summaryrefslogtreecommitdiff
path: root/vendor/gopkg.in/square/go-jose.v2/jwe.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/gopkg.in/square/go-jose.v2/jwe.go')
-rw-r--r--vendor/gopkg.in/square/go-jose.v2/jwe.go291
1 files changed, 0 insertions, 291 deletions
diff --git a/vendor/gopkg.in/square/go-jose.v2/jwe.go b/vendor/gopkg.in/square/go-jose.v2/jwe.go
deleted file mode 100644
index f2176cfb0..000000000
--- a/vendor/gopkg.in/square/go-jose.v2/jwe.go
+++ /dev/null
@@ -1,291 +0,0 @@
-/*-
- * Copyright 2014 Square Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package jose
-
-import (
- "encoding/base64"
- "encoding/json"
- "fmt"
- "strings"
-)
-
-// rawJSONWebEncryption represents a raw JWE JSON object. Used for parsing/serializing.
-type rawJSONWebEncryption struct {
- Protected *byteBuffer `json:"protected,omitempty"`
- Unprotected *rawHeader `json:"unprotected,omitempty"`
- Header *rawHeader `json:"header,omitempty"`
- Recipients []rawRecipientInfo `json:"recipients,omitempty"`
- Aad *byteBuffer `json:"aad,omitempty"`
- EncryptedKey *byteBuffer `json:"encrypted_key,omitempty"`
- Iv *byteBuffer `json:"iv,omitempty"`
- Ciphertext *byteBuffer `json:"ciphertext,omitempty"`
- Tag *byteBuffer `json:"tag,omitempty"`
-}
-
-// rawRecipientInfo represents a raw JWE Per-Recipient header JSON object. Used for parsing/serializing.
-type rawRecipientInfo struct {
- Header *rawHeader `json:"header,omitempty"`
- EncryptedKey string `json:"encrypted_key,omitempty"`
-}
-
-// JSONWebEncryption represents an encrypted JWE object after parsing.
-type JSONWebEncryption struct {
- Header Header
- protected, unprotected *rawHeader
- recipients []recipientInfo
- aad, iv, ciphertext, tag []byte
- original *rawJSONWebEncryption
-}
-
-// recipientInfo represents a raw JWE Per-Recipient header JSON object after parsing.
-type recipientInfo struct {
- header *rawHeader
- encryptedKey []byte
-}
-
-// GetAuthData retrieves the (optional) authenticated data attached to the object.
-func (obj JSONWebEncryption) GetAuthData() []byte {
- if obj.aad != nil {
- out := make([]byte, len(obj.aad))
- copy(out, obj.aad)
- return out
- }
-
- return nil
-}
-
-// Get the merged header values
-func (obj JSONWebEncryption) mergedHeaders(recipient *recipientInfo) rawHeader {
- out := rawHeader{}
- out.merge(obj.protected)
- out.merge(obj.unprotected)
-
- if recipient != nil {
- out.merge(recipient.header)
- }
-
- return out
-}
-
-// Get the additional authenticated data from a JWE object.
-func (obj JSONWebEncryption) computeAuthData() []byte {
- var protected string
-
- if obj.original != nil {
- protected = obj.original.Protected.base64()
- } else {
- protected = base64.RawURLEncoding.EncodeToString(mustSerializeJSON((obj.protected)))
- }
-
- output := []byte(protected)
- if obj.aad != nil {
- output = append(output, '.')
- output = append(output, []byte(base64.RawURLEncoding.EncodeToString(obj.aad))...)
- }
-
- return output
-}
-
-// ParseEncrypted parses an encrypted message in compact or full serialization format.
-func ParseEncrypted(input string) (*JSONWebEncryption, error) {
- input = stripWhitespace(input)
- if strings.HasPrefix(input, "{") {
- return parseEncryptedFull(input)
- }
-
- return parseEncryptedCompact(input)
-}
-
-// parseEncryptedFull parses a message in compact format.
-func parseEncryptedFull(input string) (*JSONWebEncryption, error) {
- var parsed rawJSONWebEncryption
- err := json.Unmarshal([]byte(input), &parsed)
- if err != nil {
- return nil, err
- }
-
- return parsed.sanitized()
-}
-
-// sanitized produces a cleaned-up JWE object from the raw JSON.
-func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
- obj := &JSONWebEncryption{
- original: parsed,
- unprotected: parsed.Unprotected,
- }
-
- // Check that there is not a nonce in the unprotected headers
- if parsed.Unprotected != nil {
- if nonce := parsed.Unprotected.getNonce(); nonce != "" {
- return nil, ErrUnprotectedNonce
- }
- }
- if parsed.Header != nil {
- if nonce := parsed.Header.getNonce(); nonce != "" {
- return nil, ErrUnprotectedNonce
- }
- }
-
- if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 {
- err := json.Unmarshal(parsed.Protected.bytes(), &obj.protected)
- if err != nil {
- return nil, fmt.Errorf("square/go-jose: invalid protected header: %s, %s", err, parsed.Protected.base64())
- }
- }
-
- // Note: this must be called _after_ we parse the protected header,
- // otherwise fields from the protected header will not get picked up.
