dynamiccodec.Codec uses securecookie.JSONEncoder

Signed-off-by: aram price <pricear@vmware.com>
This commit is contained in:
Andrew Keesler 2020-12-10 11:34:39 -08:00 committed by aram price
parent ccac124b7a
commit 1291380611
2 changed files with 21 additions and 13 deletions

View File

@ -23,7 +23,9 @@ type Codec struct {
encryptionKeyFunc KeyFunc
}
// New creates a new Codec that will use the provided keyFuncs for its key source.
// New creates a new Codec that will use the provided keyFuncs for its key source, and
// use the securecookie.JSONEncoder. The securecookie.JSONEncoder is used because the default
// securecookie.GobEncoder is less compact and more difficult to make forward compatible.
func New(signingKeyFunc, encryptionKeyFunc KeyFunc) *Codec {
return &Codec{
signingKeyFunc: signingKeyFunc,
@ -33,10 +35,14 @@ func New(signingKeyFunc, encryptionKeyFunc KeyFunc) *Codec {
// Encode implements oidc.Encode().
func (c *Codec) Encode(name string, value interface{}) (string, error) {
return securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc()).Encode(name, value)
encoder := securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc())
encoder.SetSerializer(securecookie.JSONEncoder{})
return encoder.Encode(name, value)
}
// Decode implements oidc.Decode().
func (c *Codec) Decode(name string, value string, into interface{}) error {
return securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc()).Decode(name, value, into)
decoder := securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc())
decoder.SetSerializer(securecookie.JSONEncoder{})
return decoder.Decode(name, value, into)
}

View File

@ -4,6 +4,7 @@
package dynamiccodec
import (
"strings"
"testing"
"github.com/stretchr/testify/require"
@ -13,7 +14,7 @@ func TestCodec(t *testing.T) {
tests := []struct {
name string
keys func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte)
wantEncoderError string
wantEncoderErrorPrefix string
wantDecoderError string
}{
{
@ -31,7 +32,7 @@ func TestCodec(t *testing.T) {
keys: func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) {
*encoderEncryptionKey = []byte("this-secret-is-not-16-bytes")
},
wantEncoderError: "securecookie: error - caused by: crypto/aes: invalid key size 27",
wantEncoderErrorPrefix: "securecookie: error - caused by: crypto/aes: invalid key size 27",
},
{
name: "good signing keys and bad decoding encryption key",
@ -45,7 +46,7 @@ func TestCodec(t *testing.T) {
keys: func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) {
*encoderSigningKey = nil
},
wantEncoderError: "securecookie: hash key is not set",
wantEncoderErrorPrefix: "securecookie: hash key is not set",
},
{
name: "bad decoder signing key",
@ -66,7 +67,7 @@ func TestCodec(t *testing.T) {
keys: func(encoderSigningKey, encoderEncryptionKey, decoderSigningKey, decoderEncryptionKey *[]byte) {
*encoderEncryptionKey = []byte("16-byte-no-match")
},
wantDecoderError: "securecookie: error - caused by: securecookie: error - caused by: gob: encoded unsigned integer out of range",
wantDecoderError: "securecookie: error - caused by: securecookie: error - caused by: invalid character '",
},
}
for _, test := range tests {
@ -85,8 +86,8 @@ func TestCodec(t *testing.T) {
func() []byte { return encoderEncryptionKey })
encoded, err := encoder.Encode("some-name", "some-message")
if test.wantEncoderError != "" {
require.EqualError(t, err, test.wantEncoderError)
if test.wantEncoderErrorPrefix != "" {
require.EqualError(t, err, test.wantEncoderErrorPrefix)
return
}
require.NoError(t, err)
@ -97,7 +98,8 @@ func TestCodec(t *testing.T) {
var decoded string
err = decoder.Decode("some-name", encoded, &decoded)
if test.wantDecoderError != "" {
require.EqualError(t, err, test.wantDecoderError)
require.Error(t, err)
require.True(t, strings.HasPrefix(err.Error(), test.wantDecoderError))
return
}
require.NoError(t, err)