github.com/trustbloc/kms-go@v1.1.2/doc/jose/jwe_test.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package jose 8 9 import ( 10 "encoding/base64" 11 "encoding/json" 12 "errors" 13 "testing" 14 15 "github.com/go-jose/go-jose/v3" 16 "github.com/stretchr/testify/require" 17 ) 18 19 const ( 20 exampleEPK = `{"kty":"EC","crv":"P-256","x":"0_Zip_vHBNI-P_in4S2OuPsxWy9cMWCem-ubr4hK1D0","y":"UTIlc5Vf0Ul` + 21 `yrOgxFzZjt3JwKTA99cfkVNGu70_UZpA"}` 22 23 exampleMockJWEAllFields = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVl` + 24 `MSIsInByb3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unp` + 25 `rotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"Tes` + 26 `tAPU","iv":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdE` + 27 `tleQ"},{"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + 28 exampleEPK + `},"encrypt` + `ed_key":"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","iv":"VGVzdElW","ciphertext":"` + 29 `VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}` 30 exampleMockJWEAllFieldsOneRecipient = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVl` + 31 `MSIsInByb3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unp` + 32 `rotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"encrypted_key":"VGVzdEtleQ","heade` + 33 `r":{"apu":"TestAPU","iv":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"aad":"VG` + 34 `VzdEFBRA","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}` 35 exampleMockJWEProtectedFieldAbsent = `{"unprotected":{"unprotectedheader1":"unprotectedtestvalue1","unpr` + 36 `otectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"TestAPU","iv":"TestIV","tag"` + 37 `:"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"},{"header":{"apu":"` + 38 `TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK + `},"encrypted_key":` + 39 `"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}` 40 exampleMockJWEUnprotectedFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVl` + 41 `MSIsInByb3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","recipients":[{"header":{"apu":"TestAPU"` + 42 `,"iv":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"` + 43 `},{"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK + 44 `},"encrypted_key":"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleH` + 45 `Q","tag":"VGVzdFRhZw"}` 46 exampleMockJWERecipientsFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVl` + 47 `MSIsInByb3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unp` + 48 `rotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{}],"aad":"VGVzdEFBRA` + 49 `","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}` 50 exampleMockJWEIVFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInBy` + 51 `b3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unprotected` + 52 `testvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"TestAPU","i` + 53 `v":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"},{` + 54 `"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK + `}` + 55 `,"encrypted_key":"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}` 56 exampleMockJWEAADFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInBy` + 57 `b3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unprotected` + 58 `testvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"TestAPU","i` + 59 `v":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"},{` + 60 `"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK + `}` + 61 `,"encrypted_key":"VGVzdEtleTI"}],"iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ","tag":"VGVzdFRhZw"}` 62 exampleMockJWETagFieldAbsent = `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInBy` + 63 `b3RlY3RlZGhlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":"unprotected` + 64 `testvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":[{"header":{"apu":"TestAPU","i` + 65 `v":"TestIV","tag":"TestTag","kid":"TestKID","epk":` + exampleEPK + `},"encrypted_key":"VGVzdEtleQ"},{` + 66 `"header":{"apu":"TestAPU2","iv":"TestIV2","tag":"TestTag2","kid":"TestKID2","epk":` + exampleEPK + `}` + 67 `,"encrypted_key":"VGVzdEtleTI"}],"aad":"VGVzdEFBRA","iv":"VGVzdElW","ciphertext":"VGVzdENpcGhlclRleHQ"}` 68 69 exampleRealFullJWE = `{"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","unprotected":{"jku":"https://serv` + 70 `er.example.com/keys.jwks"},"recipients":[{"header":{"alg":"RSA1_5","kid":"2011-04-29"},"encrypted_key` + 