github.com/trustbloc/kms-go@v1.1.2/doc/jose/jwe_test.go (about)

     1  /*
     2  Copyright SecureKey Technologies Inc. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package jose
     8  
     9  import (
    10  	"encoding/base64"
    11  	"encoding/json"
    12  	"errors"
    13  	"testing"
    14  
    15  	"github.com/go-jose/go-jose/v3"
    16  	"github.com/stretchr/testify/require"
    17  )
    18  
    19  const (
    20  	exampleEPK = `{"kty":"EC","crv":"P-256","x":"0_Zip_vHBNI-P_in4S2OuPsxWy9cMWCem-ubr4hK1D0","y":"UTIlc5Vf0Ul` +
    21  		`yrOgxFzZjt3JwKTA99cfkVNGu70_UZpA"}`
    22  
    23  	exampleMockJWEAllFields = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVl` +
    24  		`MSIsInByb3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unp` +
    25  		`rotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"Tes` +
    26  		`tAPU","iv":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdE` +
    27  		`tleQ"},{"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` +
    28  		exampleEPK + `},"encrypt` + `ed_key":"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","iv":"VGVzdElW","ciphertext":"` +
    29  		`VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}`
    30  	exampleMockJWEAllFieldsOneRecipient = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVl` +
    31  		`MSIsInByb3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unp` +
    32  		`rotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"encrypted_key":"VGVzdEtleQ","heade` +
    33  		`r":{"apu":"TestAPU","iv":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"aad":"VG` +
    34  		`VzdEFBRA","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}`
    35  	exampleMockJWEProtectedFieldAbsent = `{"unprotected":{"unprotectedheader1":"unprotectedtestvalue1","unpr` +
    36  		`otectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"TestAPU","iv":"TestIV","tag"` +
    37  		`:"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"},{"header":{"apu":"` +
    38  		`TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK + `},"encrypted_key":` +
    39  		`"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}`
    40  	exampleMockJWEUnprotectedFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVl` +
    41  		`MSIsInByb3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","recipients":[{"header":{"apu":"TestAPU"` +
    42  		`,"iv":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"` +
    43  		`},{"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK +
    44  		`},"encrypted_key":"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleH` +
    45  		`Q","tag":"VGVzdFRhZw"}`
    46  	exampleMockJWERecipientsFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVl` +
    47  		`MSIsInByb3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unp` +
    48  		`rotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{}],"aad":"VGVzdEFBRA` +
    49  		`","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}`
    50  	exampleMockJWEIVFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInBy` +
    51  		`b3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unprotected` +
    52  		`testvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"TestAPU","i` +
    53  		`v":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"},{` +
    54  		`"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK + `}` +
    55  		`,"encrypted_key":"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}`
    56  	exampleMockJWEAADFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInBy` +
    57  		`b3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unprotected` +
    58  		`testvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"TestAPU","i` +
    59  		`v":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"},{` +
    60  		`"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK + `}` +
    61  		`,"encrypted_key":"VGVzdEtleTI"}],"iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}`
    62  	exampleMockJWETagFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInBy` +
    63  		`b3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unprotected` +
    64  		`testvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"TestAPU","i` +
    65  		`v":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"},{` +
    66  		`"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK + `}` +
    67  		`,"encrypted_key":"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ"}`
    68  
    69  	exampleRealFullJWE = `{"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","unprotected":{"jku":"https://serv` +
    70  		`er.example.com/keys.jwks"},"recipients":[{"header":{"alg":"RSA1_5","kid":"2011-04-29"},"encrypted_key` +
    71  		`":"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdU` +
    72  		`LU7sHNF6Gp2vPLgNZ__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIFNPccxRU` +
    73  		`7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP` +
    74  		`-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A"},{"header":{"alg":"A128KW","kid":"7"},"encrypted_key":"6K` +
    75  		`B707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"}],"iv":"AxY8DCtDaGlsbGljb3RoZQ","ciphertext":"K` +
