diff options
author | Christopher Speller <crspeller@gmail.com> | 2018-02-16 06:47:51 -0800 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2018-02-16 09:47:51 -0500 |
commit | 6d8f122a5160f6d9e4c51579f2429dfaa62c7271 (patch) | |
tree | 6e0242cd6709260abd74060a7ec7dc1381efa36e /vendor/gopkg.in/square/go-jose.v1/jws.go | |
parent | b112747de76f9c11c4d8083207049fac6e435019 (diff) | |
download | chat-6d8f122a5160f6d9e4c51579f2429dfaa62c7271.tar.gz chat-6d8f122a5160f6d9e4c51579f2429dfaa62c7271.tar.bz2 chat-6d8f122a5160f6d9e4c51579f2429dfaa62c7271.zip |
Upgrading server dependancies (#8308)
Diffstat (limited to 'vendor/gopkg.in/square/go-jose.v1/jws.go')
-rw-r--r-- | vendor/gopkg.in/square/go-jose.v1/jws.go | 272 |
1 files changed, 0 insertions, 272 deletions
diff --git a/vendor/gopkg.in/square/go-jose.v1/jws.go b/vendor/gopkg.in/square/go-jose.v1/jws.go deleted file mode 100644 index 04a2a1530..000000000 --- a/vendor/gopkg.in/square/go-jose.v1/jws.go +++ /dev/null @@ -1,272 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "errors" - "fmt" - "strings" - - "gopkg.in/square/go-jose.v1/json" -) - -// rawJsonWebSignature represents a raw JWS JSON object. Used for parsing/serializing. -type rawJsonWebSignature struct { - Payload *byteBuffer `json:"payload,omitempty"` - Signatures []rawSignatureInfo `json:"signatures,omitempty"` - Protected *byteBuffer `json:"protected,omitempty"` - Header *rawHeader `json:"header,omitempty"` - Signature *byteBuffer `json:"signature,omitempty"` -} - -// rawSignatureInfo represents a single JWS signature over the JWS payload and protected header. -type rawSignatureInfo struct { - Protected *byteBuffer `json:"protected,omitempty"` - Header *rawHeader `json:"header,omitempty"` - Signature *byteBuffer `json:"signature,omitempty"` -} - -// JsonWebSignature represents a signed JWS object after parsing. -type JsonWebSignature struct { - payload []byte - // Signatures attached to this object (may be more than one for multi-sig). - // Be careful about accessing these directly, prefer to use Verify() or - // VerifyMulti() to ensure that the data you're getting is verified. - Signatures []Signature -} - -// Signature represents a single signature over the JWS payload and protected header. -type Signature struct { - // Header fields, such as the signature algorithm - Header JoseHeader - - // The actual signature value - Signature []byte - - protected *rawHeader - header *rawHeader - original *rawSignatureInfo -} - -// ParseSigned parses a signed message in compact or full serialization format. -func ParseSigned(input string) (*JsonWebSignature, error) { - input = stripWhitespace(input) - if strings.HasPrefix(input, "{") { - return parseSignedFull(input) - } - - return parseSignedCompact(input) -} - -// Get a header value -func (sig Signature) mergedHeaders() rawHeader { - out := rawHeader{} - out.merge(sig.protected) - out.merge(sig.header) - return out -} - -// Compute data to be signed -func (obj JsonWebSignature) computeAuthData(signature *Signature) []byte { - var serializedProtected string - - if signature.original != nil && signature.original.Protected != nil { - serializedProtected = signature.original.Protected.base64() - } else if signature.protected != nil { - serializedProtected = base64URLEncode(mustSerializeJSON(signature.protected)) - } else { - serializedProtected = "" - } - - return []byte(fmt.Sprintf("%s.%s", - serializedProtected, - base64URLEncode(obj.payload))) -} - -// parseSignedFull parses a message in full format. -func parseSignedFull(input string) (*JsonWebSignature, error) { - var parsed rawJsonWebSignature - err := json.Unmarshal([]byte(input), &parsed) - if err != nil { - return nil, err - } - - return parsed.sanitized() -} - -// sanitized produces a cleaned-up JWS object from the raw JSON. -func (parsed *rawJsonWebSignature) sanitized() (*JsonWebSignature, error) { - if parsed.Payload == nil { - return nil, fmt.Errorf("square/go-jose: missing payload in JWS message") - } - - obj := &JsonWebSignature{ - payload: parsed.Payload.bytes(), - Signatures: make([]Signature, len(parsed.Signatures)), - } - - if len(parsed.Signatures) == 0 { - // No signatures array, must be flattened serialization - signature := Signature{} - if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 { - signature.protected = &rawHeader{} - err := json.Unmarshal(parsed.Protected.bytes(), signature.protected) - if err != nil { - return nil, err - } - } - - // Check that there is not a nonce