From 8f91c777559748fa6e857d9fc1f4ae079a532813 Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Mon, 3 Oct 2016 16:03:15 -0400
Subject: Adding ability to serve TLS directly from Mattermost server (#4119)

---
 vendor/gopkg.in/square/go-jose.v1/doc_test.go | 226 ++++++++++++++++++++++++++
 1 file changed, 226 insertions(+)
 create mode 100644 vendor/gopkg.in/square/go-jose.v1/doc_test.go

(limited to 'vendor/gopkg.in/square/go-jose.v1/doc_test.go')

diff --git a/vendor/gopkg.in/square/go-jose.v1/doc_test.go b/vendor/gopkg.in/square/go-jose.v1/doc_test.go
new file mode 100644
index 000000000..50468295d
--- /dev/null
+++ b/vendor/gopkg.in/square/go-jose.v1/doc_test.go
@@ -0,0 +1,226 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto/ecdsa"
+	"crypto/rand"
+	"crypto/rsa"
+	"fmt"
+)
+
+// Dummy encrypter for use in examples
+var encrypter, _ = NewEncrypter(DIRECT, A128GCM, []byte{})
+
+func Example_jWE() {
+	// Generate a public/private key pair to use for this example. The library
+	// also provides two utility functions (LoadPublicKey and LoadPrivateKey)
+	// that can be used to load keys from PEM/DER-encoded data.
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		panic(err)
+	}
+
+	// Instantiate an encrypter using RSA-OAEP with AES128-GCM. An error would
+	// indicate that the selected algorithm(s) are not currently supported.
+	publicKey := &privateKey.PublicKey
+	encrypter, err := NewEncrypter(RSA_OAEP, A128GCM, publicKey)
+	if err != nil {
+		panic(err)
+	}
+
+	// Encrypt a sample plaintext. Calling the encrypter returns an encrypted
+	// JWE object, which can then be serialized for output afterwards. An error
+	// would indicate a problem in an underlying cryptographic primitive.
+	var plaintext = []byte("Lorem ipsum dolor sit amet")
+	object, err := encrypter.Encrypt(plaintext)
+	if err != nil {
+		panic(err)
+	}
+
+	// Serialize the encrypted object using the full serialization format.
+	// Alternatively you can also use the compact format here by calling
+	// object.CompactSerialize() instead.
+	serialized := object.FullSerialize()
+
+	// Parse the serialized, encrypted JWE object. An error would indicate that
+	// the given input did not represent a valid message.
+	object, err = ParseEncrypted(serialized)
+	if err != nil {
+		panic(err)
+	}
+
+	// Now we can decrypt and get back our original plaintext. An error here
+	// would indicate the the message failed to decrypt, e.g. because the auth
+	// tag was broken or the message was tampered with.
+	decrypted, err := object.Decrypt(privateKey)
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf(string(decrypted))
+	// output: Lorem ipsum dolor sit amet
+}
+
+func Example_jWS() {
+	// Generate a public/private key pair to use for this example. The library
+	// also provides two utility functions (LoadPublicKey and LoadPrivateKey)
+	// that can be used to load keys from PEM/DER-encoded data.
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		panic(err)
+	}
+
+	// Instantiate a signer using RSASSA-PSS (SHA512) with the given private key.
+	signer, err := NewSigner(PS512, privateKey)
+	if err != nil {
+		panic(err)
+	}
+
+	// Sign a sample payload. Calling the signer returns a protected JWS object,
+	// which can then be serialized for output afterwards. An error would
+	// indicate a problem in an underlying cryptographic primitive.
+	var payload = []byte("Lorem ipsum dolor sit amet")
+	object, err := signer.Sign(payload)
+	if err != nil {
+		panic(err)
+	}
+
+	// Serialize the encrypted object using the full serialization format.