- var err error
- mergedHeaders := obj.mergedHeaders(nil)
- obj.Header, err = mergedHeaders.sanitized()
- if err != nil {
- return nil, fmt.Errorf("square/go-jose: cannot sanitize merged headers: %v (%v)", err, mergedHeaders)
- }
-
- if len(parsed.Recipients) == 0 {
- obj.recipients = []recipientInfo{
- {
- header: parsed.Header,
- encryptedKey: parsed.EncryptedKey.bytes(),
- },
- }
- } else {
- obj.recipients = make([]recipientInfo, len(parsed.Recipients))
- for r := range parsed.Recipients {
- encryptedKey, err := base64.RawURLEncoding.DecodeString(parsed.Recipients[r].EncryptedKey)
- if err != nil {
- return nil, err
- }
-
- // Check that there is not a nonce in the unprotected header
- if parsed.Recipients[r].Header != nil && parsed.Recipients[r].Header.getNonce() != "" {
- return nil, ErrUnprotectedNonce
- }
-
- obj.recipients[r].header = parsed.Recipients[r].Header
- obj.recipients[r].encryptedKey = encryptedKey
- }
- }
-
- for _, recipient := range obj.recipients {
- headers := obj.mergedHeaders(&recipient)
- if headers.getAlgorithm() == "" || headers.getEncryption() == "" {
- return nil, fmt.Errorf("square/go-jose: message is missing alg/enc headers")
- }
- }
-
- obj.iv = parsed.Iv.bytes()
- obj.ciphertext = parsed.Ciphertext.bytes()
- obj.tag = parsed.Tag.bytes()
- obj.aad = parsed.Aad.bytes()
-
- return obj, nil
-}
-
-// parseEncryptedCompact parses a message in compact format.
-func parseEncryptedCompact(input string) (*JSONWebEncryption, error) {
- parts := strings.Split(input, ".")
- if len(parts) != 5 {
- return nil, fmt.Errorf("square/go-jose: compact JWE format must have five parts")
- }
-
- rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
- if err != nil {
- return nil, err
- }
-
- encryptedKey, err := base64.RawURLEncoding.DecodeString(parts[1])
- if err != nil {
- return nil, err
- }
-
- iv, err := base64.RawURLEncoding.DecodeString(parts[2])
- if err != nil {
- return nil, err
- }
-
- ciphertext, err := base64.RawURLEncoding.DecodeString(parts[3])
- if err != nil {
- return nil, err
- }
-
- tag, err := base64.RawURLEncoding.DecodeString(parts[4])
- if err != nil {
- return nil, err
- }
-
- raw := &rawJSONWebEncryption{
- Protected: newBuffer(rawProtected),
- EncryptedKey: newBuffer(encryptedKey),
- Iv: newBuffer(iv),
- Ciphertext: newBuffer(ciphertext),
- Tag: newBuffer(tag),
- }
-
- return raw.sanitized()
-}
-
-// CompactSerialize serializes an object using the compact serialization format.
-func (obj JSONWebEncryption) CompactSerialize() (string, error) {
- if len(obj.recipients) != 1 || obj.unprotected != nil ||
- obj.protected == nil || obj.recipients[0].header != nil {
- return "", ErrNotSupported
- }
-
- serializedProtected := mustSerializeJSON(obj.protected)
-
- return fmt.Sprintf(
- "%s.%s.%s.%s.%s",
- base64.RawURLEncoding.EncodeToString(serializedProtected),
- base64.RawURLEncoding.EncodeToString(obj.recipients[0].encryptedKey),
- base64.RawURLEncoding.EncodeToString(obj.iv),
- base64.RawURLEncoding.EncodeToString(obj.ciphertext),
- base64.RawURLEncoding.EncodeToString(obj.tag)), nil
-}
-
-// FullSerialize serializes an object using the full JSON serialization format.
-func (obj JSONWebEncryption) FullSerialize() string {
- raw := rawJSONWebEncryption{
- Unprotected: obj.unprotected,
- Iv: newBuffer(obj.iv),
- Ciphertext: newBuffer(obj.ciphertext),
- EncryptedKey: newBuffer(obj.recipients[0].encryptedKey),
- Tag: newBuffer(obj.tag),
- Aad: newBuffer(obj.aad),
- Recipients: []rawRecipientInfo{},
- }
-
- if len(obj.recipients) > 1 {
- for _, recipient := range obj.recipients {
- info := rawRecipientInfo{
- Header: recipient.header,
- EncryptedKey: base64.RawURLEncoding.EncodeToString(recipient.encryptedKey),
- }
- raw.Recipients = append(raw.Recipients, info)
- }
- } else {
- // Use flattened serialization
- raw.Header = obj.recipients[0].header
- raw.EncryptedKey = newBuffer(obj.recipients[0].encryptedKey)
- }
-
- if obj.protected != nil {
- raw.Protected = newBuffer(mustSerializeJSON(obj.protected))
- }
-
- return string(mustSerializeJSON(raw))
-}