diff options
Diffstat (limited to 'vendor/github.com/rsc/letsencrypt/vendor/gopkg.in/square/go-jose.v1/jwe.go')
| -rw-r--r-- | vendor/github.com/rsc/letsencrypt/vendor/gopkg.in/square/go-jose.v1/jwe.go | 280 |
1 files changed, 0 insertions, 280 deletions
diff --git a/vendor/github.com/rsc/letsencrypt/vendor/gopkg.in/square/go-jose.v1/jwe.go b/vendor/github.com/rsc/letsencrypt/vendor/gopkg.in/square/go-jose.v1/jwe.go deleted file mode 100644 index 7eb8956d2..000000000 --- a/vendor/github.com/rsc/letsencrypt/vendor/gopkg.in/square/go-jose.v1/jwe.go +++ /dev/null @@ -1,280 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "fmt" - "strings" - - "gopkg.in/square/go-jose.v1/json" -) - -// rawJsonWebEncryption represents a raw JWE JSON object. Used for parsing/serializing. -type rawJsonWebEncryption struct { - Protected *byteBuffer `json:"protected,omitempty"` - Unprotected *rawHeader `json:"unprotected,omitempty"` - Header *rawHeader `json:"header,omitempty"` - Recipients []rawRecipientInfo `json:"recipients,omitempty"` - Aad *byteBuffer `json:"aad,omitempty"` - EncryptedKey *byteBuffer `json:"encrypted_key,omitempty"` - Iv *byteBuffer `json:"iv,omitempty"` - Ciphertext *byteBuffer `json:"ciphertext,omitempty"` - Tag *byteBuffer `json:"tag,omitempty"` -} - -// rawRecipientInfo represents a raw JWE Per-Recipient header JSON object. Used for parsing/serializing. -type rawRecipientInfo struct { - Header *rawHeader `json:"header,omitempty"` - EncryptedKey string `json:"encrypted_key,omitempty"` -} - -// JsonWebEncryption represents an encrypted JWE object after parsing. -type JsonWebEncryption struct { - Header JoseHeader - protected, unprotected *rawHeader - recipients []recipientInfo - aad, iv, ciphertext, tag []byte - original *rawJsonWebEncryption -} - -// recipientInfo represents a raw JWE Per-Recipient header JSON object after parsing. -type recipientInfo struct { - header *rawHeader - encryptedKey []byte -} - -// GetAuthData retrieves the (optional) authenticated data attached to the object. -func (obj JsonWebEncryption) GetAuthData() []byte { - if obj.aad != nil { - out := make([]byte, len(obj.aad)) - copy(out, obj.aad) - return out - } - - return nil -} - -// Get the merged header values -func (obj JsonWebEncryption) mergedHeaders(recipient *recipientInfo) rawHeader { - out := rawHeader{} - out.merge(obj.protected) - out.merge(obj.unprotected) - - if recipient != nil { - out.merge(recipient.header) - } - - return out -} - -// Get the additional authenticated data from a JWE object. -func (obj JsonWebEncryption) computeAuthData() []byte { - var protected string - - if obj.original != nil { - protected = obj.original.Protected.base64() - } else { - protected = base64URLEncode(mustSerializeJSON((obj.protected))) - } - - output := []byte(protected) - if obj.aad != nil { - output = append(output, '.') - output = append(output, []byte(base64URLEncode(obj.aad))...) - } - - return output -} - -// ParseEncrypted parses an encrypted message in compact or full serialization format. -func ParseEncrypted(input string) (*JsonWebEncryption, error) { - input = stripWhitespace(input) - if strings.HasPrefix(input, "{") { - return parseEncryptedFull(input) - } - - return parseEncryptedCompact(input) -} - -// parseEncryptedFull parses a message in compact format. -func parseEncryptedFull(input string) (*JsonWebEncryption, error) { - var parsed rawJsonWebEncryption - err := json.Unmarshal([]byte(input), &parsed) - if err != nil { - return nil, err - } - - return parsed.sanitized() -} - -// sanitized produces a cleaned-up JWE object from the raw JSON. -func (parsed *rawJsonWebEncryption) sanitized() (*JsonWebEncryption, error) { - obj := &JsonWebEncryption{ - original: parsed, - unprotected: parsed.Unprotected, - } - - // Check that there is not a nonce in the unprotected headers - if (parsed.Unprotected != nil && parsed.Unprotected.Nonce != "") || - (parsed.Header != nil && parsed.Header.Nonce != "") { - return nil, ErrUnprotectedNonce - } - - if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 { - err := json.Unmarshal(parsed.Protected.bytes(), &obj.protected) - if err != nil { - return nil, fmt.Errorf("square/go-jose: invalid protected header: %s, %s", err, parsed.Protected.base64()) - } - } - - // Note: this must be called _after_ we parse the protected header, - // otherwise fields from the protected header will not get picked up. - obj.Header = obj.mergedHeaders(nil).sanitized() - - if len(parsed.Recipients) == 0 { - obj.recipients = []recipientInfo{ - recipientInfo{ - header: parsed.Header, - encryptedKey: parsed.EncryptedKey.bytes(), - }, - } - } else { - obj.recipients = make([]recipientInfo, len(parsed.Recipients)) - for r := range parsed.Recipients { - encryptedKey, err := base64URLDecode(parsed.Recipients[r].EncryptedKey) - if err != nil { - return nil, err - } - - // Check that there is not a nonce in the unprotected header - if parsed.Recipients[r].Header != nil && parsed.Recipients[r].Header.Nonce != "" { - return nil, ErrUnprotectedNonce - } - - obj.recipients[r].header = parsed.Recipients[r].Header - obj.recipients[r].encryptedKey = encryptedKey - } - } - - for _, recipient := range obj.recipients { - headers := obj.mergedHeaders(&recipient) - if headers.Alg == "" || headers.Enc == "" { - return nil, fmt.Errorf("square/go-jose: message is missing alg/enc headers") - } - } - - obj.iv = parsed.Iv.bytes() - obj.ciphertext = parsed.Ciphertext.bytes() - obj.tag = parsed.Tag.bytes() - obj.aad = parsed.Aad.bytes() - - return obj, nil -} - -// parseEncryptedCompact parses a message in compact format. -func parseEncryptedCompact(input string) (*JsonWebEncryption, error) { - parts := strings.Split(input, ".") - if len(parts) != 5 { - return nil, fmt.Errorf("square/go-jose: compact JWE format must have five parts") - } - - rawProtected, err := base64URLDecode(parts[0]) - if err != nil { - return nil, err - } - - encryptedKey, err := base64URLDecode(parts[1]) - if err != nil { - return nil, err - } - - iv, err := base64URLDecode(parts[2]) - if err != nil { - return nil, err - } - - ciphertext, err := base64URLDecode(parts[3]) - if err != nil { - return nil, err - } - - tag, err := base64URLDecode(parts[4]) - if err != nil { - return nil, err - } - - raw := &rawJsonWebEncryption{ - Protected: newBuffer(rawProtected), - EncryptedKey: newBuffer(encryptedKey), - Iv: newBuffer(iv), - Ciphertext: newBuffer(ciphertext), - Tag: newBuffer(tag), - } - - return raw.sanitized() -} - -// CompactSerialize serializes an object using the compact serialization format. -func (obj JsonWebEncryption) CompactSerialize() (string, error) { - if len(obj.recipients) != 1 || obj.unprotected != nil || - obj.protected == nil || obj.recipients[0].header != nil { - return "", ErrNotSupported - } - - serializedProtected := mustSerializeJSON(obj.protected) - - return fmt.Sprintf( - "%s.%s.%s.%s.%s", - base64URLEncode(serializedProtected), - base64URLEncode(obj.recipients[0].encryptedKey), - base64URLEncode(obj.iv), - base64URLEncode(obj.ciphertext), - base64URLEncode(obj.tag)), nil -} - -// FullSerialize serializes an object using the full JSON serialization format. -func (obj JsonWebEncryption) FullSerialize() string { - raw := rawJsonWebEncryption{ - Unprotected: obj.unprotected, - Iv: newBuffer(obj.iv), - Ciphertext: newBuffer(obj.ciphertext), - EncryptedKey: newBuffer(obj.recipients[0].encryptedKey), - Tag: newBuffer(obj.tag), - Aad: newBuffer(obj.aad), - Recipients: []rawRecipientInfo{}, - } - - if len(obj.recipients) > 1 { - for _, recipient := range obj.recipients { - info := rawRecipientInfo{ - Header: recipient.header, - EncryptedKey: base64URLEncode(recipient.encryptedKey), - } - raw.Recipients = append(raw.Recipients, info) - } - } else { - // Use flattened serialization - raw.Header = obj.recipients[0].header - raw.EncryptedKey = newBuffer(obj.recipients[0].encryptedKey) - } - - if obj.protected != nil { - raw.Protected = newBuffer(mustSerializeJSON(obj.protected)) - } - - return string(mustSerializeJSON(raw)) -} |