+	// Alternatively you can also use the compact format here by calling
+	// object.CompactSerialize() instead.
+	serialized := object.FullSerialize()
+
+	// Parse the serialized, protected JWS object. An error would indicate that
+	// the given input did not represent a valid message.
+	object, err = ParseSigned(serialized)
+	if err != nil {
+		panic(err)
+	}
+
+	// Now we can verify the signature on the payload. An error here would
+	// indicate the the message failed to verify, e.g. because the signature was
+	// broken or the message was tampered with.
+	output, err := object.Verify(&privateKey.PublicKey)
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf(string(output))
+	// output: Lorem ipsum dolor sit amet
+}
+
+func ExampleNewEncrypter_publicKey() {
+	var publicKey *rsa.PublicKey
+
+	// Instantiate an encrypter using RSA-OAEP with AES128-GCM.
+	NewEncrypter(RSA_OAEP, A128GCM, publicKey)
+
+	// Instantiate an encrypter using RSA-PKCS1v1.5 with AES128-CBC+HMAC.
+	NewEncrypter(RSA1_5, A128CBC_HS256, publicKey)
+}
+
+func ExampleNewEncrypter_symmetric() {
+	var sharedKey []byte
+
+	// Instantiate an encrypter using AES128-GCM with AES-GCM key wrap.
+	NewEncrypter(A128GCMKW, A128GCM, sharedKey)
+
+	// Instantiate an encrypter using AES256-GCM directly, w/o key wrapping.
+	NewEncrypter(DIRECT, A256GCM, sharedKey)
+}
+
+func ExampleNewSigner_publicKey() {
+	var rsaPrivateKey *rsa.PrivateKey
+	var ecdsaPrivateKey *ecdsa.PrivateKey
+
+	// Instantiate a signer using RSA-PKCS#1v1.5 with SHA-256.
+	NewSigner(RS256, rsaPrivateKey)
+
+	// Instantiate a signer using ECDSA with SHA-384.
+	NewSigner(ES384, ecdsaPrivateKey)
+}
+
+func ExampleNewSigner_symmetric() {
+	var sharedKey []byte
+
+	// Instantiate an signer using HMAC-SHA256.
+	NewSigner(HS256, sharedKey)
+
+	// Instantiate an signer using HMAC-SHA512.
+	NewSigner(HS512, sharedKey)
+}
+
+func ExampleNewMultiEncrypter() {
+	var publicKey *rsa.PublicKey
+	var sharedKey []byte
+
+	// Instantiate an encrypter using AES-GCM.
+	encrypter, err := NewMultiEncrypter(A128GCM)
+	if err != nil {
+		panic(err)
+	}
+
+	// Add a recipient using a shared key with AES-GCM key wap
+	err = encrypter.AddRecipient(A128GCMKW, sharedKey)
+	if err != nil {
+		panic(err)
+	}
+
+	// Add a recipient using an RSA public key with RSA-OAEP
+	err = encrypter.AddRecipient(RSA_OAEP, publicKey)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func ExampleNewMultiSigner() {
+	var privateKey *rsa.PrivateKey
+	var sharedKey []byte
+
+	// Instantiate a signer for multiple recipients.
+	signer := NewMultiSigner()
+
+	// Add a recipient using a shared key with HMAC-SHA256
+	err := signer.AddRecipient(HS256, sharedKey)
+	if err != nil {
+		panic(err)
+	}
+
+	// Add a recipient using an RSA private key with RSASSA-PSS with SHA384
+	err = signer.AddRecipient(PS384, privateKey)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func ExampleEncrypter_encrypt() {
+	// Encrypt a plaintext in order to get an encrypted JWE object.
+	var plaintext = []byte("This is a secret message")
+
+	encrypter.Encrypt(plaintext)
+}
+
+func ExampleEncrypter_encryptWithAuthData() {
+	// Encrypt a plaintext in order to get an encrypted JWE object. Also attach
+	// some additional authenticated data (AAD) to the object. Note that objects
+	// with attached AAD can only be represented using full serialization.
+	var plaintext = []byte("This is a secret message")
+	var aad = []byte("This is authenticated, but public data")
+
+	encrypter.EncryptWithAuthData(plaintext, aad)
+}
-- 
cgit v1.2.3-1-g7c22