unstaged

Signed-off-by: Aeneas Rekkas (arekkas) <aeneas@ory.am>

crypter_test.go

@@ -25,6 +25,10 @@ import (
 	"fmt"
 	"io"
 	"testing"
+	"crypto/x509/pkix"
+	"time"
+	"crypto/x509"
+	"math/big"
 )
 
 // We generate only a single RSA and EC key for testing, speeds up tests.
@@ -33,6 +37,26 @@ var rsaTestKey, _ = rsa.GenerateKey(rand.Reader, 2048)
 var ecTestKey256, _ = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 var ecTestKey384, _ = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
 var ecTestKey521, _ = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+var x509TestCertificate = func() *x509.Certificate {
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit)
+	t := x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			Organization: []string{"Acme Co"},
+		},
+		NotBefore: time.Now().Round(time.Second),
+		NotAfter: time.Now().Add(time.Hour).Round(time.Second),
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+	t.IsCA = true
+	t.KeyUsage |= x509.KeyUsageCertSign
+	der, _ := x509.CreateCertificate(rand.Reader, &t, &t, &rsaTestKey.PublicKey, rsaTestKey)
+	c, _ := x509.ParseCertificate(der)
+	return c
+}()
 
 func RoundtripJWE(keyAlg KeyAlgorithm, encAlg ContentEncryption, compressionAlg CompressionAlgorithm, serializer func(*JsonWebEncryption) (string, error), corrupter func(*JsonWebEncryption) bool, aad []byte, encryptionKey interface{}, decryptionKey interface{}) error {
 	enc, err := NewEncrypter(keyAlg, encAlg, encryptionKey)

jwk.go

@@ -96,9 +96,11 @@ func (k JsonWebKey) MarshalJSON() ([]byte, error) {
 		return MarshalJSON(raw)
 	}
 
+	enc := base64.StdEncoding
 	raw.X5c = make([][]byte, len(k.Certificates))
 	for i, cert := range k.Certificates {
-		base64.StdEncoding.Encode(cert.Raw, raw.X5c[i])
+		raw.X5c[i] = make([]byte, enc.EncodedLen(len(cert.Raw)))
+		enc.Encode(raw.X5c[i], cert.Raw)
 	}
 
 	return MarshalJSON(raw)

jwk_test.go

@@ -27,6 +27,7 @@ import (
 	"math/big"
 	"reflect"
 	"testing"
+	"crypto/x509"
 )
 
 func TestCurveSize(t *testing.T) {
@@ -156,6 +157,40 @@ func TestRoundtripEcPrivate(t *testing.T) {
 	}
 }
 
+func TestMarshalUnmarshalX5C(t *testing.T) {
+	jwk := JsonWebKey{
+		Key: rsaTestKey,
+		KeyID: "bar",
+		Algorithm: "foo",
+		Certificates: []*x509.Certificate{x509TestCertificate},
+	}
+
+	jsonbar, err := jwk.MarshalJSON()
+	if err != nil {
+		t.Error("problem marshaling", err)
+	}
+
+	t.Logf("JsonBAR: %s", jsonbar)
+
+	var jwk2 JsonWebKey
+	err = jwk2.UnmarshalJSON(jsonbar)
+	if err != nil {
+		t.Error("problem unmarshalling", err)
+	}
+
+	if !reflect.DeepEqual(jwk.Certificates, jwk2.Certificates) {
+		t.Error("Certificates not equal", jwk.Certificates, jwk2.Certificates)
+	}
+
+	jsonbar2, err := jwk2.MarshalJSON()
+	if err != nil {
+		t.Error("problem marshaling", err)
+	}
+	if !bytes.Equal(jsonbar, jsonbar2) {
+		t.Error("roundtrip should not lose information")
+	}
+}
+
 func TestMarshalUnmarshal(t *testing.T) {
 	kid := "DEADBEEF"