    76  		`DlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY","tag":"Mz-VPPyU4RlcuYv1IwIvzw"}`
    77  	exampleRealFullJWEWithEPKs = `{"protected":"eyJlbmMiOiJBMjU2R0NNIn0","recipients":[{"header":{"alg":"ECDH-` +
    78  		`ES+A256KW","epk":{"kty":"EC","crv":"P-256","x":"nHdqtsfXMabc2a1dtpnOgvWhkRiPxHopnfFH-BtSOaQ","y":"GWG` +
    79  		`uLnoohFrpXExSuuuOz-p3uSFFq1FVZP0dN-3q9H8"}},"encrypted_key":"fE26rjeON_iBo84fkvD56nLthhRM04LPzrYiIUQ4` +
    80  		`E5caOhtU95-t2w"},{"header":{"alg":"ECDH-ES+A256KW","epk":{"kty":"EC","crv":"P-256","x":"r2wTh-URkmIuK` +
    81  		`3f4LaJvPP7wTZVG7sdVatGxGadPPqA","y":"tZ29KzMcIrF9j-SakwtR9a-qP0iV4hdaeghjnpPgoaQ"}},"encrypted_key":"` +
    82  		`cixwgiJZK3JtKAOX2UHSE9N_4s4CXruAWby8efyQWueY-wx0_qeIrg"},{"header":{"alg":"ECDH-ES+A256KW","epk":{"kt` +
    83  		`y":"EC","crv":"P-256","x":"t0p3XILJf-1FMkuQqyX59kBpxVaYd-DIjrY3oDxvFHA","y":"Wfme-7LxEUK7sewvXhxrTV6c` +
    84  		`EVMkROPGbd2glkddAZs"}},"encrypted_key":"YSQvknAFf5teYWg2eciNiVx5oXNbKS688Dd_0aVxgtFtelxqc8Jv0g"}],"iv` +
    85  		`":"8-9HnO8n5et1Se3y","ciphertext":"jlgZfA44GMe-mhZLzxcur9g40g","tag":"rbXD5g7QxIOc4_J7idRHQA"}`
    86  	exampleRealCompactJWE = "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LFpZcgV7T6DV" +
    87  		"ZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uV" +
    88  		"uxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyP" +
    89  		"GLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKH" +
    90  		"zg.48V1_ALb6US04U3b.5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_" +
    91  		"A.XFBoMYUZodetZdvTiFvSkQ"
    92  
    93  	expectedSerializedCompactJWE = `{"protected":"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ","encrypted_k` +
    94  		`ey":"OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKA` +
    95  		`q7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfw` +
    96  		`X7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWX` +
    97  		`RcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKHzg","iv":"48V1_ALb6US04U3b","ciphertext":"5eym8TW_c8SuK0ltJ` +
    98  		`3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A","tag":"XFBoMYUZodetZdvTiFvSkQ"}`
    99  
   100  	expectedCompactJWE = `eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZGhlYWRlcjIiOiJw` +
   101  		`cm90ZWN0ZWR0ZXN0dmFsdWUyIn0.VGVzdEtleQ.VGVzdElW.VGVzdENpcGhlclRleHQ.VGVzdFRhZw`
   102  )
   103  
   104  var errFailingMarshal = errors.New("i failed to marshal")
   105  
   106  func TestJSONWebEncryption_Serialize(t *testing.T) {
   107  	t.Run("Success cases", func(t *testing.T) {
   108  		t.Run("All fields filled, multiple recipients", func(t *testing.T) {
   109  			protectedHeaders := Headers{
   110  				"protectedheader1": "protectedtestvalue1",
   111  				"protectedheader2": "protectedtestvalue2",
   112  			}
   113  			unprotectedHeaders := Headers{
   114  				"unprotectedheader1": "unprotectedtestvalue1",
   115  				"unprotectedheader2": "unprotectedtestvalue2",
   116  			}
   117  			recipients := make([]*Recipient, 2)
   118  
   119  			recipients[0] = &Recipient{
   120  				EncryptedKey: "TestKey",
   121  				Header: &RecipientHeaders{
   122  					APU: "TestAPU",
   123  					IV:  "TestIV",
   124  					Tag: "TestTag",
   125  					KID: "TestKID",
   126  					EPK: []byte(exampleEPK),
   127  				},
   128  			}
   129  			recipients[1] = &Recipient{
   130  				EncryptedKey: "TestKey2",
   131  				Header: &RecipientHeaders{
   132  					APU: "TestAPU2",
   133  					IV:  "TestIV2",
   134  					Tag: "TestTag2",
   135  					KID: "TestKID2",
   136  					EPK: []byte(exampleEPK),
   137  				},
   138  			}
   139  
   140  			jwe := JSONWebEncryption{
   141  				ProtectedHeaders:   protectedHeaders,
   142  				UnprotectedHeaders: unprotectedHeaders,
   143  				Recipients:         recipients,
   144  				AAD:                "TestAAD",
   145  				IV:                 "TestIV",
   146  				Ciphertext:         "TestCipherText",
   147  				Tag:                "TestTag",
   148  			}
   149  			serializedJWE, err := jwe.FullSerialize(json.Marshal)
   150  			require.NoError(t, err)
   151  			require.Equal(t, exampleMockJWEAllFields, serializedJWE)
   152  		})
   153  		t.Run("All fields filled, one recipient - serialized JWE uses flattened syntax", func(t *testing.T) {
   154  			protectedHeaders := Headers{
   155  				"protectedheader1": "protectedtestvalue1",
   156  				"protectedheader2": "protectedtestvalue2",
   157  			}
   158  			unprotectedHeaders := Headers{
   159  				"unprotectedheader1": "unprotectedtestvalue1",
   160  				"unprotectedheader2": "unprotectedtestvalue2",
   161  			}
   162  			recipients := make([]*Recipient, 1)
   163  
   164  			recipients[0] = &Recipient{
   165  				EncryptedKey: "TestKey",
   166  				Header: &RecipientHeaders{
   167  					APU: "TestAPU",
   168  					IV:  "TestIV",
   169  					Tag: "TestTag",
   170  					KID: "TestKID",
   171  					EPK: []byte(exampleEPK),
   172  				},
   173  			}
   174  
   175  			jwe := JSONWebEncryption{
   176  				ProtectedHeaders:   protectedHeaders,
   177  				UnprotectedHeaders: unprotectedHeaders,
   178  				Recipients:         recipients,
   179  				AAD:                "TestAAD",
   180  				IV:                 "TestIV",
