Merge pull request #382 from smallstep/fix-140

Upgrade to github.com/go-jose/go-jose/v3

README.md

@@ -54,7 +54,7 @@ Package `tlsutil` provides utilities to configure tls client and servers.
 
 ### jose
 
-Package `jose` is a wrapper for `gopkg.in/square/go-jose.v2` and implements
+Package `jose` is a wrapper for `github.com/go-jose/go-jose/v3` and implements
 utilities to parse and generate JWT, JWK and JWKSets.
 
 ### x25519

go.mod

@@ -10,7 +10,8 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/ThalesIgnite/crypto11 v1.2.5
-	github.com/aws/aws-sdk-go v1.49.0
+	github.com/aws/aws-sdk-go v1.49.1
+	github.com/go-jose/go-jose/v3 v3.0.1
 	github.com/go-piv/piv-go v1.11.0
 	github.com/golang/mock v1.6.0
 	github.com/google/go-tpm v0.9.0
@@ -28,7 +29,6 @@ require (
 	google.golang.org/api v0.153.0
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
-	gopkg.in/square/go-jose.v2 v2.6.0
 )
 
 require (

go.sum

@@ -149,8 +149,8 @@ github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY=
-github.com/aws/aws-sdk-go v1.49.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go v1.49.1 h1:Dsamcd8d/nNb3A+bZ0ucfGl0vGZsW5wlRW0vhoYGoeQ=
+github.com/aws/aws-sdk-go v1.49.1/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
@@ -253,6 +253,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
+github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
+github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
@@ -843,6 +845,7 @@ golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -1341,8 +1344,6 @@ gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWd
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
-gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98=
 gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g=
 gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8=

jose/encrypt_test.go

@@ -10,11 +10,12 @@ import (
 	"io"
 	"reflect"
 	"testing"
+	"time"
 
+	jose "github.com/go-jose/go-jose/v3"
 	"github.com/pkg/errors"
 	"github.com/smallstep/assert"
 	"go.step.sm/crypto/randutil"
-	jose "gopkg.in/square/go-jose.v2"
 )
 
 var testPassword = []byte("Supercalifragilisticexpialidocious")
@@ -424,3 +425,23 @@ func TestDecrypt(t *testing.T) {
 		})
 	}
 }
+
+func TestDecrypt_highP2C(t *testing.T) {
+	data := []byte(`{
+	"protected":"eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMjU2R0NNIiwicDJjIjoyMDAwMDAwMDAwMCwicDJzIjoiM3V0aFJZdHBTY09UMjR4Q3cwbTlfQSJ9",
+	"encrypted_key":"Lqn-BuAIole2T5ubPIPXl1QYj_48JqyeEfbOLq0EkyAX96irRPHA4g",
+	"iv":"eGaXW9_umwZvLCSP",
+	"ciphertext":"enFrF3NyvTN_a6Y4",
+	"tag":"VQFg97XqcRo61punp7Z3ow"
+}`)
+
+	timer := time.AfterFunc(time.Second, func() {
+		t.Fatal("Decrypt() took to much time")
+	})
+
+	_, err := Decrypt(data, WithPassword([]byte("password")))
+	assert.Error(t, err)
+	if !timer.Stop() {
+		<-timer.C
+	}
+}

jose/generate_test.go

@@ -16,10 +16,10 @@ import (
 	"reflect"
 	"testing"
 
+	jose "github.com/go-jose/go-jose/v3"
 	"github.com/smallstep/assert"
 	"go.step.sm/crypto/pemutil"
 	"go.step.sm/crypto/x25519"
-	jose "gopkg.in/square/go-jose.v2"
 )
 
 func TestThumbprint(t *testing.T) {

jose/types.go

@@ -1,4 +1,4 @@
-// Package jose is a wrapper for gopkg.in/square/go-jose.v2 and implements
+// Package jose is a wrapper for github.com/go-jose/go-jose/v3 and implements
 // utilities to parse and generate JWT, JWK and JWKSets.
 package jose
 
@@ -8,10 +8,10 @@ import (
 	"strings"
 	"time"
 
+	jose "github.com/go-jose/go-jose/v3"
+	"github.com/go-jose/go-jose/v3/cryptosigner"
+	"github.com/go-jose/go-jose/v3/jwt"
 	"go.step.sm/crypto/x25519"
-	jose "gopkg.in/square/go-jose.v2"
-	"gopkg.in/square/go-jose.v2/cryptosigner"
-	"gopkg.in/square/go-jose.v2/jwt"
 )
 
 // SupportsPBKDF2 constant to know if the underlaying library supports
@@ -301,10 +301,10 @@ func IsAsymmetric(k *JSONWebKey) bool {
 	return !IsSymmetric(k)
 }
 
-// TrimPrefix removes the string "square/go-jose" from all errors.
+// TrimPrefix removes the string "go-jose/go-jose" from all errors.
 func TrimPrefix(err error) error {
 	if err == nil {
 		return nil
 	}
-	return errors.New(strings.TrimPrefix(err.Error(), "square/go-jose: "))
+	return errors.New(strings.TrimPrefix(err.Error(), "go-jose/go-jose: "))
 }

jose/types_test.go

@@ -94,7 +94,7 @@ func TestTrimPrefix(t *testing.T) {
 		wantErr error
 	}{
 		{"nil", args{nil}, nil},
-		{"trim", args{errors.New("square/go-jose: an error")}, errors.New("an error")},
+		{"trim", args{errors.New("go-jose/go-jose: an error")}, errors.New("an error")},
 		{"no trim", args{errors.New("json: an error")}, errors.New("json: an error")},
 	}
 	for _, tt := range tests {

kms/azurekms/key_vault_test.go

@@ -14,11 +14,11 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
+	"github.com/go-jose/go-jose/v3"
 	"github.com/golang/mock/gomock"
 	"go.step.sm/crypto/keyutil"
 	"go.step.sm/crypto/kms/apiv1"
 	"go.step.sm/crypto/kms/azurekms/internal/mock"
-	"gopkg.in/square/go-jose.v2"
 )
 
 var errTest = fmt.Errorf("test error")