Skip to content

Commit

Permalink
chore: Reusing encoded header to prevent signature mismatch (#1443)
Browse files Browse the repository at this point in the history
## Summary
- reusing `encodedHeader` to prevent accidental (future) issues by
re-encoding the header
  • Loading branch information
goergisn authored Nov 9, 2023
2 parents be1ca4f + bfede5e commit 8adacfc
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 17 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
//
// Copyright (c) 2021 Adyen N.V.
// Copyright (c) 2023 Adyen N.V.
//
// This file is open source and available under the MIT license. See the LICENSE file for more info.
//
Expand Down Expand Up @@ -48,8 +48,6 @@ internal struct JSONWebEncryption {
}
}

internal let header: Header

internal let encryptedKey: Data

internal let encryptedPayload: Data
Expand All @@ -60,21 +58,20 @@ internal struct JSONWebEncryption {

internal let compactRepresentation: String

internal init(header: Header,
internal init(encodedHeader: Data,
encryptedKey: Data,
encryptedPayload: Data,
initializationVector: Data,
authenticationTag: Data) throws {
self.header = header
authenticationTag: Data) {
self.encryptedKey = encryptedKey
self.encryptedPayload = encryptedPayload
self.initializationVector = initializationVector
self.authenticationTag = authenticationTag
self.compactRepresentation = try [AdyenCoder.encode(header).base64URLString(),
encryptedKey.base64URLString(),
initializationVector.base64URLString(),
encryptedPayload.base64URLString(),
authenticationTag.base64URLString()].joined(separator: ".")
self.compactRepresentation = [encodedHeader.base64URLString(),
encryptedKey.base64URLString(),
initializationVector.base64URLString(),
encryptedPayload.base64URLString(),
authenticationTag.base64URLString()].joined(separator: ".")
}

}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
//
// Copyright (c) 2021 Adyen N.V.
// Copyright (c) 2023 Adyen N.V.
//
// This file is open source and available under the MIT license. See the LICENSE file for more info.
//
Expand Down Expand Up @@ -36,10 +36,10 @@ internal struct JSONWebEncryptionGenerator: AnyJSONWebEncryptionGenerator {
additionalAuthenticationData: additionalAuthenticationData)
let contentEncryptionOutput = try contentEncryptionAlgorithm.encrypt(input: contentEncryptionInput)

return try JSONWebEncryption(header: header,
encryptedKey: encryptedKey,
encryptedPayload: contentEncryptionOutput.encryptedPayload,
initializationVector: initializationVector,
authenticationTag: contentEncryptionOutput.authenticationTag)
return JSONWebEncryption(encodedHeader: encodedHeader,
encryptedKey: encryptedKey,
encryptedPayload: contentEncryptionOutput.encryptedPayload,
initializationVector: initializationVector,
authenticationTag: contentEncryptionOutput.authenticationTag)
}
}

0 comments on commit 8adacfc

Please sign in to comment.