From 7a1e23fe87d7ea2ee4c889be8d070a438d4a254b Mon Sep 17 00:00:00 2001 From: "Aeneas Rekkas (arekkas)" Date: Fri, 10 Jun 2016 13:50:59 +0200 Subject: [PATCH] unstaged Signed-off-by: Aeneas Rekkas (arekkas) --- crypter_test.go | 24 ++++++++++++++++++++++++ jwk.go | 4 +++- jwk_test.go | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 1 deletion(-) diff --git a/crypter_test.go b/crypter_test.go index 86b8fc0a..3ff84cba 100644 --- a/crypter_test.go +++ b/crypter_test.go @@ -25,6 +25,10 @@ import ( "fmt" "io" "testing" + "crypto/x509/pkix" + "time" + "crypto/x509" + "math/big" ) // We generate only a single RSA and EC key for testing, speeds up tests. @@ -33,6 +37,26 @@ var rsaTestKey, _ = rsa.GenerateKey(rand.Reader, 2048) var ecTestKey256, _ = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) var ecTestKey384, _ = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) var ecTestKey521, _ = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) +var x509TestCertificate = func() *x509.Certificate { + serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit) + t := x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + Organization: []string{"Acme Co"}, + }, + NotBefore: time.Now().Round(time.Second), + NotAfter: time.Now().Add(time.Hour).Round(time.Second), + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + } + t.IsCA = true + t.KeyUsage |= x509.KeyUsageCertSign + der, _ := x509.CreateCertificate(rand.Reader, &t, &t, &rsaTestKey.PublicKey, rsaTestKey) + c, _ := x509.ParseCertificate(der) + return c +}() func RoundtripJWE(keyAlg KeyAlgorithm, encAlg ContentEncryption, compressionAlg CompressionAlgorithm, serializer func(*JsonWebEncryption) (string, error), corrupter func(*JsonWebEncryption) bool, aad []byte, encryptionKey interface{}, decryptionKey interface{}) error { enc, err := NewEncrypter(keyAlg, encAlg, encryptionKey) diff --git a/jwk.go b/jwk.go index d04651da..14dbf285 100644 --- a/jwk.go +++ b/jwk.go @@ -96,9 +96,11 @@ func (k JsonWebKey) MarshalJSON() ([]byte, error) { return MarshalJSON(raw) } + enc := base64.StdEncoding raw.X5c = make([][]byte, len(k.Certificates)) for i, cert := range k.Certificates { - base64.StdEncoding.Encode(cert.Raw, raw.X5c[i]) + raw.X5c[i] = make([]byte, enc.EncodedLen(len(cert.Raw))) + enc.Encode(raw.X5c[i], cert.Raw) } return MarshalJSON(raw) diff --git a/jwk_test.go b/jwk_test.go index 9655c72d..6b1c0c19 100644 --- a/jwk_test.go +++ b/jwk_test.go @@ -27,6 +27,7 @@ import ( "math/big" "reflect" "testing" + "crypto/x509" ) func TestCurveSize(t *testing.T) { @@ -156,6 +157,40 @@ func TestRoundtripEcPrivate(t *testing.T) { } } +func TestMarshalUnmarshalX5C(t *testing.T) { + jwk := JsonWebKey{ + Key: rsaTestKey, + KeyID: "bar", + Algorithm: "foo", + Certificates: []*x509.Certificate{x509TestCertificate}, + } + + jsonbar, err := jwk.MarshalJSON() + if err != nil { + t.Error("problem marshaling", err) + } + + t.Logf("JsonBAR: %s", jsonbar) + + var jwk2 JsonWebKey + err = jwk2.UnmarshalJSON(jsonbar) + if err != nil { + t.Error("problem unmarshalling", err) + } + + if !reflect.DeepEqual(jwk.Certificates, jwk2.Certificates) { + t.Error("Certificates not equal", jwk.Certificates, jwk2.Certificates) + } + + jsonbar2, err := jwk2.MarshalJSON() + if err != nil { + t.Error("problem marshaling", err) + } + if !bytes.Equal(jsonbar, jsonbar2) { + t.Error("roundtrip should not lose information") + } +} + func TestMarshalUnmarshal(t *testing.T) { kid := "DEADBEEF"