base64EncodedBufferLen(len(payload)) + 1 + lengthHeader
|
||||
fullPayloadLength := Base64EncodedStrippedLen(len(payload)) + 1 + lengthHeader
|
||||
res[fullPayloadLength] = '.'
|
||||
|
||||
if s == nil {
|
||||
// unprotected jws, not signing it
|
||||
return res[:fullPayloadLength+1], nil
|
||||
}
|
||||
signature, err := s.Sign(res)
|
||||
signature, err := s.Sign(res[:fullPayloadLength])
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -111,9 +115,16 @@ func DecodeJWS(data []byte, v interface{}, s Signer) error {
|
||||
signature := make([]byte, Base64DecodedLenFromStripped(signatureLength))
|
||||
signedLength := headerLength + payloadLength + 1
|
||||
Base64Decode(signature, data[signedLength+1:])
|
||||
signature = signature[:Base64DecodedStrippedLen(signatureLength)]
|
||||
|
||||
if err := s.Verify(data[:signedLength], signature); err != nil {
|
||||
return err
|
||||
if s != nil {
|
||||
if err := s.Verify(data[:signedLength], signature); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
if signatureLength != 0 {
|
||||
return fmt.Errorf("jws: Invalid JWS, got a signature, but none expected")
|
||||
}
|
||||
}
|
||||
|
||||
//decode jose
|
||||
@@ -122,12 +133,18 @@ func DecodeJWS(data []byte, v interface{}, s Signer) error {
|
||||
return err
|
||||
}
|
||||
|
||||
if jose.Algorithm != s.Algorithm() {
|
||||
return fmt.Errorf("jws: Mismatched signing algorithm got %s, expected %s", jose.Algorithm, s.Algorithm())
|
||||
algo := "none"
|
||||
if s != nil {
|
||||
algo = s.Algorithm()
|
||||
}
|
||||
|
||||
if jose.Algorithm != algo {
|
||||
return fmt.Errorf("jws: Mismatched signing algorithm got %s, expected %s", jose.Algorithm, algo)
|
||||
}
|
||||
|
||||
payload := make([]byte, Base64DecodedLenFromStripped(payloadLength))
|
||||
Base64Decode(payload, data[headerLength+1:signatureLength])
|
||||
Base64Decode(payload, data[headerLength+1:headerLength+1+payloadLength])
|
||||
payload = payload[:Base64DecodedStrippedLen(payloadLength)]
|
||||
//data is safe, just need to decode it.
|
||||
return json.Unmarshal(payload, v)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user