   181  				Ciphertext:         "TestCipherText",
   182  				Tag:                "TestTag",
   183  			}
   184  			serializedJWE, err := jwe.FullSerialize(json.Marshal)
   185  			require.NoError(t, err)
   186  			require.Equal(t, exampleMockJWEAllFieldsOneRecipient, serializedJWE)
   187  		})
   188  		t.Run("Successfully serialize JWE, protected header value is empty", func(t *testing.T) {
   189  			unprotectedHeaders := Headers{
   190  				"unprotectedheader1": "unprotectedtestvalue1",
   191  				"unprotectedheader2": "unprotectedtestvalue2",
   192  			}
   193  			recipients := make([]*Recipient, 2)
   194  
   195  			recipients[0] = &Recipient{
   196  				EncryptedKey: "TestKey",
   197  				Header: &RecipientHeaders{
   198  					APU: "TestAPU",
   199  					IV:  "TestIV",
   200  					Tag: "TestTag",
   201  					KID: "TestKID",
   202  					EPK: []byte(exampleEPK),
   203  				},
   204  			}
   205  			recipients[1] = &Recipient{
   206  				EncryptedKey: "TestKey2",
   207  				Header: &RecipientHeaders{
   208  					APU: "TestAPU2",
   209  					IV:  "TestIV2",
   210  					Tag: "TestTag2",
   211  					KID: "TestKID2",
   212  					EPK: []byte(exampleEPK),
   213  				},
   214  			}
   215  
   216  			jwe := JSONWebEncryption{
   217  				UnprotectedHeaders: unprotectedHeaders,
   218  				Recipients:         recipients,
   219  				AAD:                "TestAAD",
   220  				IV:                 "TestIV",
   221  				Ciphertext:         "TestCipherText",
   222  				Tag:                "TestTag",
   223  			}
   224  			serializedJWE, err := jwe.FullSerialize(json.Marshal)
   225  			require.NoError(t, err)
   226  			require.Equal(t, exampleMockJWEProtectedFieldAbsent, serializedJWE)
   227  		})
   228  		t.Run("Successfully serialize JWE, unprotected header value is empty", func(t *testing.T) {
   229  			protectedHeaders := Headers{
   230  				"protectedheader1": "protectedtestvalue1",
   231  				"protectedheader2": "protectedtestvalue2",
   232  			}
   233  			recipients := make([]*Recipient, 2)
   234  
   235  			recipients[0] = &Recipient{
   236  				EncryptedKey: "TestKey",
   237  				Header: &RecipientHeaders{
   238  					APU: "TestAPU",
   239  					IV:  "TestIV",
   240  					Tag: "TestTag",
   241  					KID: "TestKID",
   242  					EPK: []byte(exampleEPK),
   243  				},
   244  			}
   245  			recipients[1] = &Recipient{
   246  				EncryptedKey: "TestKey2",
   247  				Header: &RecipientHeaders{
   248  					APU: "TestAPU2",
   249  					IV:  "TestIV2",
   250  					Tag: "TestTag2",
   251  					KID: "TestKID2",
   252  					EPK: []byte(exampleEPK),
   253  				},
   254  			}
   255  
   256  			jwe := JSONWebEncryption{
   257  				ProtectedHeaders: protectedHeaders,
   258  				Recipients:       recipients,
   259  				AAD:              "TestAAD",
   260  				IV:               "TestIV",
   261  				Ciphertext:       "TestCipherText",
   262  				Tag:              "TestTag",
   263  			}
   264  			serializedJWE, err := jwe.FullSerialize(json.Marshal)
   265  			require.NoError(t, err)
   266  			require.Equal(t, exampleMockJWEUnprotectedFieldAbsent, serializedJWE)
   267  		})
   268  		t.Run("Successfully serialize JWE, recipients value is empty", func(t *testing.T) {
   269  			protectedHeaders := Headers{
   270  				"protectedheader1": "protectedtestvalue1",
   271  				"protectedheader2": "protectedtestvalue2",
   272  			}
   273  			unprotectedHeaders := Headers{
   274  				"unprotectedheader1": "unprotectedtestvalue1",
   275  				"unprotectedheader2": "unprotectedtestvalue2",
   276  			}
   277  
   278  			jwe := JSONWebEncryption{
   279  				ProtectedHeaders:   protectedHeaders,
   280  				UnprotectedHeaders: unprotectedHeaders,
   281  				AAD:                "TestAAD",
   282  				IV:                 "TestIV",
   283  				Ciphertext:         "TestCipherText",
   284  				Tag:                "TestTag",
   285  			}
   286  			serializedJWE, err := jwe.FullSerialize(json.Marshal)
   287  			require.NoError(t, err)
   288  			require.Equal(t, exampleMockJWERecipientsFieldAbsent, serializedJWE)
   289  		})
   290  		t.Run("Successfully serialize JWE, IV value is empty", func(t *testing.T) {
   291  			protectedHeaders := Headers{
   292  				"protectedheader1": "protectedtestvalue1",
   293  				"protectedheader2": "protectedtestvalue2",
   294  			}
   295  			unprotectedHeaders := Headers{
   296  				"unprotectedheader1": "unprotectedtestvalue1",
   297  				"unprotectedheader2": "unprotectedtestvalue2",
   298  			}
   299  			recipients := make([]*Recipient, 2)
   300  
   301  			recipients[0] = &Recipient{
   302  				EncryptedKey: "TestKey",
   303  				Header: &RecipientHeaders{
   304  					APU: "TestAPU",
   305  					IV:  "TestIV",
   306  					Tag: "TestTag",
   307  					KID: "TestKID",
   308  					EPK: []byte(exampleEPK),
   309  				},
   310  			}
   311  			recipients[1] = &Recipient{
   312  				EncryptedKey: "TestKey2",
   313  				Header: &RecipientHeaders{
   314  					APU: "TestAPU2",
   315  					IV:  "TestIV2",
   316  					Tag: "TestTag2",
   317  					KID: "TestKID2",
   318  					EPK: []byte(exampleEPK),
   319  				},
   320  			}