71 `":"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdU` + 72 `LU7sHNF6Gp2vPLgNZ__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIFNPccxRU` + 73 `7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP` + 74 `-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A"},{"header":{"alg":"A128KW","kid":"7"},"encrypted_key":"6K` + 75 `B707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"}],"iv":"AxY8DCtDaGlsbGljb3RoZQ","ciphertext":"K` + 76 `DlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY","tag":"Mz-VPPyU4RlcuYv1IwIvzw"}` 77 exampleRealFullJWEWithEPKs = `{"protected":"eyJlbmMiOiJBMjU2R0NNIn0","recipients":[{"header":{"alg":"ECDH-` + 78 `ES+A256KW","epk":{"kty":"EC","crv":"P-256","x":"nHdqtsfXMabc2a1dtpnOgvWhkRiPxHopnfFH-BtSOaQ","y":"GWG` + 79 `uLnoohFrpXExSuuuOz-p3uSFFq1FVZP0dN-3q9H8"}},"encrypted_key":"fE26rjeON_iBo84fkvD56nLthhRM04LPzrYiIUQ4` + 80 `E5caOhtU95-t2w"},{"header":{"alg":"ECDH-ES+A256KW","epk":{"kty":"EC","crv":"P-256","x":"r2wTh-URkmIuK` + 81 `3f4LaJvPP7wTZVG7sdVatGxGadPPqA","y":"tZ29KzMcIrF9j-SakwtR9a-qP0iV4hdaeghjnpPgoaQ"}},"encrypted_key":"` + 82 `cixwgiJZK3JtKAOX2UHSE9N_4s4CXruAWby8efyQWueY-wx0_qeIrg"},{"header":{"alg":"ECDH-ES+A256KW","epk":{"kt` + 83 `y":"EC","crv":"P-256","x":"t0p3XILJf-1FMkuQqyX59kBpxVaYd-DIjrY3oDxvFHA","y":"Wfme-7LxEUK7sewvXhxrTV6c` + 84 `EVMkROPGbd2glkddAZs"}},"encrypted_key":"YSQvknAFf5teYWg2eciNiVx5oXNbKS688Dd_0aVxgtFtelxqc8Jv0g"}],"iv` + 85 `":"8-9HnO8n5et1Se3y","ciphertext":"jlgZfA44GMe-mhZLzxcur9g40g","tag":"rbXD5g7QxIOc4_J7idRHQA"}` 86 exampleRealCompactJWE = "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LFpZcgV7T6DV" + 87 "ZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uV" + 88 "uxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyP" + 89 "GLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKH" + 90 "zg.48V1_ALb6US04U3b.5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_" + 91 "A.XFBoMYUZodetZdvTiFvSkQ" 92 93 expectedSerializedCompactJWE = `{"protected":"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ","encrypted_k` + 94 `ey":"OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKA` + 95 `q7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfw` + 96 `X7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWX` + 97 `RcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKHzg","iv":"48V1_ALb6US04U3b","ciphertext":"5eym8TW_c8SuK0ltJ` + 98 `3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A","tag":"XFBoMYUZodetZdvTiFvSkQ"}` 99 100 expectedCompactJWE = `eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZGhlYWRlcjIiOiJw` + 101 `cm90ZWN0ZWR0ZXN0dmFsdWUyIn0.VGVzdEtleQ.VGVzdElW.VGVzdENpcGhlclRleHQ.VGVzdFRhZw` 102 ) 103 104 var errFailingMarshal = errors.New("i failed to marshal") 105 106 func TestJSONWebEncryption_Serialize(t *testing.T) { 107 t.Run("Success cases", func(t *testing.T) { 108 t.Run("All fields filled, multiple recipients", func(t *testing.T) { 109 protectedHeaders := Headers{ 110 "protectedheader1": "protectedtestvalue1", 111 "protectedheader2": "protectedtestvalue2", 112 } 113 unprotectedHeaders := Headers{ 114 "unprotectedheader1": "unprotectedtestvalue1", 115 "unprotectedheader2": "unprotectedtestvalue2", 116 } 117 recipients := make([]*Recipient, 2) 118 119 recipients[0] = &Recipient{ 120 EncryptedKey: "TestKey", 121 Header: &RecipientHeaders{ 122 APU: "TestAPU", 123 IV: "TestIV", 124 Tag: "TestTag", 125 KID: "TestKID", 126 EPK: []byte(exampleEPK), 127 }, 128 } 129 recipients[1] = &Recipient{ 130 EncryptedKey: "TestKey2", 131 Header: &RecipientHeaders{ 132 APU: "TestAPU2", 133 IV: "TestIV2", 134 Tag: "TestTag2", 135 KID: "TestKID2", 136 EPK: []byte(exampleEPK), 137 }, 138 } 139 140 jwe := JSONWebEncryption{ 141 ProtectedHeaders: protectedHeaders, 142 UnprotectedHeaders: unprotectedHeaders, 143 Recipients: recipients, 144 AAD: "TestAAD", 145 IV: "TestIV", 146 Ciphertext: "TestCipherText", 147 Tag: "TestTag", 148 } 149 serializedJWE, err := jwe.FullSerialize(json.Marshal) 150 require.NoError(t, err) 151 require.Equal(t, exampleMockJWEAllFields, serializedJWE) 152 }) 153 t.Run("All fields filled, one recipient - serialized JWE uses flattened syntax", func(t *testing.T) { 154 protectedHeaders := Headers{ 155 "protectedheader1": "protectedtestvalue1", 156 "protectedheader2": "protectedtestvalue2", 157 } 158 unprotectedHeaders := Headers{ 159 "unprotectedheader1": "unprotectedtestvalue1", 160 "unprotectedheader2": "unprotectedtestvalue2", 161 } 162 recipients := make([]*Recipient, 1) 163 164 recipients[0] = &Recipient{ 165 EncryptedKey: "TestKey", 166 Header: &RecipientHeaders{ 167 APU: "TestAPU", 168 IV: "TestIV", 169 Tag: "TestTag", 170 KID: "TestKID", 171 EPK: []byte(exampleEPK), 172 }, 173 } 174 175 jwe := JSONWebEncryption{ 176 ProtectedHeaders: protectedHeaders, 177 UnprotectedHeaders: unprotectedHeaders, 178 Recipients: recipients, 179 AAD: "TestAAD", 180 IV: "TestIV", 181 Ciphertext: "TestCipherText", 182 Tag: "TestTag", 183 } 184 serializedJWE, err := jwe.FullSerialize(json.Marshal) 185 require.NoError(t, err) 186 require.Equal(t, exampleMockJWEAllFieldsOneRecipient, serializedJWE) 187 }) 188 t.Run("Successfully serialize JWE, protected header value is empty", func(t *testing.T) { 189 unprotectedHeaders := Headers{ 190 "unprotectedheader1": "unprotectedtestvalue1", 191 "unprotectedheader2": "unprotectedtestvalue2", 192 } 193 recipients := make([]*Recipient, 2) 194 195 recipients[0] = &Recipient{ 196 EncryptedKey: "TestKey", 197 Header: &RecipientHeaders{ 198 APU: "TestAPU", 199 IV: "TestIV", 200 Tag: "TestTag", 201 KID: "TestKID", 202 EPK: []byte(exampleEPK), 203 }, 204 } 205 recipients[1] = &Recipient{ 206 EncryptedKey: "TestKey2", 207 Header: &RecipientHeaders{ 208 APU: "TestAPU2", 209 IV: "TestIV2", 210 Tag: "TestTag2", 211 KID: "TestKID2", 212 EPK: []byte(exampleEPK), 213 }, 214 } 215 216 jwe := JSONWebEncryption{ 217 UnprotectedHeaders: unprotectedHeaders, 218 Recipients: recipients, 219 AAD: "TestAAD", 220 IV: "TestIV", 221 Ciphertext: "TestCipherText", 222 Tag: "TestTag", 223 } 224 serializedJWE, err := jwe.FullSerialize(json.Marshal) 225 require.NoError(t, err) 226 require.Equal(t, exampleMockJWEProtectedFieldAbsent, serializedJWE) 227 }) 228 t.Run("Successfully serialize JWE, unprotected header value is empty", func(t *testing.T) { 229 protectedHeaders := Headers{ 230 "protectedheader1": "protectedtestvalue1", 231 "protectedheader2": "protectedtestvalue2", 232 } 233 recipients := make([]*Recipient, 2) 234 235 recipients[0] = &Recipient{ 236 EncryptedKey: "TestKey", 237 Header: &RecipientHeaders{ 238 APU: "TestAPU", 239 IV: "TestIV", 240 Tag: "TestTag", 241 KID: "TestKID", 242 EPK: []byte(exampleEPK), 243 }, 244 } 245 recipients[1] = &Recipient{ 246 EncryptedKey: "TestKey2", 247 Header: &RecipientHeaders{ 248 APU: "TestAPU2", 249 IV: "TestIV2", 250 Tag: "TestTag2", 251 KID: "TestKID2", 252 EPK: []byte(exampleEPK), 253 }, 254 } 255 256 jwe := JSONWebEncryption{ 257 ProtectedHeaders: protectedHeaders, 258 Recipients: recipients, 259 AAD: "TestAAD", 260 IV: "TestIV", 261 Ciphertext: "TestCipherText", 262 Tag: "TestTag", 263 } 264 serializedJWE, err := jwe.FullSerialize(json.Marshal) 265 require.NoError(t, err) 266 require.Equal(t, exampleMockJWEUnprotectedFieldAbsent, serializedJWE) 267 }) 268 t.Run("Successfully serialize JWE, recipients value is empty", func(t *testing.T) { 269 protectedHeaders := Headers{ 270 "protectedheader1": "protectedtestvalue1", 271 "protectedheader2": "protectedtestvalue2", 272 } 273 unprotectedHeaders := Headers{ 274 "unprotectedheader1": "unprotectedtestvalue1", 275 "unprotectedheader2": "unprotectedtestvalue2", 276 } 277 278 jwe := JSONWebEncryption{ 279 ProtectedHeaders: protectedHeaders, 280 UnprotectedHeaders: unprotectedHeaders, 281 AAD: "TestAAD", 282 IV: "TestIV", 283 Ciphertext: "TestCipherText", 284 Tag: "TestTag", 285 } 286 serializedJWE, err := jwe.FullSerialize(json.Marshal) 287 require.NoError(t, err) 288 require.Equal(t, exampleMockJWERecipientsFieldAbsent, serializedJWE) 289 }) 290 t.Run("Successfully serialize JWE, IV value is empty", func(t *testing.T) { 291 protectedHeaders := Headers{ 292 "protectedheader1": "protectedtestvalue1", 293 "protectedheader2": "protectedtestvalue2", 294 } 295 unprotectedHeaders := Headers{ 296 "unprotectedheader1": "unprotectedtestvalue1", 297 "unprotectedheader2": "unprotectedtestvalue2", 298 } 299 recipients := make([]*Recipient, 2) 300 301 recipients[0] = &Recipient{ 302 EncryptedKey: "TestKey", 303 Header: &RecipientHeaders{ 304 APU: "TestAPU", 305 IV: "TestIV", 306 Tag: "TestTag", 307 KID: "TestKID", 308 EPK: []byte(exampleEPK), 309 }, 310 } 311 recipients[1] = &Recipient{ 312 EncryptedKey: "TestKey2", 313 Header: &RecipientHeaders{ 314 APU: "TestAPU2", 315 