// NewPublicKey reads the public key from a string.
func NewPublicKey(text string) (*PublicKey, error) {
text = strings.TrimSpace(text)
if !strings.HasPrefix(text, PUBLIC_KEY_TYPE) {
return nil, ErrPublicKeyFormat
}
text = strings.TrimSpace(strings.TrimPrefix(text, PUBLIC_KEY_TYPE))
b := buffer.NewBuffer(text)
k := &PublicKey{}
err := k.ReadBuffer(b)
if err != nil {
return nil, err
}
b.ScanEof()
if b.Error != nil {
return nil, b.Error
}
return k, nil
}
// NewSignRequest reads a sign request from a string.
func NewSignRequest(text string) (*SignRequest, error) {
text = strings.TrimSpace(text)
if !strings.HasPrefix(text, SIGN_REQUEST_HEADER) {
return nil, ErrSignRequestFormat
}
text = strings.TrimPrefix(text, SIGN_REQUEST_HEADER)
if !strings.HasSuffix(text, SIGN_REQUEST_FOOTER) {
return nil, ErrSignRequestFormat
}
text = strings.TrimSuffix(text, SIGN_REQUEST_FOOTER)
split := strings.Split(text, "\n\n")
if len(split) > 2 {
return nil, ErrSignRequestFormat
}
base64 := split[len(split)-1]
b := buffer.NewBuffer(base64)
request := new(SignRequest)
err := request.ReadBuffer(b)
if err != nil {
return nil, err
}
b.ScanEof()
if b.Error != nil {
return nil, b.Error
}
return request, nil
}
// NewPartialKey reads a PartialKey from its string representation
func NewPartialKey(text string) (*PartialKey, error) {
text = strings.TrimSpace(text)
if !strings.HasPrefix(text, HEADER) {
return nil, ErrPartialKeyFormat
}
text = strings.TrimPrefix(text, HEADER)
if !strings.HasSuffix(text, FOOTER) {
return nil, ErrPartialKeyFormat
}
text = strings.TrimSuffix(text, FOOTER)
split := strings.Split(text, "\n\n")
if len(split) > 2 {
return nil, ErrPartialKeyFormat
}
base64 := strings.TrimSpace(split[len(split)-1])
b := buffer.NewBuffer(base64)
t := b.ScanString()
e := b.ScanMPInt()
n := b.ScanMPInt()
d := b.ScanMPInt()
b.ScanEof()
if b.Error != nil {
return nil, b.Error
}
if t != KEY_TYPE {
return nil, ErrPartialKeyFormat
}
if e.Cmp(big.NewInt(EXPONENT)) != 0 {
return nil, ErrPartialKeyWrongExponent
}
if d.Cmp(n) > 0 {
println("Oops d")
return nil, ErrPartialKeyWrongExponent
}
k := new(PartialKey)
k.E = EXPONENT
k.N = n
k.D = d
return k, nil
}
func (O *Octokey) SignChallenge(challenge string, requestUrl string, signer Signer) (string, error) {
a := AuthRequest{
ChallengeBuffer: buffer.NewBuffer(challenge),
RequestUrl: requestUrl,
Username: signer.Username(),
ServiceName: SERVICE_NAME,
AuthMethod: AUTH_METHOD,
SigningAlgorithm: SIGNING_ALGORITHM,
}
return a.Sign(signer)
}
func (c *Challenge) ReadFrom(s string, clientIp net.IP) {
b := buffer.NewBuffer(s)
currentTime := now()
c.Version = b.ScanUint8()
c.Timestamp = b.ScanTimestamp()
c.ClientIp = b.ScanIP()
c.Random = b.ScanVarBytes()
c.Digest = b.ScanVarBytes()
b.ScanEof()
if b.Error != nil {
c.Errors = append(c.Errors, b.Error)
return
}
if c.Version != CHALLENGE_VERSION {
c.Errors = append(c.Errors, errors.New("octokey/challenge: version mismatch"))
return
}
if currentTime.Unix()+MAX_AGE < c.Timestamp.Unix() {
c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge too new"))
}
if currentTime.Unix()+MIN_AGE > c.Timestamp.Unix() {
c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge too old"))
}
if !c.ClientIp.Equal(clientIp) {
c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge IP mismatch"))
}
if len(c.Random) != RANDOM_SIZE {
c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge random mismatch"))
}
if !hmac.Equal(c.Digest, c.expectedDigest()) {
c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge HMAC mismatch"))
}
}