   321  
   322  			jwe := JSONWebEncryption{
   323  				ProtectedHeaders:   protectedHeaders,
   324  				UnprotectedHeaders: unprotectedHeaders,
   325  				Recipients:         recipients,
   326  				AAD:                "TestAAD",
   327  				Ciphertext:         "TestCipherText",
   328  				Tag:                "TestTag",
   329  			}
   330  			serializedJWE, err := jwe.FullSerialize(json.Marshal)
   331  			println(serializedJWE)
   332  			require.NoError(t, err)
   333  			require.Equal(t, exampleMockJWEIVFieldAbsent, serializedJWE)
   334  		})
   335  		t.Run("Successfully serialize JWE, AAD value is empty", func(t *testing.T) {
   336  			protectedHeaders := Headers{
   337  				"protectedheader1": "protectedtestvalue1",
   338  				"protectedheader2": "protectedtestvalue2",
   339  			}
   340  			unprotectedHeaders := Headers{
   341  				"unprotectedheader1": "unprotectedtestvalue1",
   342  				"unprotectedheader2": "unprotectedtestvalue2",
   343  			}
   344  			recipients := make([]*Recipient, 2)
   345  
   346  			recipients[0] = &Recipient{
   347  				EncryptedKey: "TestKey",
   348  				Header: &RecipientHeaders{
   349  					APU: "TestAPU",
   350  					IV:  "TestIV",
   351  					Tag: "TestTag",
   352  					KID: "TestKID",
   353  					EPK: []byte(exampleEPK),
   354  				},
   355  			}
   356  			recipients[1] = &Recipient{
   357  				EncryptedKey: "TestKey2",
   358  				Header: &RecipientHeaders{
   359  					APU: "TestAPU2",
   360  					IV:  "TestIV2",
   361  					Tag: "TestTag2",
   362  					KID: "TestKID2",
   363  					EPK: []byte(exampleEPK),
   364  				},
   365  			}
   366  
   367  			jwe := JSONWebEncryption{
   368  				ProtectedHeaders:   protectedHeaders,
   369  				UnprotectedHeaders: unprotectedHeaders,
   370  				Recipients:         recipients,
   371  				IV:                 "TestIV",
   372  				Ciphertext:         "TestCipherText",
   373  				Tag:                "TestTag",
   374  			}
   375  			serializedJWE, err := jwe.FullSerialize(json.Marshal)
   376  			require.NoError(t, err)
   377  			require.Equal(t, exampleMockJWEAADFieldAbsent, serializedJWE)
   378  		})
   379  		t.Run("Successfully serialize JWE, tag value is empty", func(t *testing.T) {
   380  			protectedHeaders := Headers{
   381  				"protectedheader1": "protectedtestvalue1",
   382  				"protectedheader2": "protectedtestvalue2",
   383  			}
   384  			unprotectedHeaders := Headers{
   385  				"unprotectedheader1": "unprotectedtestvalue1",
   386  				"unprotectedheader2": "unprotectedtestvalue2",
   387  			}
   388  			recipients := make([]*Recipient, 2)
   389  
   390  			recipients[0] = &Recipient{
   391  				EncryptedKey: "TestKey",
   392  				Header: &RecipientHeaders{
   393  					APU: "TestAPU",
   394  					IV:  "TestIV",
   395  					Tag: "TestTag",
   396  					KID: "TestKID",
   397  					EPK: []byte(exampleEPK),
   398  				},
   399  			}
   400  			recipients[1] = &Recipient{
   401  				EncryptedKey: "TestKey2",
   402  				Header: &RecipientHeaders{
   403  					APU: "TestAPU2",
   404  					IV:  "TestIV2",
   405  					Tag: "TestTag2",
   406  					KID: "TestKID2",
   407  					EPK: []byte(exampleEPK),
   408  				},
   409  			}
   410  
   411  			jwe := JSONWebEncryption{
   412  				ProtectedHeaders:   protectedHeaders,
   413  				UnprotectedHeaders: unprotectedHeaders,
   414  				Recipients:         recipients,
   415  				AAD:                "TestAAD",
   416  				IV:                 "TestIV",
   417  				Ciphertext:         "TestCipherText",
   418  			}
   419  			serializedJWE, err := jwe.FullSerialize(json.Marshal)
   420  			require.NoError(t, err)
   421  			require.Equal(t, exampleMockJWETagFieldAbsent, serializedJWE)
   422  		})
   423  	})
   424  	t.Run("Error cases", func(t *testing.T) {
   425  		t.Run("Fail to serialize JWE, ciphertext value is empty", func(t *testing.T) {
   426  			protectedHeaders := Headers{
   427  				"protectedheader1": "protectedtestvalue1",
   428  				"protectedheader2": "protectedtestvalue2",
   429  			}
   430  			unprotectedHeaders := Headers{
   431  				"unprotectedheader1": "unprotectedtestvalue1",
   432  				"unprotectedheader2": "unprotectedtestvalue2",
   433  			}
   434  
   435  			jwe := JSONWebEncryption{
   436  				ProtectedHeaders:   protectedHeaders,
   437  				UnprotectedHeaders: unprotectedHeaders,
   438  				Recipients:         nil,
   439  				AAD:                "TestAAD",
   440  				IV:                 "TestIV",
   441  				Tag:                "TestTag",
   442  			}
   443  			serializedJWE, err := jwe.FullSerialize(json.Marshal)
   444  			require.Equal(t, errEmptyCiphertext, err)
   445  			require.Equal(t, "", serializedJWE)
   446  		})
   447  		t.Run("fail to prepare headers", func(t *testing.T) {
   448  			jwe := JSONWebEncryption{
   449  				ProtectedHeaders: Headers{},
   450  			}
   451  
   452  			fm := &failingMarshaller{
   453  				numTimesMarshalCalledBeforeReturnErr: 0,
   454  			}
   455  
   456  			serializedJWE, err := jwe.FullSerialize(fm.failingMarshal)
   457  			require.Equal(t, errFailingMarshal, err)
   458  			require.Empty(t, serializedJWE)
   459  		})