IV: "TestIV2", 316 Tag: "TestTag2", 317 KID: "TestKID2", 318 EPK: []byte(exampleEPK), 319 }, 320 } 321 322 jwe := JSONWebEncryption{ 323 ProtectedHeaders: protectedHeaders, 324 UnprotectedHeaders: unprotectedHeaders, 325 Recipients: recipients, 326 AAD: "TestAAD", 327 Ciphertext: "TestCipherText", 328 Tag: "TestTag", 329 } 330 serializedJWE, err := jwe.FullSerialize(json.Marshal) 331 println(serializedJWE) 332 require.NoError(t, err) 333 require.Equal(t, exampleMockJWEIVFieldAbsent, serializedJWE) 334 }) 335 t.Run("Successfully serialize JWE, AAD value is empty", func(t *testing.T) { 336 protectedHeaders := Headers{ 337 "protectedheader1": "protectedtestvalue1", 338 "protectedheader2": "protectedtestvalue2", 339 } 340 unprotectedHeaders := Headers{ 341 "unprotectedheader1": "unprotectedtestvalue1", 342 "unprotectedheader2": "unprotectedtestvalue2", 343 } 344 recipients := make([]*Recipient, 2) 345 346 recipients[0] = &Recipient{ 347 EncryptedKey: "TestKey", 348 Header: &RecipientHeaders{ 349 APU: "TestAPU", 350 IV: "TestIV", 351 Tag: "TestTag", 352 KID: "TestKID", 353 EPK: []byte(exampleEPK), 354 }, 355 } 356 recipients[1] = &Recipient{ 357 EncryptedKey: "TestKey2", 358 Header: &RecipientHeaders{ 359 APU: "TestAPU2", 360 IV: "TestIV2", 361 Tag: "TestTag2", 362 KID: "TestKID2", 363 EPK: []byte(exampleEPK), 364 }, 365 } 366 367 jwe := JSONWebEncryption{ 368 ProtectedHeaders: protectedHeaders, 369 UnprotectedHeaders: unprotectedHeaders, 370 Recipients: recipients, 371 IV: "TestIV", 372 Ciphertext: "TestCipherText", 373 Tag: "TestTag", 374 } 375 serializedJWE, err := jwe.FullSerialize(json.Marshal) 376 require.NoError(t, err) 377 require.Equal(t, exampleMockJWEAADFieldAbsent, serializedJWE) 378 }) 379 t.Run("Successfully serialize JWE, tag value is empty", func(t *testing.T) { 380 protectedHeaders := Headers{ 381 "protectedheader1": "protectedtestvalue1", 382 "protectedheader2": "protectedtestvalue2", 383 } 384 unprotectedHeaders := Headers{ 385 "unprotectedheader1": "unprotectedtestvalue1", 386 "unprotectedheader2": "unprotectedtestvalue2", 387 } 388 recipients := make([]*Recipient, 2) 389 390 recipients[0] = &Recipient{ 391 EncryptedKey: "TestKey", 392 Header: &RecipientHeaders{ 393 APU: "TestAPU", 394 IV: "TestIV", 395 Tag: "TestTag", 396 KID: "TestKID", 397 EPK: []byte(exampleEPK), 398 }, 399 } 400 recipients[1] = &Recipient{ 401 EncryptedKey: "TestKey2", 402 Header: &RecipientHeaders{ 403 APU: "TestAPU2", 404 IV: "TestIV2", 405 Tag: "TestTag2", 406 KID: "TestKID2", 407 EPK: []byte(exampleEPK), 408 }, 409 } 410 411 jwe := JSONWebEncryption{ 412 ProtectedHeaders: protectedHeaders, 413 UnprotectedHeaders: unprotectedHeaders, 414 Recipients: recipients, 415 AAD: "TestAAD", 416 IV: "TestIV", 417 Ciphertext: "TestCipherText", 418 } 419 serializedJWE, err := jwe.FullSerialize(json.Marshal) 420 require.NoError(t, err) 421 require.Equal(t, exampleMockJWETagFieldAbsent, serializedJWE) 422 }) 423 }) 424 t.Run("Error cases", func(t *testing.T) { 425 t.Run("Fail to serialize JWE, ciphertext value is empty", func(t *testing.T) { 426 protectedHeaders := Headers{ 427 "protectedheader1": "protectedtestvalue1", 428 "protectedheader2": "protectedtestvalue2", 429 } 430 unprotectedHeaders := Headers{ 431 "unprotectedheader1": "unprotectedtestvalue1", 432 "unprotectedheader2": "unprotectedtestvalue2", 433 } 434 435 jwe := JSONWebEncryption{ 436 ProtectedHeaders: protectedHeaders, 437 UnprotectedHeaders: unprotectedHeaders, 438 Recipients: nil, 439 AAD: "TestAAD", 440 IV: "TestIV", 441 Tag: "TestTag", 442 } 443 serializedJWE, err := jwe.FullSerialize(json.Marshal) 444 require.Equal(t, errEmptyCiphertext, err) 445 require.Equal(t, "", serializedJWE) 446 }) 447 t.Run("fail to prepare headers", func(t *testing.T) { 448 jwe := JSONWebEncryption{ 449 ProtectedHeaders: Headers{}, 450 } 451 452 fm := &failingMarshaller{ 453 numTimesMarshalCalledBeforeReturnErr: 0, 454 } 455 456 serializedJWE, err := jwe.FullSerialize(fm.failingMarshal) 457 require.Equal(t, errFailingMarshal, err) 458 require.Empty(t, serializedJWE) 459 }) 460 t.Run("Fail to marshal recipient header (single recipient)", func(t *testing.T) { 461 recipients := make([]*Recipient, 1) 462 463 recipients[0] = &Recipient{ 464 EncryptedKey: "TestKey", 465 Header: &RecipientHeaders{}, 466 } 467 468 jwe := JSONWebEncryption{ 469 Recipients: recipients, 470 } 471 472 fm := &failingMarshaller{ 473 numTimesMarshalCalledBeforeReturnErr: 0, 474 } 475 476 serializedJWE, err := jwe.FullSerialize(fm.failingMarshal) 477 require.Equal(t, errFailingMarshal, err) 478 require.Empty(t, serializedJWE) 479 }) 480 t.Run("fail to marshal recipients", func(t *testing.T) { 481 jwe := JSONWebEncryption{ 482 Recipients: make([]*Recipient, 2), 483 } 484 485 jwe.Recipients[0] = &Recipient{} 486 jwe.Recipients[1] = &Recipient{} 487 488 fm := &failingMarshaller{ 489 numTimesMarshalCalledBeforeReturnErr: 0, 490 } 491 492 serializedJWE, err := jwe.FullSerialize(fm.failingMarshal) 493 require.Equal(t, errFailingMarshal, err) 494 require.Empty(t, serializedJWE) 495 }) 496 t.Run("fail to marshal rawJSONWebEncryption", func(t *testing.T) { 497 jwe := JSONWebEncryption{ 498 Ciphertext: "some ciphertext", 499 } 500 501 fm := &failingMarshaller{ 502 numTimesMarshalCalledBeforeReturnErr: 0, 503 } 504 505 serializedJWE, err := jwe.FullSerialize(fm.failingMarshal) 506 require.Equal(t, errFailingMarshal, err) 507 require.Empty(t, serializedJWE) 508 }) 509 }) 510 } 511 512 func TestJSONWebEncryption_CompactSerialize(t *testing.T) { 513 t.Run("Success", func(t *testing.T) { 514 protectedHeaders := Headers{ 515 "protectedheader1": "protectedtestvalue1", 516 "protectedheader2": "protectedtestvalue2", 517 } 518 recipients := make([]*Recipient, 1) 519 520 recipients[0] = &Recipient{ 521 EncryptedKey: "TestKey", 522 } 523 524 jwe := JSONWebEncryption{ 525 ProtectedHeaders: protectedHeaders, 526 Recipients: recipients, 527 IV: "TestIV", 528 Ciphertext: "TestCipherText", 529 Tag: "TestTag", 530 } 531 532 compactJWE, err := jwe.CompactSerialize(json.Marshal) 533 require.NoError(t, err) 534 require.Equal(t, expectedCompactJWE, compactJWE) 535 }) 536 t.Run("Unable to compact serialize - missing protected headers", func(t *testing.T) { 537 jwe := JSONWebEncryption{} 538 539 compactJWE, err := jwe.CompactSerialize(json.Marshal) 540 require.Equal(t, errProtectedHeaderMissing, err) 541 require.Empty(t, compactJWE) 542 }) 543 t.Run("Unable to compact serialize - too many recipients", func(t *testing.T) { 544 protectedHeaders := Headers{ 545 "protectedheader1": "protectedtestvalue1", 546 "protectedheader2": "protectedtestvalue2", 547 } 548 recipients := make([]*Recipient, 2) 549 550 jwe := JSONWebEncryption{ 551 ProtectedHeaders: protectedHeaders, 552 Recipients: recipients, 553 } 554 555 compactJWE, err := jwe.CompactSerialize(json.Marshal) 556 require.Equal(t, errNotOnlyOneRecipient, err) 557 require.Empty(t, compactJWE) 558 }) 559 t.Run("Unable to compact serialize - JWE contains an unprotected header", func(t *testing.T) { 560 protectedHeaders := Headers{ 561 "protectedheader1": "protectedtestvalue1", 562 "protectedheader2": "protectedtestvalue2", 563 } 564 unprotectedHeaders := Headers{ 565 "unprotectedheader1": "unprotectedtestvalue1", 566 "unprotectedheader2": "unprotectedtestvalue2", 567 } 568 recipients := make([]*Recipient, 1) 569 570 jwe := JSONWebEncryption{ 571 ProtectedHeaders: protectedHeaders, 572 UnprotectedHeaders: unprotectedHeaders, 573 Recipients: recipients, 574 AAD: "TestAAD", 575 IV: "TestIV", 576 Ciphertext: "TestCipherText", 577 Tag: "TestTag", 578 } 579 580 compactJWE, err := jwe.CompactSerialize(json.Marshal) 581 require.Equal(t, errUnprotectedHeaderUnsupported, err) 582 require.Empty(t, compactJWE) 583 }) 584 t.Run("Unable to compact serialize - recipient contains a header", func(t *testing.T) { 585 protectedHeaders := Headers{ 586 "protectedheader1": "protectedtestvalue1", 587 "protectedheader2": "protectedtestvalue2", 588 } 589 recipients := make([]*Recipient, 1) 590 591 recipients[0] = &Recipient{ 592 593 EncryptedKey: "TestKey", 594 Header: &RecipientHeaders{ 595 APU: "TestAPU", 596 IV: "TestIV", 597 Tag: "TestTag", 598 KID: "TestKID", 599 EPK: []byte(exampleEPK), 600 }, 601 } 602 603 jwe := JSONWebEncryption{ 604 ProtectedHeaders: protectedHeaders, 605 Recipients: recipients, 606 } 607 608 compactJWE, err := jwe.CompactSerialize(json.Marshal) 609 require.Equal(t, errPerRecipientHeaderUnsupported, err) 610 require.Empty(t, compactJWE) 611 }) 612 t.Run("Fail to marshal protected headers", func(t *testing.T) { 613 protectedHeaders := Headers{ 614 "protectedheader1": "protectedtestvalue1", 615 "protectedheader2": "protectedtestvalue2", 616 } 617 recipients := make([]*Recipient, 1) 618 619 