Un-export raw header, should not be exported

asymmetric.go

@@ -133,7 +133,7 @@ func (ctx rsaEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipi
 
 	return recipientInfo{
 		encryptedKey: encryptedKey,
-		header:       &Header{},
+		header:       &rawHeader{},
 	}, nil
 }
 
@@ -153,7 +153,7 @@ func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, e
 }
 
 // Decrypt the given payload and return the content encryption key.
-func (ctx rsaDecrypterSigner) decryptKey(headers Header, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+func (ctx rsaDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
 	return ctx.decrypt(recipient.encryptedKey, KeyAlgorithm(headers.Alg), generator)
 }
 
@@ -245,7 +245,7 @@ func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm
 
 	return signatureInfo{
 		signature: out,
-		protected: &Header{},
+		protected: &rawHeader{},
 	}, nil
 }
 
@@ -286,7 +286,7 @@ func (ctx ecEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipie
 	case ECDH_ES:
 		// ECDH-ES mode doesn't wrap a key, the shared secret is used directly as the key.
 		return recipientInfo{
-			header: &Header{},
+			header: &rawHeader{},
 		}, nil
 	case ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW:
 	default:
@@ -329,29 +329,29 @@ func (ctx ecKeyGenerator) keySize() int {
 }
 
 // Get a content encryption key for ECDH-ES
-func (ctx ecKeyGenerator) genKey() ([]byte, Header, error) {
+func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) {
 	priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, rand.Reader)
 	if err != nil {
-		return nil, Header{}, err
+		return nil, rawHeader{}, err
 	}
 
 	out := josecipher.DeriveECDHES(ctx.algID, []byte{}, []byte{}, priv, ctx.publicKey, ctx.size)
 
 	var epk rawJsonWebKey
 	err = epk.fromEcPublicKey(&priv.PublicKey)
 	if err != nil {
-		return nil, Header{}, err
+		return nil, rawHeader{}, err
 	}
 
-	headers := Header{
+	headers := rawHeader{
 		Epk: &epk,
 	}
 
 	return out, headers, nil
 }
 
 // Decrypt the given payload and return the content encryption key.
-func (ctx ecDecrypterSigner) decryptKey(headers Header, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
 	publicKey, err := headers.Epk.ecPublicKey()
 	if err != nil {
 		return nil, err
@@ -418,7 +418,7 @@ func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm)
 
 	return signatureInfo{
 		signature: out,
-		protected: &Header{},
+		protected: &rawHeader{},
 	}, nil
 }
 

asymmetric_test.go

@@ -184,8 +184,8 @@ func (ctx failingKeyGenerator) keySize() int {
 	return 0
 }
 
-func (ctx failingKeyGenerator) genKey() ([]byte, Header, error) {
-	return nil, Header{}, errors.New("failed to generate key")
+func (ctx failingKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	return nil, rawHeader{}, errors.New("failed to generate key")
 }
 
 func TestPKCSKeyGeneratorFailure(t *testing.T) {
@@ -257,7 +257,7 @@ func TestInvalidECDecrypt(t *testing.T) {
 	generator := randomKeyGenerator{size: 16}
 
 	// Missing epk header
-	headers := Header{
+	headers := rawHeader{
 		Alg: string(ECDH_ES),
 	}
 

crypter.go

@@ -48,7 +48,7 @@ type contentCipher interface {
 // A key generator (for generating/getting a CEK)
 type keyGenerator interface {
 	keySize() int
-	genKey() ([]byte, Header, error)
+	genKey() ([]byte, rawHeader, error)
 }
 
 // A generic key encrypter
@@ -58,7 +58,7 @@ type keyEncrypter interface {
 
 // A generic key decrypter
 type keyDecrypter interface {
-	decryptKey(headers Header, recipient *recipientInfo, generator keyGenerator) ([]byte, error) // Decrypt a key
+	decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) // Decrypt a key
 }
 
 // A generic encrypter based on the given key encrypter and content cipher.
@@ -216,7 +216,7 @@ func (ctx *genericEncrypter) EncryptWithAuthData(plaintext, aad []byte) (*JsonWe
 	obj := &JsonWebEncryption{}
 	obj.aad = aad
 