   460  		t.Run("Fail to marshal recipient header (single recipient)", func(t *testing.T) {
   461  			recipients := make([]*Recipient, 1)
   462  
   463  			recipients[0] = &Recipient{
   464  				EncryptedKey: "TestKey",
   465  				Header:       &RecipientHeaders{},
   466  			}
   467  
   468  			jwe := JSONWebEncryption{
   469  				Recipients: recipients,
   470  			}
   471  
   472  			fm := &failingMarshaller{
   473  				numTimesMarshalCalledBeforeReturnErr: 0,
   474  			}
   475  
   476  			serializedJWE, err := jwe.FullSerialize(fm.failingMarshal)
   477  			require.Equal(t, errFailingMarshal, err)
   478  			require.Empty(t, serializedJWE)
   479  		})
   480  		t.Run("fail to marshal recipients", func(t *testing.T) {
   481  			jwe := JSONWebEncryption{
   482  				Recipients: make([]*Recipient, 2),
   483  			}
   484  
   485  			jwe.Recipients[0] = &Recipient{}
   486  			jwe.Recipients[1] = &Recipient{}
   487  
   488  			fm := &failingMarshaller{
   489  				numTimesMarshalCalledBeforeReturnErr: 0,
   490  			}
   491  
   492  			serializedJWE, err := jwe.FullSerialize(fm.failingMarshal)
   493  			require.Equal(t, errFailingMarshal, err)
   494  			require.Empty(t, serializedJWE)
   495  		})
   496  		t.Run("fail to marshal rawJSONWebEncryption", func(t *testing.T) {
   497  			jwe := JSONWebEncryption{
   498  				Ciphertext: "some ciphertext",
   499  			}
   500  
   501  			fm := &failingMarshaller{
   502  				numTimesMarshalCalledBeforeReturnErr: 0,
   503  			}
   504  
   505  			serializedJWE, err := jwe.FullSerialize(fm.failingMarshal)
   506  			require.Equal(t, errFailingMarshal, err)
   507  			require.Empty(t, serializedJWE)
   508  		})
   509  	})
   510  }
   511  
   512  func TestJSONWebEncryption_CompactSerialize(t *testing.T) {
   513  	t.Run("Success", func(t *testing.T) {
   514  		protectedHeaders := Headers{
   515  			"protectedheader1": "protectedtestvalue1",
   516  			"protectedheader2": "protectedtestvalue2",
   517  		}
   518  		recipients := make([]*Recipient, 1)
   519  
   520  		recipients[0] = &Recipient{
   521  			EncryptedKey: "TestKey",
   522  		}
   523  
   524  		jwe := JSONWebEncryption{
   525  			ProtectedHeaders: protectedHeaders,
   526  			Recipients:       recipients,
   527  			IV:               "TestIV",
   528  			Ciphertext:       "TestCipherText",
   529  			Tag:              "TestTag",
   530  		}
   531  
   532  		compactJWE, err := jwe.CompactSerialize(json.Marshal)
   533  		require.NoError(t, err)
   534  		require.Equal(t, expectedCompactJWE, compactJWE)
   535  	})
   536  	t.Run("Unable to compact serialize - missing protected headers", func(t *testing.T) {
   537  		jwe := JSONWebEncryption{}
   538  
   539  		compactJWE, err := jwe.CompactSerialize(json.Marshal)
   540  		require.Equal(t, errProtectedHeaderMissing, err)
   541  		require.Empty(t, compactJWE)
   542  	})
   543  	t.Run("Unable to compact serialize - too many recipients", func(t *testing.T) {
   544  		protectedHeaders := Headers{
   545  			"protectedheader1": "protectedtestvalue1",
   546  			"protectedheader2": "protectedtestvalue2",
   547  		}
   548  		recipients := make([]*Recipient, 2)
   549  
   550  		jwe := JSONWebEncryption{
   551  			ProtectedHeaders: protectedHeaders,
   552  			Recipients:       recipients,
   553  		}
   554  
   555  		compactJWE, err := jwe.CompactSerialize(json.Marshal)
   556  		require.Equal(t, errNotOnlyOneRecipient, err)
   557  		require.Empty(t, compactJWE)
   558  	})
   559  	t.Run("Unable to compact serialize - JWE contains an unprotected header", func(t *testing.T) {
   560  		protectedHeaders := Headers{
   561  			"protectedheader1": "protectedtestvalue1",
   562  			"protectedheader2": "protectedtestvalue2",
   563  		}
   564  		unprotectedHeaders := Headers{
   565  			"unprotectedheader1": "unprotectedtestvalue1",
   566  			"unprotectedheader2": "unprotectedtestvalue2",
   567  		}
   568  		recipients := make([]*Recipient, 1)
   569  
   570  		jwe := JSONWebEncryption{
   571  			ProtectedHeaders:   protectedHeaders,
   572  			UnprotectedHeaders: unprotectedHeaders,
   573  			Recipients:         recipients,
   574  			AAD:                "TestAAD",
   575  			IV:                 "TestIV",
   576  			Ciphertext:         "TestCipherText",
   577  			Tag:                "TestTag",
   578  		}
   579  
   580  		compactJWE, err := jwe.CompactSerialize(json.Marshal)
   581  		require.Equal(t, errUnprotectedHeaderUnsupported, err)
   582  		require.Empty(t, compactJWE)
   583  	})
   584  	t.Run("Unable to compact serialize - recipient contains a header", func(t *testing.T) {
   585  		protectedHeaders := Headers{
   586  			"protectedheader1": "protectedtestvalue1",
   587  			"protectedheader2": "protectedtestvalue2",
   588  		}
   589  		recipients := make([]*Recipient, 1)
   590  
   591  		recipients[0] = &Recipient{
   592  
   593  			EncryptedKey: "TestKey",
   594  			Header: &RecipientHeaders{
   595  				APU: "TestAPU",
   596  				IV:  "TestIV",
   597  				Tag: "TestTag",
   598  				KID: "TestKID",
   599  				EPK: []byte(exampleEPK),
   600  			},
   601  		}
   602  
   603  		jwe := JSONWebEncryption{
   604  			ProtectedHeaders: protectedHeaders,
