added helper matchers: Alg and Eng

dvsekhvalnov · Dec 6, 2023 · e0264a2 · e0264a2
1 parent 0f6c7c3
commit e0264a2
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 5 deletions.
diff --git a/jose.go b/jose.go
@@ -459,13 +459,27 @@ func retrieveActualKey(headers map[string]interface{}, payload string, key inter
  return key, nil
 }
 
-func MatchAlg(expected string, key interface{}) func(headers map[string]interface{}, payload string) interface{} {
+func Alg(key interface{}, jws string) func(headers map[string]interface{}, payload string) interface{} {
  return func(headers map[string]interface{}, payload string) interface{} {
  alg := headers["alg"].(string)
- if expected == alg {
+
+ if jws == alg {
+ return key
+ }
+
+ return errors.New("Expected alg to be '" + jws + "' but got '" + alg + "'")
+ }
+}
+
+func Enc(key interface{}, jwa string, jwe string) func(headers map[string]interface{}, payload string) interface{} {
+ return func(headers map[string]interface{}, payload string) interface{} {
+ alg := headers["alg"].(string)
+ enc := headers["enc"].(string)
+
+ if jwa == alg && jwe == enc {
  return key
  }
 
- return errors.New("Expected alg to be '" + expected + "' but got '" + alg + "'")
+ return errors.New("Expected alg to be '" + jwa + "' and enc to be '" + jwe + "' but got '" + alg + "' and '" + enc + "'")
  }
 }
diff --git a/jose_test.go b/jose_test.go
@@ -2605,7 +2605,7 @@ func (s *TestSuite) TestDecode_TwoPhased_MatchAlg(c *C) {
  token := "eyJhbGciOiJFUzI1NiIsImN0eSI6InRleHRcL3BsYWluIn0.eyJoZWxsbyI6ICJ3b3JsZCJ9.EVnmDMlz-oi05AQzts-R3aqWvaBlwVZddWkmaaHyMx5Phb2NSLgyI0kccpgjjAyo1S5KCB3LIMPfmxCX_obMKA"
 
  //when
- test, _, err := Decode(token, MatchAlg("ES256", Ecc256Public()))
+ test, _, err := Decode(token, Alg(Ecc256Public(), "ES256"))
 
  //then
  c.Assert(err, IsNil)
@@ -2617,7 +2617,7 @@ func (s *TestSuite) TestDecode_TwoPhased_MatchAlg_Invalid(c *C) {
  token := "eyJhbGciOiJFUzI1NiIsImN0eSI6InRleHRcL3BsYWluIn0.eyJoZWxsbyI6ICJ3b3JsZCJ9.EVnmDMlz-oi05AQzts-R3aqWvaBlwVZddWkmaaHyMx5Phb2NSLgyI0kccpgjjAyo1S5KCB3LIMPfmxCX_obMKA"
 
  //when
- test, headers, err := Decode(token, MatchAlg("RS256", Ecc256Public()))
+ test, headers, err := Decode(token, Alg(Ecc256Public(), "RS256"))
 
  fmt.Printf("\nalg doesn't match err=%v\n", err)
 
@@ -2627,6 +2627,46 @@ func (s *TestSuite) TestDecode_TwoPhased_MatchAlg_Invalid(c *C) {
  c.Assert(test, Equals, "")
 }
 
