djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dynamiccodec.Codec uses securecookie.JSONEncoder

Browse Source 
Signed-off-by: aram price <pricear@vmware.com>
This commit is contained in:
Andrew Keesler 2020-12-10 11:34:39 -08:00 committed by aram price
parent ccac124b7a
commit 1291380611
2 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
internal/oidc/dynamiccodec/codec.go
View File

@ -23,7 +23,9 @@ type Codec struct {
encryptionKeyFunc KeyFunc encryptionKeyFunc KeyFunc
} }
// New creates a new Codec that will use the provided keyFuncs for its key source. // New creates a new Codec that will use the provided keyFuncs for its key source, and
// use the securecookie.JSONEncoder. The securecookie.JSONEncoder is used because the default
// securecookie.GobEncoder is less compact and more difficult to make forward compatible.
func New(signingKeyFunc, encryptionKeyFunc KeyFunc) *Codec { func New(signingKeyFunc, encryptionKeyFunc KeyFunc) *Codec {
return &Codec{ return &Codec{
signingKeyFunc: signingKeyFunc, signingKeyFunc: signingKeyFunc,
@ -33,10 +35,14 @@ func New(signingKeyFunc, encryptionKeyFunc KeyFunc) *Codec {
// Encode implements oidc.Encode(). // Encode implements oidc.Encode().
func (c *Codec) Encode(name string, value interface{}) (string, error) { func (c *Codec) Encode(name string, value interface{}) (string, error) {
return securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc()).Encode(name, value) encoder := securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc())
encoder.SetSerializer(securecookie.JSONEncoder{})
return encoder.Encode(name, value)
} }
// Decode implements oidc.Decode(). // Decode implements oidc.Decode().
func (c *Codec) Decode(name string, value string, into interface{}) error { func (c *Codec) Decode(name string, value string, into interface{}) error {
return securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc()).Decode(name, value, into) decoder := securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc())
decoder.SetSerializer(securecookie.JSONEncoder{})
return decoder.Decode(name, value, into)
} }

22
internal/oidc/dynamiccodec/codec_test.go
View File

@ -4,6 +4,7 @@
package dynamiccodec package dynamiccodec
import ( import (
"strings"
"testing" "testing"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -11,10 +12,10 @@ import (
func TestCodec(t *testing.T) { func TestCodec(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
keys func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) keys func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte)
wantEncoderError string wantEncoderErrorPrefix string
wantDecoderError string wantDecoderError string
}{ }{
{ {
name: "good signing and encryption keys", name: "good signing and encryption keys",
@ -31,7 +32,7 @@ func TestCodec(t *testing.T) {
keys: func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) { keys: func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) {
*encoderEncryptionKey = []byte("this-secret-is-not-16-bytes") *encoderEncryptionKey = []byte("this-secret-is-not-16-bytes")
}, },
wantEncoderError: "securecookie: error - caused by: crypto/aes: invalid key size 27", wantEncoderErrorPrefix: "securecookie: error - caused by: crypto/aes: invalid key size 27",
}, },
{ {
name: "good signing keys and bad decoding encryption key", name: "good signing keys and bad decoding encryption key",
@ -45,7 +46,7 @@ func TestCodec(t *testing.T) {
keys: func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) { keys: func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) {
*encoderSigningKey = nil *encoderSigningKey = nil
}, },
wantEncoderError: "securecookie: hash key is not set", wantEncoderErrorPrefix: "securecookie: hash key is not set",
}, },
{ {
name: "bad decoder signing key", name: "bad decoder signing key",
@ -66,7 +67,7 @@ func TestCodec(t *testing.T) {
keys: func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) { keys: func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) {
*encoderEncryptionKey = []byte("16-byte-no-match") *encoderEncryptionKey = []byte("16-byte-no-match")
}, },
wantDecoderError: "securecookie: error - caused by: securecookie: error - caused by: gob: encoded unsigned integer out of range", wantDecoderError: "securecookie: error - caused by: securecookie: error - caused by: invalid character '",
}, },
} }
for _, test := range tests { for _, test := range tests {
@ -85,8 +86,8 @@ func TestCodec(t *testing.T) {
func() []byte { return encoderEncryptionKey }) func() []byte { return encoderEncryptionKey })
encoded, err := encoder.Encode("some-name", "some-message") encoded, err := encoder.Encode("some-name", "some-message")
if test.wantEncoderError != "" { if test.wantEncoderErrorPrefix != "" {
require.EqualError(t, err, test.wantEncoderError) require.EqualError(t, err, test.wantEncoderErrorPrefix)
return return
} }
require.NoError(t, err) require.NoError(t, err)
@ -97,7 +98,8 @@ func TestCodec(t *testing.T) {
var decoded string var decoded string
err = decoder.Decode("some-name", encoded, &decoded) err = decoder.Decode("some-name", encoded, &decoded)
if test.wantDecoderError != "" { if test.wantDecoderError != "" {
require.EqualError(t, err, test.wantDecoderError) require.Error(t, err)
require.True(t, strings.HasPrefix(err.Error(), test.wantDecoderError))
return return
} }
require.NoError(t, err) require.NoError(t, err)