   605  			Recipients:       recipients,
   606  		}
   607  
   608  		compactJWE, err := jwe.CompactSerialize(json.Marshal)
   609  		require.Equal(t, errPerRecipientHeaderUnsupported, err)
   610  		require.Empty(t, compactJWE)
   611  	})
   612  	t.Run("Fail to marshal protected headers", func(t *testing.T) {
   613  		protectedHeaders := Headers{
   614  			"protectedheader1": "protectedtestvalue1",
   615  			"protectedheader2": "protectedtestvalue2",
   616  		}
   617  		recipients := make([]*Recipient, 1)
   618  
   619  		recipients[0] = &Recipient{
   620  			EncryptedKey: "TestKey",
   621  		}
   622  
   623  		jwe := JSONWebEncryption{
   624  			ProtectedHeaders: protectedHeaders,
   625  			Recipients:       recipients,
   626  			IV:               "TestIV",
   627  			Ciphertext:       "TestCipherText",
   628  			Tag:              "TestTag",
   629  		}
   630  
   631  		fm := &failingMarshaller{
   632  			numTimesMarshalCalledBeforeReturnErr: 0,
   633  		}
   634  
   635  		compactJWE, err := jwe.CompactSerialize(fm.failingMarshal)
   636  		require.Equal(t, errFailingMarshal, err)
   637  		require.Empty(t, compactJWE)
   638  	})
   639  	t.Run("Fail to marshal with non empty AAD", func(t *testing.T) {
   640  		protectedHeaders := Headers{
   641  			"protectedheader1": "protectedtestvalue1",
   642  			"protectedheader2": "protectedtestvalue2",
   643  		}
   644  		recipients := make([]*Recipient, 1)
   645  
   646  		recipients[0] = &Recipient{
   647  			EncryptedKey: "TestKey",
   648  		}
   649  
   650  		jwe := JSONWebEncryption{
   651  			ProtectedHeaders: protectedHeaders,
   652  			Recipients:       recipients,
   653  			AAD:              "AAD", // compact serialize should fail with AAD field
   654  			IV:               "TestIV",
   655  			Ciphertext:       "TestCipherText",
   656  			Tag:              "TestTag",
   657  		}
   658  
   659  		compactJWE, err := jwe.CompactSerialize(json.Marshal)
   660  		require.EqualError(t, err, errAADHeaderUnsupported.Error())
   661  		require.Empty(t, compactJWE)
   662  	})
   663  }
   664  
   665  func TestJSONWebEncryption_PrepareHeaders(t *testing.T) {
   666  	t.Run("fail when marshalling protected headers", func(t *testing.T) {
   667  		jwe := JSONWebEncryption{
   668  			ProtectedHeaders: Headers{},
   669  		}
   670  
   671  		fm := &failingMarshaller{
   672  			numTimesMarshalCalledBeforeReturnErr: 0,
   673  		}
   674  
   675  		marshalledProtectedHeaders, marshalledUnprotectedHeaders, err :=
   676  			jwe.prepareHeaders(fm.failingMarshal)
   677  		require.Equal(t, errFailingMarshal, err)
   678  		require.Empty(t, marshalledProtectedHeaders)
   679  		require.Nil(t, marshalledUnprotectedHeaders)
   680  	})
   681  	t.Run("fail when marshalling unprotected headers", func(t *testing.T) {
   682  		jwe := JSONWebEncryption{
   683  			ProtectedHeaders:   Headers{},
   684  			UnprotectedHeaders: Headers{},
   685  		}
   686  
   687  		fm := &failingMarshaller{
   688  			numTimesMarshalCalledBeforeReturnErr: 1,
   689  		}
   690  
   691  		marshalledProtectedHeaders, marshalledUnprotectedHeaders, err :=
   692  			jwe.prepareHeaders(fm.failingMarshal)
   693  		require.Equal(t, errFailingMarshal, err)
   694  		require.Empty(t, marshalledProtectedHeaders)
   695  		require.Nil(t, marshalledUnprotectedHeaders)
   696  	})
   697  }
   698  
   699  func TestDeserialize(t *testing.T) {
   700  	t.Run("Full JWE tests", func(t *testing.T) {
   701  		t.Run("Success - JWE without EPK", func(t *testing.T) {
   702  			deserializedJWE, err := Deserialize(exampleMockJWEAllFields)
   703  			require.NoError(t, err)
   704  			require.NotNil(t, deserializedJWE)
   705  
   706  			reserializedJWE, err := deserializedJWE.FullSerialize(json.Marshal)
   707  			require.NoError(t, err)
   708  			require.Equal(t, exampleMockJWEAllFields, reserializedJWE)
   709  		})
   710  		t.Run("Success - JWE with many recipients, each with an EPK", func(t *testing.T) {
   711  			deserializedJWE, err := Deserialize(exampleRealFullJWEWithEPKs)
   712  			require.NoError(t, err)
   713  			require.NotNil(t, deserializedJWE)
   714  
   715  			reserializedJWE, err := deserializedJWE.FullSerialize(json.Marshal)
   716  			require.NoError(t, err)
   717  			require.Equal(t, exampleRealFullJWEWithEPKs, reserializedJWE)
   718  		})
   719  		t.Run("Unable to unmarshal serialized JWE string", func(t *testing.T) {
   720  			deserializedJWE, err := Deserialize("{")
   721  			require.EqualError(t, err, "unexpected end of JSON input")
   722  			require.Nil(t, deserializedJWE)
   723  		})
   724  		t.Run("Protected headers are not base64-encoded", func(t *testing.T) {
   725  			deserializedJWE, err := Deserialize(`{"protected":"Not base64-encoded"}`)
   726  			require.EqualError(t, err, "illegal base64 data at input byte 3")
   727  			require.Nil(t, deserializedJWE)
   728  		})
   729  		t.Run("Protected headers are base64-encoded, but cannot be unmarshalled", func(t *testing.T) {
   730  			deserializedJWE, err := Deserialize(`{"protected":"` +
   731  				base64.RawURLEncoding.EncodeToString([]byte("invalid protected headers")) + `"}`)