-	obj.protected = &Header{
+	obj.protected = &rawHeader{
 		Enc: ctx.contentAlg,
 	}
 	obj.recipients = make([]recipientInfo, len(ctx.recipients))

jwe.go

@@ -24,34 +24,34 @@ import (
 
 // rawJsonWebEncryption represents a raw JWE JSON object. Used for parsing/serializing.
 type rawJsonWebEncryption struct {
-	Protected    *byteBuffer     `json:"protected,omitempty"`
-	Unprotected  *Header            `json:"unprotected,omitempty"`
-	Header       *Header            `json:"header,omitempty"`
+	Protected    *byteBuffer        `json:"protected,omitempty"`
+	Unprotected  *rawHeader         `json:"unprotected,omitempty"`
+	Header       *rawHeader         `json:"header,omitempty"`
 	Recipients   []rawRecipientInfo `json:"recipients,omitempty"`
-	Aad          *byteBuffer     `json:"aad,omitempty"`
-	EncryptedKey *byteBuffer     `json:"encrypted_key,omitempty"`
-	Iv           *byteBuffer     `json:"iv,omitempty"`
-	Ciphertext   *byteBuffer     `json:"ciphertext,omitempty"`
-	Tag          *byteBuffer     `json:"tag,omitempty"`
+	Aad          *byteBuffer        `json:"aad,omitempty"`
+	EncryptedKey *byteBuffer        `json:"encrypted_key,omitempty"`
+	Iv           *byteBuffer        `json:"iv,omitempty"`
+	Ciphertext   *byteBuffer        `json:"ciphertext,omitempty"`
+	Tag          *byteBuffer        `json:"tag,omitempty"`
 }
 
-// rawRecipientInfo represents a raw JWE Per-Recipient Header JSON object. Used for parsing/serializing.
+// rawRecipientInfo represents a raw JWE Per-Recipient header JSON object. Used for parsing/serializing.
 type rawRecipientInfo struct {
-	Header       *Header `json:"header,omitempty"`
-	EncryptedKey string  `json:"encrypted_key,omitempty"`
+	Header       *rawHeader `json:"header,omitempty"`
+	EncryptedKey string     `json:"encrypted_key,omitempty"`
 }
 
 // JsonWebEncryption represents an encrypted JWE object after parsing.
 type JsonWebEncryption struct {
-	protected, unprotected   *Header
+	protected, unprotected   *rawHeader
 	recipients               []recipientInfo
 	aad, iv, ciphertext, tag []byte
 	original                 *rawJsonWebEncryption
 }
 
-// recipientInfo represents a raw JWE Per-Recipient Header JSON object after parsing.
+// recipientInfo represents a raw JWE Per-Recipient header JSON object after parsing.
 type recipientInfo struct {
-	header       *Header
+	header       *rawHeader
 	encryptedKey []byte
 }
 
@@ -67,8 +67,8 @@ func (obj JsonWebEncryption) GetAuthData() []byte {
 }
 
 // Get the merged header values
-func (obj JsonWebEncryption) mergedHeaders(recipient *recipientInfo) Header {
-	out := Header{}
+func (obj JsonWebEncryption) mergedHeaders(recipient *recipientInfo) rawHeader {
+	out := rawHeader{}
 	out.merge(obj.protected)
 	out.merge(obj.unprotected)
 
@@ -174,7 +174,7 @@ func parseEncryptedCompact(input string) (*JsonWebEncryption, error) {
 		return nil, err
 	}
 
-	var protected Header
+	var protected rawHeader
 	err = json.Unmarshal(rawProtected, &protected)
 	if err != nil {
 		return nil, err

jwe_test.go

@@ -119,9 +119,9 @@ func TestFullParseJWE(t *testing.T) {
 	}
 }
 
-func TestMissingInvalidHeaders(t *testing.T) {
+func TestMissingInvalidheaders(t *testing.T) {
 	obj := &JsonWebEncryption{
-		protected: &Header{Enc: A128GCM},
+		protected: &rawHeader{Enc: A128GCM},
 		recipients: []recipientInfo{
 			recipientInfo{},
 		},
@@ -132,7 +132,7 @@ func TestMissingInvalidHeaders(t *testing.T) {
 		t.Error("should detect invalid key")
 	}
 
-	obj.protected = &Header{Alg: string(RSA1_5)}
+	obj.protected = &rawHeader{Alg: string(RSA1_5)}
 
 	_, err = obj.Decrypt(rsaTestKey)
 	if err == nil || err == ErrCryptoFailure {
@@ -143,7 +143,7 @@ func TestMissingInvalidHeaders(t *testing.T) {
 func TestCompactSerialize(t *testing.T) {
 	// Compact serialization must fail if we have unprotected headers
 	obj := &JsonWebEncryption{
-		unprotected: &Header{Alg: "XYZ"},
+		unprotected: &rawHeader{Alg: "XYZ"},
 	}
 
 	_, err := obj.CompactSerialize()

jws.go

@@ -24,17 +24,17 @@ import (
 
 // rawJsonWebSignature represents a raw JWS JSON object. Used for parsing/serializing.
 type rawJsonWebSignature struct {
-	Payload    *byteBuffer     `json:"payload,omitempty"`
+	Payload    *byteBuffer        `json:"payload,omitempty"`
 	Signatures []rawSignatureInfo `json:"signatures,omitempty"`
-	Protected  *byteBuffer     `json:"protected,omitempty"`
-	Header     *Header            `json:"header,omitempty"`
-	Signature  *byteBuffer     `json:"signature,omitempty"`
+	Protected  *byteBuffer        `json:"protected,omitempty"`
+	Header     *rawHeader         `json:"header,omitempty"`
+	Signature  *byteBuffer        `json:"signature,omitempty"`
 }
 
