Beispiel #1
0
// Helper method for benchmarking various methods
func benchmarkSigning(b *testing.B, method jwt.SigningMethod, key interface{}) {
	t := jwt.New(method)
	b.RunParallel(func(pb *testing.PB) {
		for pb.Next() {
			if _, err := t.SignedString(key); err != nil {
				b.Fatal(err)
			}
		}
	})

}
Beispiel #2
0
// Login performs the necessary actions to start an SP initiated login.
func (sp *ServiceProvider) InitiateLogin(w http.ResponseWriter) error {
	acsURL, _ := url.Parse(sp.AcsURL)

	binding := HTTPRedirectBinding
	bindingLocation := sp.GetSSOBindingLocation(binding)
	if bindingLocation == "" {
		binding = HTTPPostBinding
		bindingLocation = sp.GetSSOBindingLocation(binding)
	}

	req, err := sp.MakeAuthenticationRequest(bindingLocation)
	if err != nil {
		return err
	}

	relayState := base64.URLEncoding.EncodeToString(randomBytes(42))
	state := jwt.New(jwt.GetSigningMethod("HS256"))
	claims := state.Claims.(jwt.MapClaims)
	claims["id"] = req.ID
	signedState, err := state.SignedString(sp.cookieSecret())
	if err != nil {
		return err
	}

	http.SetCookie(w, &http.Cookie{
		Name:     fmt.Sprintf("saml_%s", relayState),
		Value:    signedState,
		MaxAge:   int(MaxIssueDelay.Seconds()),
		HttpOnly: false,
		Path:     acsURL.Path,
	})

	if binding == HTTPRedirectBinding {
		redirectURL := req.Redirect(relayState)
		w.Header().Add("Location", redirectURL.String())
		w.WriteHeader(http.StatusFound)
		return nil
	}
	if binding == HTTPPostBinding {
		w.Header().Set("Content-Security-Policy", ""+
			"default-src; "+
			"script-src 'sha256-D8xB+y+rJ90RmLdP72xBqEEc0NUatn7yuCND0orkrgk='; "+
			"reflected-xss block; "+
			"referrer no-referrer;")
		w.Header().Add("Content-type", "text/html")
		w.Write([]byte(`<!DOCTYPE html><html><body>`))
		w.Write(req.Post(relayState))
		w.Write([]byte(`</body></html>`))
		return nil
	}
	panic("not reached")
}