Esempio n. 1
0
func SignatureFromHeaders(signatureHeader, metadataHeader string, crypto secure.Crypto) (Signature, error) {
	metadata := Metadata{}
	signature := Signature{}

	if metadataHeader == "" {
		return signature, errors.New("No metadata found")
	}

	metadataDecoded, err := base64.URLEncoding.DecodeString(metadataHeader)
	if err != nil {
		return signature, err
	}

	err = json.Unmarshal(metadataDecoded, &metadata)
	signatureDecoded, err := base64.URLEncoding.DecodeString(signatureHeader)
	if err != nil {
		return signature, err
	}

	signatureDecrypted, err := crypto.Decrypt(signatureDecoded, metadata.Nonce)
	if err != nil {
		return signature, err
	}

	err = json.Unmarshal([]byte(signatureDecrypted), &signature)

	return signature, err
}
Esempio n. 2
0
func BuildSignatureAndMetadata(crypto secure.Crypto, signature *Signature) (string, string, error) {
	signatureJson, err := json.Marshal(&signature)
	if err != nil {
		return "", "", err
	}

	signatureJsonEncrypted, nonce, err := crypto.Encrypt(signatureJson)
	if err != nil {
		return "", "", err
	}

	metadata := Metadata{
		Nonce: nonce,
	}

	metadataJson, err := json.Marshal(&metadata)
	if err != nil {
		return "", "", err
	}

	metadataHeader := base64.URLEncoding.EncodeToString(metadataJson)
	signatureHeader := base64.URLEncoding.EncodeToString(signatureJsonEncrypted)

	return signatureHeader, metadataHeader, nil
}
Esempio n. 3
0
package secure_test

import (
	"code.cloudfoundry.org/gorouter/common/secure"
	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
)

var _ = Describe("Crypto", func() {

	var (
		aesGcm secure.Crypto
		key    []byte
	)

	BeforeEach(func() {
		var err error
		// valid key size
		key = []byte("super-secret-key")
		Expect(err).ToNot(HaveOccurred())
		aesGcm, err = secure.NewAesGCM(key)
		Expect(err).ToNot(HaveOccurred())
	})

	Describe("NewPbkdf2", func() {

		Context("when a plaintext secret is provided", func() {

			Context("when password length is less than desired key len", func() {
				It("generates an encryption key of desired ken length", func() {
					k := secure.NewPbkdf2([]byte(""), 16)