 // rawSignatureInfo represents a single JWS signature over the JWS payload and protected header.
 type rawSignatureInfo struct {
 	Protected *byteBuffer `json:"protected,omitempty"`
-	Header    *Header        `json:"header,omitempty"`
+	Header    *rawHeader  `json:"header,omitempty"`
 	Signature *byteBuffer `json:"signature,omitempty"`
 }
 
@@ -46,8 +46,8 @@ type JsonWebSignature struct {
 
 // signatureInfo represents a single JWS signature over the JWS payload and protected header after parsing.
 type signatureInfo struct {
-	protected *Header
-	header    *Header
+	protected *rawHeader
+	header    *rawHeader
 	signature []byte
 	original  *rawSignatureInfo
 }
@@ -63,8 +63,8 @@ func ParseSigned(input string) (*JsonWebSignature, error) {
 }
 
 // Get a header value
-func (sig signatureInfo) mergedHeaders() Header {
-	out := Header{}
+func (sig signatureInfo) mergedHeaders() rawHeader {
+	out := rawHeader{}
 	out.merge(sig.protected)
 	out.merge(sig.header)
 	return out
@@ -105,7 +105,7 @@ func parseSignedFull(input string) (*JsonWebSignature, error) {
 		// No signatures array, must be flattened serialization
 		signature := signatureInfo{}
 		if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 {
-			signature.protected = &Header{}
+			signature.protected = &rawHeader{}
 			err = json.Unmarshal(parsed.Protected.bytes(), signature.protected)
 			if err != nil {
 				return nil, err
@@ -119,7 +119,7 @@ func parseSignedFull(input string) (*JsonWebSignature, error) {
 
 	for i, sig := range parsed.Signatures {
 		if sig.Protected != nil && len(sig.Protected.bytes()) > 0 {
-			obj.signatures[i].protected = &Header{}
+			obj.signatures[i].protected = &rawHeader{}
 			err = json.Unmarshal(sig.Protected.bytes(), obj.signatures[i].protected)
 			if err != nil {
 				return nil, err
@@ -150,7 +150,7 @@ func parseSignedCompact(input string) (*JsonWebSignature, error) {
 		return nil, err
 	}
 
-	var protected Header
+	var protected rawHeader
 	err = json.Unmarshal(rawProtected, &protected)
 	if err != nil {
 		return nil, err

shared.go

@@ -107,8 +107,8 @@ const (
 	DEFLATE = CompressionAlgorithm("DEF") // DEFLATE (RFC 1951)
 )
 
-// Header represents the JOSE header for JWE/JWS objects.
-type Header struct {
+// rawHeader represents the JOSE header for JWE/JWS objects.
+type rawHeader struct {
 	Alg  string               `json:"alg,omitempty"`
 	Enc  ContentEncryption    `json:"enc,omitempty"`
 	Zip  CompressionAlgorithm `json:"zip,omitempty"`
@@ -121,7 +121,7 @@ type Header struct {
 }
 
 // Merge headers from src into dst, giving precedence to headers from l.
-func (dst *Header) merge(src *Header) {
+func (dst *rawHeader) merge(src *rawHeader) {
 	if src == nil {
 		return
 	}

signing.go

@@ -120,7 +120,7 @@ func (ctx *genericSigner) Sign(payload []byte) (*JsonWebSignature, error) {
 	obj.signatures = make([]signatureInfo, len(ctx.recipients))
 
 	for i, recipient := range ctx.recipients {
-		protected := &Header{
+		protected := &rawHeader{
 			Alg: string(recipient.sigAlg),
 		}
 

signing_test.go

@@ -220,7 +220,7 @@ func TestInvalidJWS(t *testing.T) {
 	}
 
 	obj, err := signer.Sign([]byte("Lorem ipsum dolor sit amet"))
-	obj.signatures[0].header = &Header{
+	obj.signatures[0].header = &rawHeader{
 		Crit: []string{"TEST"},
 	}
 
@@ -230,8 +230,8 @@ func TestInvalidJWS(t *testing.T) {
 	}
 
 	// Try without alg header
-	obj.signatures[0].protected = &Header{}
-	obj.signatures[0].header = &Header{}
+	obj.signatures[0].protected = &rawHeader{}
+	obj.signatures[0].header = &rawHeader{}
 
 	_, err = obj.Verify(&rsaTestKey.PublicKey)
 	if err == nil {