   732  			require.EqualError(t, err, "invalid character 'i' looking for beginning of value")
   733  			require.Nil(t, deserializedJWE)
   734  		})
   735  		t.Run("Unable to unmarshal unprotected headers", func(t *testing.T) {
   736  			deserializedJWE, err := Deserialize(
   737  				`{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` +
   738  					`hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0", "unprotected":""}`)
   739  			require.EqualError(t, err, "json: cannot unmarshal string into Go value of type jose.Headers")
   740  			require.Nil(t, deserializedJWE)
   741  		})
   742  		t.Run("Unable to unmarshal recipients", func(t *testing.T) {
   743  			deserializedJWE, err := Deserialize(
   744  				`{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` +
   745  					`hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` +
   746  					`"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":""}`)
   747  			require.EqualError(t, err, "json: cannot unmarshal string into Go value of type []*jose.Recipient")
   748  			require.Nil(t, deserializedJWE)
   749  		})
   750  		t.Run("AAD is not base64-encoded", func(t *testing.T) {
   751  			deserializedJWE, err := Deserialize(
   752  				`{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` +
   753  					`hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` +
   754  					`"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"aad":"not base64-encoded"}`)
   755  			require.EqualError(t, err, "illegal base64 data at input byte 3")
   756  			require.Nil(t, deserializedJWE)
   757  		})
   758  		t.Run("IV is not base64-encoded", func(t *testing.T) {
   759  			deserializedJWE, err := Deserialize(
   760  				`{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` +
   761  					`hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` +
   762  					`"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"iv":"not base64-encoded"}`)
   763  			require.EqualError(t, err, "illegal base64 data at input byte 3")
   764  			require.Nil(t, deserializedJWE)
   765  		})
   766  		t.Run("Ciphertext is not base64-encoded", func(t *testing.T) {
   767  			deserializedJWE, err := Deserialize(
   768  				`{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` +
   769  					`hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` +
   770  					`"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"ciphertext":` +
   771  					`"not base64-encoded"}`)
   772  			require.EqualError(t, err, "illegal base64 data at input byte 3")
   773  			require.Nil(t, deserializedJWE)
   774  		})
   775  		t.Run("Tag is not base64-encoded", func(t *testing.T) {
   776  			deserializedJWE, err := Deserialize(
   777  				`{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` +
   778  					`hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` +
   779  					`"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"tag":"not base64-encoded"}`)
   780  			require.EqualError(t, err, "illegal base64 data at input byte 3")
   781  			require.Nil(t, deserializedJWE)
   782  		})
   783  	})
   784  	t.Run("Flattened JWE tests", func(t *testing.T) {
   785  		t.Run("Recipient encrypted key is not base64-encoded", func(t *testing.T) {
   786  			deserializedJWE, err := Deserialize(
   787  				`{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` +
   788  					`hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` +
   789  					`"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"encrypted_key":` +
   790  					`"not base64-encoded"}`)
   791  			require.EqualError(t, err, "illegal base64 data at input byte 3")
   792  			require.Nil(t, deserializedJWE)
   793  		})
   794  		t.Run("Unable to unmarshal single recipient header", func(t *testing.T) {
   795  			deserializedJWE, err := Deserialize(
   796  				`{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` +
   797  					`hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` +
   798  					`"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"header":` +
   799  					`"not a valid value"}`)
   800  			require.EqualError(t, err, "json: cannot unmarshal string into Go value of type jose.RecipientHeaders")
   801  			require.Nil(t, deserializedJWE)
   802  		})
   803  	})
   804  	t.Run("Compact JWE tests", func(t *testing.T) {
   805  		t.Run("Success", func(t *testing.T) {
   806  			deserializedJWE, err := Deserialize(exampleRealCompactJWE)
   807  			require.NoError(t, err)
   808  			require.NotNil(t, deserializedJWE)
   809  
   810  			reserializedJWE, err := deserializedJWE.FullSerialize(json.Marshal)
   811  			require.NoError(t, err)
   812  			require.Equal(t, expectedSerializedCompactJWE, reserializedJWE)
   813  		})
   814  		t.Run("Invalid compact JWE - wrong number of parts", func(t *testing.T) {
   815  			deserializedJWE, err := Deserialize("")
   816  			require.Equal(t, errWrongNumberOfCompactJWEParts, err)
   817  			require.Nil(t, deserializedJWE)
   818  		})
   819  	})
   820  }
   821  
   822  func TestInterop(t *testing.T) {
   823  	t.Run("Use go-jose to deserialize JWE that's been serialized with Aries", func(t *testing.T) {
   824  		ariesJWE, err := Deserialize(exampleRealFullJWE)
   825  		require.NoError(t, err)
