Example #1
1
File: Mint.go Project: e-gov/fox 
// GetToken wraps the incoming username into a TokenStruct, serializes the result to json
// and generates a Fernet token based on the resulting string
func GetToken(username string) string {
	// If the configuration has changed, re-load the keys
	if confVersion != util.GetConfig().Version {
		loadMintKey()
	}

	claims := jwt.StandardClaims{
		Issuer:    "FoxAuthn",
		Subject:   username,
		IssuedAt:  time.Now().Unix(),
		ExpiresAt: time.Now().Add(time.Duration(util.GetConfig().Authn.TokenTTL) * time.Second).Unix(),
	}

	log.WithFields(log.Fields{
		"claims": claims,
	}).Debug("Going to sign with these claims")

	token := jwt.NewWithClaims(jwt.SigningMethodRS384, claims)
	ss, err := token.SignedString(GetKey())
	if err != nil {
		log.WithFields(log.Fields{
			"path": mint.From,
		}).Panic("Failed to create signed token: ", err)
	}
	return ss
}
Example #2
0
// Authenticate implements the Provider interface authenticating a user against a
// password file. None of this is intended for prodcution use.
func (p *PwdProvider) Authenticate(user string, challenge string) bool {
	salt := util.GetConfig().Authn.PwdProvider.Salt
	pwdFilePath := util.GetPaths([]string{util.GetConfig().Authn.PwdProvider.PwdFileName})[0]
	log.Debugf("Reading passwords from %s", pwdFilePath)
	file, err := os.Open(pwdFilePath)

	if err != nil {
		panic(err)
	}

	defer file.Close()

	s := bufio.NewScanner(file)
	for s.Scan() {
		u, p := getUnP(s.Text())
		log.Debugf("Validating %s against %s and %s", user, u, p)
		if u == user {
			pwd, err := base64.StdEncoding.DecodeString(p)
			if err != nil {
				log.Debugf("Base64 decode failed for user %s", user)
				return false
			}
			r := bcrypt.CompareHashAndPassword(pwd, []byte(salt+challenge))
			if r == nil {
				log.Debugf("Authenticated user %s", user)
				return true
			}
		}
	}
	log.Debugf("User %s not found", user)

	return false
}
Example #3
0
// HashPassword creates a valid base64 encoded hash for the given password
func HashPassword(password string) string {
	salt := util.GetConfig().Authn.PwdProvider.Salt

	b, _ := bcrypt.GenerateFromPassword([]byte(salt+password), 10)

	return base64.StdEncoding.EncodeToString(b)

}
Example #4
0
File: Storage.go Project: e-gov/fox 
func GetFoxes() ([]Fox, error) {
	var foxes []Fox

	foxes = make([]Fox, 0)
	fname := util.GetConfig().Storage.Filepath
	files, _ := ioutil.ReadDir(fname)
	for _, f := range files {
		fox, err := ReadFox(f.Name())
		if err != nil {
			return foxes, err
		}
		foxes = append(foxes, fox)
	}

	return foxes, nil
}
Example #5
0
// Decrypt decrypts a string containing a token
// It returns nil if
// - the token has been minted more than tokenTTL minutes ago
// - the token message is not a valid TokenStruct
// - the token cannot be decrypted using known keys
func Decrypt(tokenString string) *jwt.StandardClaims {

	// If the configuration has changed, re-load the keys
	if confVersion != util.GetConfig().Version {
		loadValidateKeys()
	}

	token, err := jwt.ParseWithClaims(tokenString, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		}
		return GetValidateKey(), nil
	})

	if err != nil {
		if ve, ok := err.(*jwt.ValidationError); ok {
			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
				log.WithFields(log.Fields{
					"token": token,
				}).Error("Malformed token received")

			} else {
				if ve.Errors&jwt.ValidationErrorExpired != 0 {
					log.WithFields(log.Fields{
						"token": token,
					}).Error("Token expired")

				} else {
					log.WithFields(log.Fields{
						"token": token,
					}).Error("Could not handle the token ", err)
				}
			}
		}
		return nil
	} else {
		if token.Valid {
			return token.Claims.(*jwt.StandardClaims)
		} else {
			log.WithFields(log.Fields{
				"token": token,
			}).Error("Invalid token but no error given")
			return nil
		}
	}
}
Example #6
0
File: authz.go Project: e-gov/fox 
// GetProvider returns the current authz provider and loads a new one
// if configuration has changed
func GetProvider() Provider {
	pLock.Lock()
	defer pLock.Unlock()
	p := util.GetConfig().Authz.Provider
	if p == "" {
		log.Warning("No authorization provider configured, all access will be denied")
		return nil
	}

	if provider == nil {
		loadProvider(p)
	}

	if provider.GetName() != p {
		log.Debugf("Changing authz provider. Was %s is %s", provider.GetName(), p)
		loadProvider(p)
	}

	return provider
}
Example #7
0
File: Mint.go Project: e-gov/fox 
func loadMintKey() {
	LoadMintKeyByName(util.GetConfig().Authn.MintKeyName)
	confVersion = util.GetConfig().Version
}
Example #8
0
File: Mint.go Project: e-gov/fox 
func InitMint() {
	confVersion = util.GetConfig().Version
	loadMintKey()
}
Example #9
0
File: Storage.go Project: e-gov/fox 
func getFileName(uuid string) string {
	return util.GetConfig().Storage.Filepath + uuid
}
Example #10
0
func loadValidateKeys() {
	loadValidateKeyByName(util.GetConfig().Authn.ValidateKeyName)
	confVersion = util.GetConfig().Version
}
Example #11
0
// InitValidator initializes the validator by storing current config version,
// creating a new lock and loading validation keys
func InitValidator() {
	confVersion = util.GetConfig().Version
	validateLock = new(sync.RWMutex)
	loadValidateKeys()
}