From a8702432015187171c5120cbf5020bfca7be35b6 Mon Sep 17 00:00:00 2001
From: Dave Day <djd@golang.org>
Date: Mon, 18 Jul 2016 10:34:09 +1000
Subject: [PATCH] jws: use base64.RawURLEncoding

The Raw (unpadded) version of URL encoding was introduced in Go 1.5.
Since we no longer need to support Go 1.4 (and indeed, Go 1.4 won't work
because of our dependency on golang.org/x/net/context), we can simplify
the base64 encoding/decoding to use this directly.

Fixes golang/oauth2#190.

Change-Id: Ic2676edf5fe5b4d1680409fd9c02bd1c287ca39f
Reviewed-on: https://go-review.googlesource.com/25000
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 google/jwt_test.go |  3 +--
 jws/jws.go         | 32 ++++++--------------------------
 2 files changed, 7 insertions(+), 28 deletions(-)

diff --git a/google/jwt_test.go b/google/jwt_test.go
index a62f23dc..7f9a2f83 100644
--- a/google/jwt_test.go
+++ b/google/jwt_test.go
@@ -76,8 +76,7 @@ func TestJWTAccessTokenSourceFromJSON(t *testing.T) {
 
 	// Finally, check the header private key.
 	parts := strings.Split(tok.AccessToken, ".")
-	parts[0] += strings.Repeat("=", len(parts[0])%4) // Add padding.
-	hdrJSON, err := base64.URLEncoding.DecodeString(parts[0])
+	hdrJSON, err := base64.RawURLEncoding.DecodeString(parts[0])
 	if err != nil {
 		t.Fatalf("base64 DecodeString: %v\nString: %q", err, parts[0])
 	}
diff --git a/jws/jws.go b/jws/jws.go
index 2343443e..c6bb7f62 100644
--- a/jws/jws.go
+++ b/jws/jws.go
@@ -64,7 +64,7 @@ func (c *ClaimSet) encode() (string, error) {
 	}
 
 	if len(c.PrivateClaims) == 0 {
-		return base64Encode(b), nil
+		return base64.RawURLEncoding.EncodeToString(b), nil
 	}
 
 	// Marshal private claim set and then append it to b.
@@ -82,7 +82,7 @@ func (c *ClaimSet) encode() (string, error) {
 	}
 	b[len(b)-1] = ','         // Replace closing curly brace with a comma.
 	b = append(b, prv[1:]...) // Append private claims.
-	return base64Encode(b), nil
+	return base64.RawURLEncoding.EncodeToString(b), nil
 }
 
 // Header represents the header for the signed JWS payloads.
@@ -102,7 +102,7 @@ func (h *Header) encode() (string, error) {
 	if err != nil {
 		return "", err
 	}
-	return base64Encode(b), nil
+	return base64.RawURLEncoding.EncodeToString(b), nil
 }
 
 // Decode decodes a claim set from a JWS payload.
@@ -113,7 +113,7 @@ func Decode(payload string) (*ClaimSet, error) {
 		// TODO(jbd): Provide more context about the error.
 		return nil, errors.New("jws: invalid token received")
 	}
-	decoded, err := base64Decode(s[1])
+	decoded, err := base64.RawURLEncoding.DecodeString(s[1])
 	if err != nil {
 		return nil, err
 	}
@@ -140,7 +140,7 @@ func EncodeWithSigner(header *Header, c *ClaimSet, sg Signer) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	return fmt.Sprintf("%s.%s", ss, base64Encode(sig)), nil
+	return fmt.Sprintf("%s.%s", ss, base64.RawURLEncoding.EncodeToString(sig)), nil
 }
 
 // Encode encodes a signed JWS with provided header and claim set.
@@ -163,7 +163,7 @@ func Verify(token string, key *rsa.PublicKey) error {
 	}
 
 	signedContent := parts[0] + "." + parts[1]
-	signatureString, err := base64Decode(parts[2])
+	signatureString, err := base64.RawURLEncoding.DecodeString(parts[2])
 	if err != nil {
 		return err
 	}
@@ -172,23 +172,3 @@ func Verify(token string, key *rsa.PublicKey) error {
 	h.Write([]byte(signedContent))
 	return rsa.VerifyPKCS1v15(key, crypto.SHA256, h.Sum(nil), []byte(signatureString))
 }
-
-// base64Encode returns and Base64url encoded version of the input string with any
-// trailing "=" stripped.
-func base64Encode(b []byte) string {
-	return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
-}
-
-// base64Decode decodes the Base64url encoded string
-func base64Decode(s string) ([]byte, error) {
-	// add back missing padding
-	switch len(s) % 4 {
-	case 1:
-		s += "==="
-	case 2:
-		s += "=="
-	case 3:
-		s += "="
-	}
-	return base64.URLEncoding.DecodeString(s)
-}