in the unprotected header - if parsed.Header != nil && parsed.Header.Nonce != "" { - return nil, ErrUnprotectedNonce - } - - signature.header = parsed.Header - signature.Signature = parsed.Signature.bytes() - // Make a fake "original" rawSignatureInfo to store the unprocessed - // Protected header. This is necessary because the Protected header can - // contain arbitrary fields not registered as part of the spec. See - // https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4 - // If we unmarshal Protected into a rawHeader with its explicit list of fields, - // we cannot marshal losslessly. So we have to keep around the original bytes. - // This is used in computeAuthData, which will first attempt to use - // the original bytes of a protected header, and fall back on marshaling the - // header struct only if those bytes are not available. - signature.original = &rawSignatureInfo{ - Protected: parsed.Protected, - Header: parsed.Header, - Signature: parsed.Signature, - } - - signature.Header = signature.mergedHeaders().sanitized() - - // As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded. - jwk := signature.Header.JsonWebKey - if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) { - return nil, errors.New("square/go-jose: invalid embedded jwk, must be public key") - } - - obj.Signatures = append(obj.Signatures, signature) - } - - for i, sig := range parsed.Signatures { - if sig.Protected != nil && len(sig.Protected.bytes()) > 0 { - obj.Signatures[i].protected = &rawHeader{} - err := json.Unmarshal(sig.Protected.bytes(), obj.Signatures[i].protected) - if err != nil { - return nil, err - } - } - - // Check that there is not a nonce in the unprotected header - if sig.Header != nil && sig.Header.Nonce != "" { - return nil, ErrUnprotectedNonce - } - - obj.Signatures[i].Header = obj.Signatures[i].mergedHeaders().sanitized() - obj.Signatures[i].Signature = sig.Signature.bytes() - - // As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded. - jwk := obj.Signatures[i].Header.JsonWebKey - if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) { - return nil, errors.New("square/go-jose: invalid embedded jwk, must be public key") - } - - // Copy value of sig - original := sig - - obj.Signatures[i].header = sig.Header - obj.Signatures[i].original = &original - } - - return obj, nil -} - -// parseSignedCompact parses a message in compact format. -func parseSignedCompact(input string) (*JsonWebSignature, error) { - parts := strings.Split(input, ".") - if len(parts) != 3 { - return nil, fmt.Errorf("square/go-jose: compact JWS format must have three parts") - } - - rawProtected, err := base64URLDecode(parts[0]) - if err != nil { - return nil, err - } - - payload, err := base64URLDecode(parts[1]) - if err != nil { - return nil, err - } - - signature, err := base64URLDecode(parts[2]) - if err != nil { - return nil, err - } - - raw := &rawJsonWebSignature{ - Payload: newBuffer(payload), - Protected: newBuffer(rawProtected), - Signature: newBuffer(signature), - } - return raw.sanitized() -} - -// CompactSerialize serializes an object using the compact serialization format. -func (obj JsonWebSignature) CompactSerialize() (string, error) { - if len(obj.Signatures) != 1 || obj.Signatures[0].header != nil || obj.Signatures[0].protected == nil { - return "", ErrNotSupported - } - - serializedProtected := mustSerializeJSON(obj.Signatures[0].protected) - - return fmt.Sprintf( - "%s.%s.%s", - base64URLEncode(serializedProtected), - base64URLEncode(obj.payload), - base64URLEncode(obj.Signatures[0].Signature)), nil -} - -// FullSerialize serializes an object using the full JSON serialization format. -func (obj JsonWebSignature) FullSerialize() string { - raw := rawJsonWebSignature{ - Payload: newBuffer(obj.payload), - } - - if len(obj.Signatures) == 1 { - if obj.Signatures[0].protected != nil { - serializedProtected := mustSerializeJSON(obj.Signatures[0].protected) - raw.Protected = newBuffer(serializedProtected) - } - raw.Header = obj.Signatures[0].header - raw.Signature = newBuffer(obj.Signatures[0].Signature) - } else { - raw.Signatures = make([]rawSignatureInfo, len(obj.Signatures)) - for i, signature := range obj.Signatures { - raw.Signatures[i] = rawSignatureInfo{ - Header: signature.header, - Signature: newBuffer(signature.Signature), - } - - if signature.protected != nil { - raw.Signatures[i].Protected = newBuffer(mustSerializeJSON(signature.protected)) - } - } - } - - return string(mustSerializeJSON(raw)) -} |