+func (s *TestSuite) TestDecode_TwoPhased_MatchEnc(c *C) {
+ //given
+ token := "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTkyQ0JDLUhTMzg0In0.COuKvozBVi2vkEPpFdx0HTMpU9tmpP1lLngbmGn8RVphY-vjhVaduv8D_Ay_1j8LuMz4tgP98xWtbJkTyhxY1kBwXe0CgqFUOSJ1mTEPRkKSXpdFR7rT1Pv68qug2yKaXT_qcviyBerIcUVFbXBmtiYAosYO4kaPSOE1IvLadFOrMkxdZv6QiiCROzWgJNCCMgNQZGRoPhqLe3wrcxi86DhNO7Bpqq_yeNVyHdU_qObMuMVZIWWEQIDhiU4nE8WGJLG_NtKElc_nQwbmclL_YYgTiHsIAKWZCdj0nwfLe5mwJQN4r7pjakiUVzCbNNgI1-iBH1vJD5VCPxgWldzfYA.7cDs4wzbNDt1Kq40Q5ae4w.u1bR6ChVd90QkFIp3H6IkOCIMwf5aIKsQOvqgFangRLrDjctl5qO5jTHr1o1GwBQvAkRmaGSE7fRIwWB_l-Ayx2c2WDFOkVXFSR_D23GrWaLMLbugPItQd2Mny6H4QOzO3O0EK_Qm7frqwKQI3og72SB8DUqzEaKsrz7HR2z_qMa2CEEApxai_R6NIlAdMUbYvOfZx262MWFGrITBDmma-Mnqiz9WJUv2wexfwjROaaS4wXfkGy5B6ltESifpZZk5NerExR3GA6yX7cFqJc4pQ.FKcbLyB9eP1UXmxyliTu1_GQrnS-JtAB"
+
+ //when
+ test, _, err := Decode(token, Enc(PrivKey(), "RSA-OAEP-256", "A192CBC-HS384"))
+
+ //then
+ c.Assert(err, IsNil)
+ c.Assert(test, Equals, `{"exp":1392553211,"sub":"alice","nbf":1392552611,"aud":["https:\/\/app-one.com","https:\/\/app-two.com"],"iss":"https:\/\/openid.net","jti":"586dd129-a29f-49c8-9de7-454af1155e27","iat":1392552611}`)
+}
+
+func (s *TestSuite) TestDecode_TwoPhased_MatchEnc_InvalidAlg(c *C) {
+ //given
+ token := "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTkyQ0JDLUhTMzg0In0.COuKvozBVi2vkEPpFdx0HTMpU9tmpP1lLngbmGn8RVphY-vjhVaduv8D_Ay_1j8LuMz4tgP98xWtbJkTyhxY1kBwXe0CgqFUOSJ1mTEPRkKSXpdFR7rT1Pv68qug2yKaXT_qcviyBerIcUVFbXBmtiYAosYO4kaPSOE1IvLadFOrMkxdZv6QiiCROzWgJNCCMgNQZGRoPhqLe3wrcxi86DhNO7Bpqq_yeNVyHdU_qObMuMVZIWWEQIDhiU4nE8WGJLG_NtKElc_nQwbmclL_YYgTiHsIAKWZCdj0nwfLe5mwJQN4r7pjakiUVzCbNNgI1-iBH1vJD5VCPxgWldzfYA.7cDs4wzbNDt1Kq40Q5ae4w.u1bR6ChVd90QkFIp3H6IkOCIMwf5aIKsQOvqgFangRLrDjctl5qO5jTHr1o1GwBQvAkRmaGSE7fRIwWB_l-Ayx2c2WDFOkVXFSR_D23GrWaLMLbugPItQd2Mny6H4QOzO3O0EK_Qm7frqwKQI3og72SB8DUqzEaKsrz7HR2z_qMa2CEEApxai_R6NIlAdMUbYvOfZx262MWFGrITBDmma-Mnqiz9WJUv2wexfwjROaaS4wXfkGy5B6ltESifpZZk5NerExR3GA6yX7cFqJc4pQ.FKcbLyB9eP1UXmxyliTu1_GQrnS-JtAB"
+
+ //when
+ test, _, err := Decode(token, Enc(PrivKey(), "RSA-OAEP-256", "A256CBC-HS512"))
+
+ fmt.Printf("\nalg/enc doesn't match err=%v\n", err)
+
+ //then
+ c.Assert(err, NotNil)
+ c.Assert(test, Equals, "")
+}
+
+func (s *TestSuite) TestDecode_TwoPhased_MatchEnc_InvalidEnc(c *C) {
+ //given
+ token := "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTkyQ0JDLUhTMzg0In0.COuKvozBVi2vkEPpFdx0HTMpU9tmpP1lLngbmGn8RVphY-vjhVaduv8D_Ay_1j8LuMz4tgP98xWtbJkTyhxY1kBwXe0CgqFUOSJ1mTEPRkKSXpdFR7rT1Pv68qug2yKaXT_qcviyBerIcUVFbXBmtiYAosYO4kaPSOE1IvLadFOrMkxdZv6QiiCROzWgJNCCMgNQZGRoPhqLe3wrcxi86DhNO7Bpqq_yeNVyHdU_qObMuMVZIWWEQIDhiU4nE8WGJLG_NtKElc_nQwbmclL_YYgTiHsIAKWZCdj0nwfLe5mwJQN4r7pjakiUVzCbNNgI1-iBH1vJD5VCPxgWldzfYA.7cDs4wzbNDt1Kq40Q5ae4w.u1bR6ChVd90QkFIp3H6IkOCIMwf5aIKsQOvqgFangRLrDjctl5qO5jTHr1o1GwBQvAkRmaGSE7fRIwWB_l-Ayx2c2WDFOkVXFSR_D23GrWaLMLbugPItQd2Mny6H4QOzO3O0EK_Qm7frqwKQI3og72SB8DUqzEaKsrz7HR2z_qMa2CEEApxai_R6NIlAdMUbYvOfZx262MWFGrITBDmma-Mnqiz9WJUv2wexfwjROaaS4wXfkGy5B6ltESifpZZk5NerExR3GA6yX7cFqJc4pQ.FKcbLyB9eP1UXmxyliTu1_GQrnS-JtAB"
+
+ //when
+ test, _, err := Decode(token, Enc(PrivKey(), "RSA-OAEP", "A192CBC-HS384"))
+
+ fmt.Printf("\nalg/enc doesn't match err=%v\n", err)
+
+ //then
+ c.Assert(err, NotNil)
+ c.Assert(test, Equals, "")
+}
+
 // test utils
 func PubKey() *rsa.PublicKey {
  key, _ := Rsa.ReadPublic([]byte(pubKey))