jws: use base64.RawURLEncoding

The Raw (unpadded) version of URL encoding was introduced in Go 1.5.
Since we no longer need to support Go 1.4 (and indeed, Go 1.4 won't work
because of our dependency on golang.org/x/net/context), we can simplify
the base64 encoding/decoding to use this directly.

Fixes golang/oauth2#190.

Change-Id: Ic2676edf5fe5b4d1680409fd9c02bd1c287ca39f
Reviewed-on: https://go-review.googlesource.com/25000
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Dave Day 2016-07-18 10:34:09 +10:00
parent 4470bd844e
commit a870243201
2 changed files with 7 additions and 28 deletions

View File

@ -76,8 +76,7 @@ func TestJWTAccessTokenSourceFromJSON(t *testing.T) {
// Finally, check the header private key.
parts := strings.Split(tok.AccessToken, ".")
parts[0] += strings.Repeat("=", len(parts[0])%4) // Add padding.
hdrJSON, err := base64.URLEncoding.DecodeString(parts[0])
hdrJSON, err := base64.RawURLEncoding.DecodeString(parts[0])
if err != nil {
t.Fatalf("base64 DecodeString: %v\nString: %q", err, parts[0])
}

View File

@ -64,7 +64,7 @@ func (c *ClaimSet) encode() (string, error) {
}
if len(c.PrivateClaims) == 0 {
return base64Encode(b), nil
return base64.RawURLEncoding.EncodeToString(b), nil
}
// Marshal private claim set and then append it to b.
@ -82,7 +82,7 @@ func (c *ClaimSet) encode() (string, error) {
}
b[len(b)-1] = ',' // Replace closing curly brace with a comma.
b = append(b, prv[1:]...) // Append private claims.
return base64Encode(b), nil
return base64.RawURLEncoding.EncodeToString(b), nil
}
// Header represents the header for the signed JWS payloads.
@ -102,7 +102,7 @@ func (h *Header) encode() (string, error) {
if err != nil {
return "", err
}
return base64Encode(b), nil
return base64.RawURLEncoding.EncodeToString(b), nil
}
// Decode decodes a claim set from a JWS payload.
@ -113,7 +113,7 @@ func Decode(payload string) (*ClaimSet, error) {
// TODO(jbd): Provide more context about the error.
return nil, errors.New("jws: invalid token received")
}
decoded, err := base64Decode(s[1])
decoded, err := base64.RawURLEncoding.DecodeString(s[1])
if err != nil {
return nil, err
}
@ -140,7 +140,7 @@ func EncodeWithSigner(header *Header, c *ClaimSet, sg Signer) (string, error) {
if err != nil {
return "", err
}
return fmt.Sprintf("%s.%s", ss, base64Encode(sig)), nil
return fmt.Sprintf("%s.%s", ss, base64.RawURLEncoding.EncodeToString(sig)), nil
}
// Encode encodes a signed JWS with provided header and claim set.
@ -163,7 +163,7 @@ func Verify(token string, key *rsa.PublicKey) error {
}
signedContent := parts[0] + "." + parts[1]
signatureString, err := base64Decode(parts[2])
signatureString, err := base64.RawURLEncoding.DecodeString(parts[2])
if err != nil {
return err
}
@ -172,23 +172,3 @@ func Verify(token string, key *rsa.PublicKey) error {
h.Write([]byte(signedContent))
return rsa.VerifyPKCS1v15(key, crypto.SHA256, h.Sum(nil), []byte(signatureString))
}
// base64Encode returns and Base64url encoded version of the input string with any
// trailing "=" stripped.
func base64Encode(b []byte) string {
return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
}
// base64Decode decodes the Base64url encoded string
func base64Decode(s string) ([]byte, error) {
// add back missing padding
switch len(s) % 4 {
case 1:
s += "==="
case 2:
s += "=="
case 3:
s += "="
}
return base64.URLEncoding.DecodeString(s)
}