recipients[0] = &Recipient{ 620 EncryptedKey: "TestKey", 621 } 622 623 jwe := JSONWebEncryption{ 624 ProtectedHeaders: protectedHeaders, 625 Recipients: recipients, 626 IV: "TestIV", 627 Ciphertext: "TestCipherText", 628 Tag: "TestTag", 629 } 630 631 fm := &failingMarshaller{ 632 numTimesMarshalCalledBeforeReturnErr: 0, 633 } 634 635 compactJWE, err := jwe.CompactSerialize(fm.failingMarshal) 636 require.Equal(t, errFailingMarshal, err) 637 require.Empty(t, compactJWE) 638 }) 639 t.Run("Fail to marshal with non empty AAD", func(t *testing.T) { 640 protectedHeaders := Headers{ 641 "protectedheader1": "protectedtestvalue1", 642 "protectedheader2": "protectedtestvalue2", 643 } 644 recipients := make([]*Recipient, 1) 645 646 recipients[0] = &Recipient{ 647 EncryptedKey: "TestKey", 648 } 649 650 jwe := JSONWebEncryption{ 651 ProtectedHeaders: protectedHeaders, 652 Recipients: recipients, 653 AAD: "AAD", // compact serialize should fail with AAD field 654 IV: "TestIV", 655 Ciphertext: "TestCipherText", 656 Tag: "TestTag", 657 } 658 659 compactJWE, err := jwe.CompactSerialize(json.Marshal) 660 require.EqualError(t, err, errAADHeaderUnsupported.Error()) 661 require.Empty(t, compactJWE) 662 }) 663 } 664 665 func TestJSONWebEncryption_PrepareHeaders(t *testing.T) { 666 t.Run("fail when marshalling protected headers", func(t *testing.T) { 667 jwe := JSONWebEncryption{ 668 ProtectedHeaders: Headers{}, 669 } 670 671 fm := &failingMarshaller{ 672 numTimesMarshalCalledBeforeReturnErr: 0, 673 } 674 675 marshalledProtectedHeaders, marshalledUnprotectedHeaders, err := 676 jwe.prepareHeaders(fm.failingMarshal) 677 require.Equal(t, errFailingMarshal, err) 678 require.Empty(t, marshalledProtectedHeaders) 679 require.Nil(t, marshalledUnprotectedHeaders) 680 }) 681 t.Run("fail when marshalling unprotected headers", func(t *testing.T) { 682 jwe := JSONWebEncryption{ 683 ProtectedHeaders: Headers{}, 684 UnprotectedHeaders: Headers{}, 685 } 686 687 fm := &failingMarshaller{ 688 numTimesMarshalCalledBeforeReturnErr: 1, 689 } 690 691 marshalledProtectedHeaders, marshalledUnprotectedHeaders, err := 692 jwe.prepareHeaders(fm.failingMarshal) 693 require.Equal(t, errFailingMarshal, err) 694 require.Empty(t, marshalledProtectedHeaders) 695 require.Nil(t, marshalledUnprotectedHeaders) 696 }) 697 } 698 699 func TestDeserialize(t *testing.T) { 700 t.Run("Full JWE tests", func(t *testing.T) { 701 t.Run("Success - JWE without EPK", func(t *testing.T) { 702 deserializedJWE, err := Deserialize(exampleMockJWEAllFields) 703 require.NoError(t, err) 704 require.NotNil(t, deserializedJWE) 705 706 reserializedJWE, err := deserializedJWE.FullSerialize(json.Marshal) 707 require.NoError(t, err) 708 require.Equal(t, exampleMockJWEAllFields, reserializedJWE) 709 }) 710 t.Run("Success - JWE with many recipients, each with an EPK", func(t *testing.T) { 711 deserializedJWE, err := Deserialize(exampleRealFullJWEWithEPKs) 712 require.NoError(t, err) 713 require.NotNil(t, deserializedJWE) 714 715 reserializedJWE, err := deserializedJWE.FullSerialize(json.Marshal) 716 require.NoError(t, err) 717 require.Equal(t, exampleRealFullJWEWithEPKs, reserializedJWE) 718 }) 719 t.Run("Unable to unmarshal serialized JWE string", func(t *testing.T) { 720 deserializedJWE, err := Deserialize("{") 721 require.EqualError(t, err, "unexpected end of JSON input") 722 require.Nil(t, deserializedJWE) 723 }) 724 t.Run("Protected headers are not base64-encoded", func(t *testing.T) { 725 deserializedJWE, err := Deserialize(`{"protected":"Not base64-encoded"}`) 726 require.EqualError(t, err, "illegal base64 data at input byte 3") 727 require.Nil(t, deserializedJWE) 728 }) 729 t.Run("Protected headers are base64-encoded, but cannot be unmarshalled", func(t *testing.T) { 730 deserializedJWE, err := Deserialize(`{"protected":"` + 731 base64.RawURLEncoding.EncodeToString([]byte("invalid protected headers")) + `"}`) 732 require.EqualError(t, err, "invalid character 'i' looking for beginning of value") 733 require.Nil(t, deserializedJWE) 734 }) 735 t.Run("Unable to unmarshal unprotected headers", func(t *testing.T) { 736 deserializedJWE, err := Deserialize( 737 `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` + 738 `hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0", "unprotected":""}`) 739 require.EqualError(t, err, "json: cannot unmarshal string into Go value of type jose.Headers") 