// Authenticate implements the Provider interface authenticating a user against a
// password file. None of this is intended for prodcution use.
func (p *PwdProvider) Authenticate(user string, challenge string) bool {
salt := util.GetConfig().Authn.PwdProvider.Salt
pwdFilePath := util.GetPaths([]string{util.GetConfig().Authn.PwdProvider.PwdFileName})[0]
log.Debugf("Reading passwords from %s", pwdFilePath)
file, err := os.Open(pwdFilePath)
if err != nil {
panic(err)
}
defer file.Close()
s := bufio.NewScanner(file)
for s.Scan() {
u, p := getUnP(s.Text())
log.Debugf("Validating %s against %s and %s", user, u, p)
if u == user {
pwd, err := base64.StdEncoding.DecodeString(p)
if err != nil {
log.Debugf("Base64 decode failed for user %s", user)
return false
}
r := bcrypt.CompareHashAndPassword(pwd, []byte(salt+challenge))
if r == nil {
log.Debugf("Authenticated user %s", user)
return true
}
}
}
log.Debugf("User %s not found", user)
return false
}
// loadMintKeyByName loads a key by filename and stores it in the struct
// The function is threadsafe and panics if the key file is invalid
func LoadMintKeyByName(filename string) {
keyPath := util.GetPaths([]string{filename})[0]
b, err := ioutil.ReadFile(keyPath)
if err != nil {
log.WithFields(log.Fields{
"path": keyPath,
}).Panic("Failed to load mint key: ", err)
}
k, err := jwt.ParseRSAPrivateKeyFromPEM(b)
if err != nil {
log.WithFields(log.Fields{
"path": keyPath,
}).Panic("Failed to parse mint key: ", err)
}
log.WithFields(log.Fields{
"path": keyPath,
}).Debugf("Successfully loaded mint key from %s", keyPath)
// Store only after we are sure loading was good
mint.Lock()
defer mint.Unlock()
mint.Key = k
mint.From = keyPath
}
// loadValidateKeyByName loads a key by filename and strores it in the struct
// The function is threadsafe and panics if the key file is invalid
func loadValidateKeyByName(filename string) {
keyPath := util.GetPaths([]string{filename})[0]
b, err := ioutil.ReadFile(keyPath)
if err != nil {
log.WithFields(log.Fields{
"path": keyPath,
}).Panic("Failed to load validation key: ", err)
}
k, err := jwt.ParseRSAPublicKeyFromPEM(b)
if err != nil {
log.WithFields(log.Fields{
"path": keyPath,
}).Panic("Failed to parse validation key: ", err)
}
log.WithFields(log.Fields{
"path": keyPath,
}).Debugf("Successfully loaded validation key from %s", keyPath)
validateLock.Lock()
defer validateLock.Unlock()
key = k
}