   826  		require.NotNil(t, ariesJWE)
   827  
   828  		reserializedAriesJWE, err := ariesJWE.FullSerialize(json.Marshal)
   829  		require.NoError(t, err)
   830  		require.NotEmpty(t, reserializedAriesJWE)
   831  
   832  		goJoseJWE, err := jose.ParseEncrypted(reserializedAriesJWE)
   833  		require.NoError(t, err)
   834  		require.NotNil(t, goJoseJWE)
   835  	})
   836  	t.Run("Use go-jose to deserialize JWE that's been compact serialized with Aries", func(t *testing.T) {
   837  		ariesJWE, err := Deserialize(exampleRealCompactJWE)
   838  		require.NoError(t, err)
   839  		require.NotNil(t, ariesJWE)
   840  
   841  		compactAriesJWE, err := ariesJWE.CompactSerialize(json.Marshal)
   842  		require.NoError(t, err)
   843  		require.Equal(t, exampleRealCompactJWE, compactAriesJWE)
   844  
   845  		goJoseJWE, err := jose.ParseEncrypted(compactAriesJWE)
   846  		require.NoError(t, err)
   847  		require.NotNil(t, goJoseJWE)
   848  	})
   849  	t.Run("Use Aries to deserialize JWE that's been serialized with go-jose using full syntax",
   850  		func(t *testing.T) {
   851  			goJoseJWE, err := jose.ParseEncrypted(exampleRealFullJWE)
   852  			require.NoError(t, err)
   853  			require.NotNil(t, goJoseJWE)
   854  
   855  			reserializedGoJoseJWEString := goJoseJWE.FullSerialize()
   856  			require.NotEmpty(t, reserializedGoJoseJWEString)
   857  
   858  			ariesJWE, err := Deserialize(reserializedGoJoseJWEString)
   859  			require.NoError(t, err)
   860  			require.NotNil(t, ariesJWE)
   861  		})
   862  	t.Run("Use Aries to deserialize JWE that's been serialized with go-jose using compact syntax",
   863  		func(t *testing.T) {
   864  			goJoseJWE, err := jose.ParseEncrypted(exampleRealCompactJWE)
   865  			require.NoError(t, err)
   866  			require.NotNil(t, goJoseJWE)
   867  
   868  			reserializedGoJoseJWEString, err := goJoseJWE.CompactSerialize()
   869  			require.NoError(t, err)
   870  			require.NotEmpty(t, reserializedGoJoseJWEString)
   871  
   872  			ariesJWE, err := Deserialize(reserializedGoJoseJWEString)
   873  			require.NoError(t, err)
   874  			require.NotNil(t, ariesJWE)
   875  		})
   876  	t.Run("Deserialize full JWE with aries and go-jose, then reserialize and compare", func(t *testing.T) {
   877  		ariesJWE, err := Deserialize(exampleRealFullJWE)
   878  		require.NoError(t, err)
   879  		require.NotNil(t, ariesJWE)
   880  
   881  		reserializedAriesJWE, err := ariesJWE.FullSerialize(json.Marshal)
   882  		require.NoError(t, err)
   883  		require.NotEmpty(t, reserializedAriesJWE)
   884  
   885  		require.Equal(t, exampleRealFullJWE, reserializedAriesJWE)
   886  
   887  		goJoseJWE, err := jose.ParseEncrypted(exampleRealFullJWE)
   888  		require.NoError(t, err)
   889  		require.NotNil(t, goJoseJWE)
   890  
   891  		reserializedGoJoseJWE := goJoseJWE.FullSerialize()
   892  		require.NotEmpty(t, reserializedGoJoseJWE)
   893  
   894  		checkEquality(t, reserializedGoJoseJWE, reserializedAriesJWE)
   895  	})
   896  	t.Run("Deserialize compact JWE with aries and go-jose, then reserialize and compare", func(t *testing.T) {
   897  		ariesJWE, err := Deserialize(exampleRealCompactJWE)
   898  		require.NoError(t, err)
   899  		require.NotNil(t, ariesJWE)
   900  
   901  		reserializedAriesJWE, err := ariesJWE.FullSerialize(json.Marshal)
   902  		require.NoError(t, err)
   903  		require.NotEmpty(t, reserializedAriesJWE)
   904  
   905  		goJoseJWE, err := jose.ParseEncrypted(exampleRealCompactJWE)
   906  		require.NoError(t, err)
   907  		require.NotNil(t, goJoseJWE)
   908  
   909  		reserializedGoJoseJWEString := goJoseJWE.FullSerialize()
   910  		require.NotEmpty(t, reserializedGoJoseJWEString)
   911  
   912  		require.Equal(t, reserializedGoJoseJWEString, reserializedAriesJWE)
   913  	})
   914  }
   915  
   916  func checkEquality(t *testing.T, goJoseJWE, ariesJWE string) {
   917  	// When there are multiple recipients, for some reason the go-jose library seems to put the first recipient's
   918  	// encrypted key in the top-level JSON object - but this should only be done when using the flattened syntax,
   919  	// and that is only allowed when there is a single recipient, so go-jose's serialize function doesn't seem to be
   920  	// strictly compliant with the spec. In order to make the resulting serialized strings comparable,
   921  	// the extra encrypted key field is stripped out.
   922  	goJoseJWEBeforeNonCompliantPart := goJoseJWE[:642]
   923  	gojoseJWEAfterNonCompliantPart := goJoseJWE[1003:]
   924  	goJoseJWEWithoutNonCompliantPart := goJoseJWEBeforeNonCompliantPart + gojoseJWEAfterNonCompliantPart
   925  
   926  	require.Equal(t, goJoseJWEWithoutNonCompliantPart, ariesJWE)
   927  }
   928  
   929  type failingMarshaller struct {
   930  	numTimesMarshalCalled                int
   931  	numTimesMarshalCalledBeforeReturnErr int
   932  }
   933  
   934  func (m *failingMarshaller) failingMarshal(v interface{}) ([]byte, error) {
   935  	if m.numTimesMarshalCalled == m.numTimesMarshalCalledBeforeReturnErr {
   936  		return nil, errFailingMarshal
   937  	}
   938  
   939  	m.numTimesMarshalCalled++
   940  
   941  	return nil, nil
   942  }