740 require.Nil(t, deserializedJWE) 741 }) 742 t.Run("Unable to unmarshal recipients", func(t *testing.T) { 743 deserializedJWE, err := Deserialize( 744 `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` + 745 `hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` + 746 `"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"recipients":""}`) 747 require.EqualError(t, err, "json: cannot unmarshal string into Go value of type []*jose.Recipient") 748 require.Nil(t, deserializedJWE) 749 }) 750 t.Run("AAD is not base64-encoded", func(t *testing.T) { 751 deserializedJWE, err := Deserialize( 752 `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` + 753 `hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` + 754 `"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"aad":"not base64-encoded"}`) 755 require.EqualError(t, err, "illegal base64 data at input byte 3") 756 require.Nil(t, deserializedJWE) 757 }) 758 t.Run("IV is not base64-encoded", func(t *testing.T) { 759 deserializedJWE, err := Deserialize( 760 `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` + 761 `hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` + 762 `"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"iv":"not base64-encoded"}`) 763 require.EqualError(t, err, "illegal base64 data at input byte 3") 764 require.Nil(t, deserializedJWE) 765 }) 766 t.Run("Ciphertext is not base64-encoded", func(t *testing.T) { 767 deserializedJWE, err := Deserialize( 768 `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` + 769 `hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` + 770 `"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"ciphertext":` + 771 `"not base64-encoded"}`) 772 require.EqualError(t, err, "illegal base64 data at input byte 3") 773 require.Nil(t, deserializedJWE) 774 }) 775 t.Run("Tag is not base64-encoded", func(t *testing.T) { 776 deserializedJWE, err := Deserialize( 777 `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` + 778 `hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` + 779 `"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"tag":"not base64-encoded"}`) 780 require.EqualError(t, err, "illegal base64 data at input byte 3") 781 require.Nil(t, deserializedJWE) 782 }) 783 }) 784 t.Run("Flattened JWE tests", func(t *testing.T) { 785 t.Run("Recipient encrypted key is not base64-encoded", func(t *testing.T) { 786 deserializedJWE, err := Deserialize( 787 `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` + 788 `hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` + 789 `"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"encrypted_key":` + 790 `"not base64-encoded"}`) 791 require.EqualError(t, err, "illegal base64 data at input byte 3") 792 require.Nil(t, deserializedJWE) 793 }) 794 t.Run("Unable to unmarshal single recipient header", func(t *testing.T) { 795 deserializedJWE, err := Deserialize( 796 `{"protected":"eyJwcm90ZWN0ZWRoZWFkZXIxIjoicHJvdGVjdGVkdGVzdHZhbHVlMSIsInByb3RlY3RlZG` + 797 `hlYWRlcjIiOiJwcm90ZWN0ZWR0ZXN0dmFsdWUyIn0","unprotected":{"unprotectedheader1":` + 798 `"unprotectedtestvalue1","unprotectedheader2":"unprotectedtestvalue2"},"header":` + 799 `"not a valid value"}`) 800 require.EqualError(t, err, "json: cannot unmarshal string into Go value of type jose.RecipientHeaders") 801 require.Nil(t, deserializedJWE) 802 }) 803 }) 804 t.Run("Compact JWE tests", func(t *testing.T) { 805 t.Run("Success", func(t *testing.T) { 806 deserializedJWE, err := Deserialize(exampleRealCompactJWE) 807 require.NoError(t, err) 808 require.NotNil(t, deserializedJWE) 809 810 reserializedJWE, err := deserializedJWE.FullSerialize(json.Marshal) 811 require.NoError(t, err) 812 require.Equal(t, expectedSerializedCompactJWE, reserializedJWE) 813 }) 814 t.Run("Invalid compact JWE - wrong number of parts", func(t *testing.T) { 815 deserializedJWE, err := Deserialize("") 816 require.Equal(t, errWrongNumberOfCompactJWEParts, err) 817 require.Nil(t, deserializedJWE) 818 }) 819 }) 820 } 821 822 func TestInterop(t *testing.T) { 823 t.Run("Use go-jose to deserialize JWE that's been serialized with Aries", func(t *testing.T) { 824 ariesJWE, err := Deserialize(exampleRealFullJWE) 825 require.NoError(t, err) 826 require.NotNil(t, ariesJWE) 827 828 reserializedAriesJWE, err := ariesJWE.FullSerialize(json.Marshal) 829 require.NoError(t, err) 830 require.NotEmpty(t, reserializedAriesJWE) 831 