Merge remote-tracking branch 'origin/master' into v1

* origin/master: Allow setting kid header for symmetric signers Use .gitcookies to get around rate-limiting
square · Mar 29, 2016 · 40d457b · 40d457b
2 parents 7d9df93 + 0c65b2f
commit 40d457b
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 6 deletions.
diff --git a/.gitcookies.sh.enc b/.gitcookies.sh.enc
@@ -0,0 +1 @@
+'|�&{t�U|gG�(�Cy=+���c�:u:/p�#~��["�4�!�n�A�DK<�uf�h�a��:�����B/�ؤ���_�h��S�T*w�x����-�|���Ӄ�����㣗A$$�6���G)8n�p��ˡ3̚�o��v�B�3��]xݓ�2l�G�|qRޯ�25R����$��Y��ݙl�˫yAI"ی���û��k�|K��[9����=�����|@S�3�#�x?�V�,��S����wP�og�6&V6	�D.dB�7

diff --git a/.travis.yml b/.travis.yml
@@ -20,6 +20,11 @@ before_script:
 - export PATH=$HOME/.local/bin:$PATH
 
 before_install:
+# Install encrypted gitcookies to get around bandwidth-limits
+# that is causing Travis-CI builds to fail. For more info, see
+# https://github.com/golang/go/issues/12933
+- openssl aes-256-cbc -K $encrypted_1528c3c2cafd_key -iv $encrypted_1528c3c2cafd_iv -in .gitcookies.sh.enc -out .gitcookies.sh -d || true
+- bash .gitcookies.sh || true
 - go get github.com/wadey/gocovmerge
 - go get github.com/mattn/goveralls
 - go get golang.org/x/tools/cmd/cover || true

diff --git a/signing.go b/signing.go
@@ -58,6 +58,7 @@ type genericSigner struct {
 
 type recipientSigInfo struct {
 	sigAlg    SignatureAlgorithm
+	keyID     string
 	publicKey *JsonWebKey
 	signer    payloadSigner
 }
@@ -128,7 +129,7 @@ func makeJWSRecipient(alg SignatureAlgorithm, signingKey interface{}) (recipient
 		if err != nil {
 			return recipientSigInfo{}, err
 		}
-		recipient.publicKey.KeyID = signingKey.KeyID
+		recipient.keyID = signingKey.KeyID
 		return recipient, nil
 	default:
 		return recipientSigInfo{}, ErrUnsupportedKeyType
@@ -145,11 +146,11 @@ func (ctx *genericSigner) Sign(payload []byte) (*JsonWebSignature, error) {
 			Alg: string(recipient.sigAlg),
 		}
 
-		if recipient.publicKey != nil {
-			if ctx.embedJwk {
-				protected.Jwk = recipient.publicKey
-			}
-			protected.Kid = recipient.publicKey.KeyID
+		if recipient.publicKey != nil && ctx.embedJwk {
+			protected.Jwk = recipient.publicKey
+		}
+		if recipient.keyID != "" {
+			protected.Kid = recipient.keyID
 		}
 
 		if ctx.nonceSource != nil {

diff --git a/signing_test.go b/signing_test.go
@@ -420,3 +420,28 @@ func TestEmbedJwk(t *testing.T) {
 		t.Error("JWK is set in protected header")
 	}
 }
+
+func TestSignerWithJWKAndKeyID(t *testing.T) {
+	enc, err := NewSigner(HS256, &JsonWebKey{
+		KeyID: "test-id",
+		Key:   []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15},
+	})
+	if err != nil {
+		t.Error(err)
+	}
+
+	signed, _ := enc.Sign([]byte("Lorem ipsum dolor sit amet"))
+
+	serialized1, _ := signed.CompactSerialize()
+	serialized2 := signed.FullSerialize()
+
+	parsed1, _ := ParseSigned(serialized1)
+	parsed2, _ := ParseSigned(serialized2)
+
+	if parsed1.Signatures[0].Header.KeyID != "test-id" {
+		t.Errorf("expected message to have key id from JWK, but found '%s' instead", parsed1.Signatures[0].Header.KeyID)
+	}
+	if parsed2.Signatures[0].Header.KeyID != "test-id" {
+		t.Errorf("expected message to have key id from JWK, but found '%s' instead", parsed2.Signatures[0].Header.KeyID)
+	}
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		'\|�&{t�U\|gG�(�Cy=+��c�:u:/p�#~��["�4�!�n�A�DK<�uf�h�a��:��B/�ؤ��_�h��S�T*w�x��-�\|��Ӄ��㣗A$$�6��G)8n�p��ˡ3̚�o��v�B�3��]xݓ�2l�G�\|qRޯ�25R��$��Y��ݙl�˫yAI"ی��û��k�\|K��[9��=��\|@S�3�#�x?�V�,��S��wP�og�6&V6 �D.dB�7
Expand Down