Skip to content

Commit

Permalink
fix: update envelope.Payload() logic
Browse files Browse the repository at this point in the history
Payload() returns the raw payload context instead of base64 encoded data

Signed-off-by: Junjie Gao <[email protected]>
  • Loading branch information
JeyJeyGao committed Aug 18, 2022
1 parent 52493c5 commit a66f1f5
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 18 deletions.
34 changes: 21 additions & 13 deletions signature/jws/envelope.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,8 @@ func ParseEnvelope(envelopeBytes []byte) (signature.Envelope, error) {

// Sign signs the envelope and return the encoded message
func (e *envelope) Sign(req *signature.SignRequest) ([]byte, error) {
ks, err := req.Signer.KeySpec()
if err != nil {
return nil, &signature.MalformedSignRequestError{Msg: err.Error()}
}
alg := ks.SignatureAlgorithm()

signedAttrs, err := getSignedAttrs(req, alg)
// get all attributes ready to be signed
signedAttrs, err := getSignedAttrs(req)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -129,12 +124,29 @@ func (e *envelope) Payload() (*signature.Payload, error) {
if e.internalEnvelope == nil {
return nil, &signature.MalformedSignatureError{Msg: "missing jws signature envelope"}
}
// parse protected header to get payload context type
protected, err := parseProtectedHeaders(e.internalEnvelope.Protected)
if err != nil {
return nil, err
}

// convert JWS to JWT
tokenString := compactJWS(e.internalEnvelope)

// parse JWT to get payload context
parser := jwt.NewParser(
jwt.WithValidMethods([]string{"PS256", "PS384", "PS512", "ES256", "ES384", "ES512"}),
jwt.WithJSONNumber(),
jwt.WithoutClaimsValidation(),
)
var claims jwtPayload
_, _, err = parser.ParseUnverified(tokenString, &claims)
if err != nil {
return nil, err
}

return &signature.Payload{
Content: []byte(e.internalEnvelope.Payload),
Content: claims,
ContentType: protected.ContentType,
}, nil
}
Expand Down Expand Up @@ -197,11 +209,7 @@ func sign(payload jwtPayload, headers map[string]interface{}, signer signature.S
privateKey = localSigner.PrivateKey()
} else {
// remote signer
var err error
signingMethod, err = newRemoteSigningMethod(signer)
if err != nil {
return "", err
}
signingMethod = newRemoteSigningMethod(signer)
}
// generate token
token := jwt.NewWithClaims(signingMethod, payload)
Expand Down
9 changes: 6 additions & 3 deletions signature/jws/jws.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,24 +176,27 @@ func generateJWS(compact string, req *signature.SignRequest, certs []*x509.Certi
}, nil
}

func getSignedAttrs(req *signature.SignRequest, sigAlg signature.Algorithm) (map[string]interface{}, error) {
// getSignerAttrs merge extended signed attributes and protected header to be signed attributes
func getSignedAttrs(req *signature.SignRequest) (map[string]interface{}, error) {
extAttrs := make(map[string]interface{})
crit := []string{headerKeySigningScheme}

// write extended signed attributes to the extAttrs map
for _, elm := range req.ExtendedSignedAttributes {
extAttrs[elm.Key] = elm.Value
if elm.Critical {
crit = append(crit, elm.Key)
}
}

alg, err := convertAlgorithm(sigAlg)
// extract JWT algorithm name from signer
jwtAlgorithm, err := extractJwtAlgorithm(req.Signer)
if err != nil {
return nil, err
}

jwsProtectedHeader := jwsProtectedHeader{
Algorithm: alg,
Algorithm: jwtAlgorithm,
ContentType: req.Payload.ContentType,
SigningScheme: req.SigningScheme,
}
Expand Down
4 changes: 2 additions & 2 deletions signature/jws/jwt.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ type remoteSigningMethod struct {
signer signature.Signer
}

func newRemoteSigningMethod(signer signature.Signer) (jwt.SigningMethod, error) {
return &remoteSigningMethod{signer: signer}, nil
func newRemoteSigningMethod(signer signature.Signer) jwt.SigningMethod {
return &remoteSigningMethod{signer: signer}
}

// Verify doesn't need to be implemented.
Expand Down

0 comments on commit a66f1f5

Please sign in to comment.