832 goJoseJWE, err := jose.ParseEncrypted(reserializedAriesJWE) 833 require.NoError(t, err) 834 require.NotNil(t, goJoseJWE) 835 }) 836 t.Run("Use go-jose to deserialize JWE that's been compact serialized with Aries", func(t *testing.T) { 837 ariesJWE, err := Deserialize(exampleRealCompactJWE) 838 require.NoError(t, err) 839 require.NotNil(t, ariesJWE) 840 841 compactAriesJWE, err := ariesJWE.CompactSerialize(json.Marshal) 842 require.NoError(t, err) 843 require.Equal(t, exampleRealCompactJWE, compactAriesJWE) 844 845 goJoseJWE, err := jose.ParseEncrypted(compactAriesJWE) 846 require.NoError(t, err) 847 require.NotNil(t, goJoseJWE) 848 }) 849 t.Run("Use Aries to deserialize JWE that's been serialized with go-jose using full syntax", 850 func(t *testing.T) { 851 goJoseJWE, err := jose.ParseEncrypted(exampleRealFullJWE) 852 require.NoError(t, err) 853 require.NotNil(t, goJoseJWE) 854 855 reserializedGoJoseJWEString := goJoseJWE.FullSerialize() 856 require.NotEmpty(t, reserializedGoJoseJWEString) 857 858 ariesJWE, err := Deserialize(reserializedGoJoseJWEString) 859 require.NoError(t, err) 860 require.NotNil(t, ariesJWE) 861 }) 862 t.Run("Use Aries to deserialize JWE that's been serialized with go-jose using compact syntax", 863 func(t *testing.T) { 864 goJoseJWE, err := jose.ParseEncrypted(exampleRealCompactJWE) 865 require.NoError(t, err) 866 require.NotNil(t, goJoseJWE) 867 868 reserializedGoJoseJWEString, err := goJoseJWE.CompactSerialize() 869 require.NoError(t, err) 870 require.NotEmpty(t, reserializedGoJoseJWEString) 871 872 ariesJWE, err := Deserialize(reserializedGoJoseJWEString) 873 require.NoError(t, err) 874 require.NotNil(t, ariesJWE) 875 }) 876 t.Run("Deserialize full JWE with aries and go-jose, then reserialize and compare", func(t *testing.T) { 877 ariesJWE, err := Deserialize(exampleRealFullJWE) 878 require.NoError(t, err) 879 require.NotNil(t, ariesJWE) 880 881 reserializedAriesJWE, err := ariesJWE.FullSerialize(json.Marshal) 882 require.NoError(t, err) 883 require.NotEmpty(t, reserializedAriesJWE) 884 885 require.Equal(t, exampleRealFullJWE, reserializedAriesJWE) 886 887 goJoseJWE, err := jose.ParseEncrypted(exampleRealFullJWE) 888 require.NoError(t, err) 889 require.NotNil(t, goJoseJWE) 890 891 reserializedGoJoseJWE := goJoseJWE.FullSerialize() 892 require.NotEmpty(t, reserializedGoJoseJWE) 893 894 checkEquality(t, reserializedGoJoseJWE, reserializedAriesJWE) 895 }) 896 t.Run("Deserialize compact JWE with aries and go-jose, then reserialize and compare", func(t *testing.T) { 897 ariesJWE, err := Deserialize(exampleRealCompactJWE) 898 require.NoError(t, err) 899 require.NotNil(t, ariesJWE) 900 901 reserializedAriesJWE, err := ariesJWE.FullSerialize(json.Marshal) 902 require.NoError(t, err) 903 require.NotEmpty(t, reserializedAriesJWE) 904 905 goJoseJWE, err := jose.ParseEncrypted(exampleRealCompactJWE) 906 require.NoError(t, err) 907 require.NotNil(t, goJoseJWE) 908 909 reserializedGoJoseJWEString := goJoseJWE.FullSerialize() 910 require.NotEmpty(t, reserializedGoJoseJWEString) 911 912 require.Equal(t, reserializedGoJoseJWEString, reserializedAriesJWE) 913 }) 914 } 915 916 func checkEquality(t *testing.T, goJoseJWE, ariesJWE string) { 917 // When there are multiple recipients, for some reason the go-jose library seems to put the first recipient's 918 // encrypted key in the top-level JSON object - but this should only be done when using the flattened syntax, 919 // and that is only allowed when there is a single recipient, so go-jose's serialize function doesn't seem to be 920 // strictly compliant with the spec. In order to make the resulting serialized strings comparable, 921 // the extra encrypted key field is stripped out. 922 goJoseJWEBeforeNonCompliantPart := goJoseJWE[:642] 923 gojoseJWEAfterNonCompliantPart := goJoseJWE[1003:] 924 goJoseJWEWithoutNonCompliantPart := goJoseJWEBeforeNonCompliantPart + gojoseJWEAfterNonCompliantPart 925 926 require.Equal(t, goJoseJWEWithoutNonCompliantPart, ariesJWE) 927 } 928 929 type failingMarshaller struct { 930 numTimesMarshalCalled int 931 numTimesMarshalCalledBeforeReturnErr int 932 } 933 934 func (m *failingMarshaller) failingMarshal(v interface{}) ([]byte, error) { 935 if m.numTimesMarshalCalled == m.numTimesMarshalCalledBeforeReturnErr { 936 return nil, errFailingMarshal 937 } 938 939 m.numTimesMarshalCalled++ 940 941 return nil, nil 942 }