func SignatureFromHeaders(signatureHeader, metadataHeader string, crypto secure.Crypto) (Signature, error) {
metadata := Metadata{}
signature := Signature{}
if metadataHeader == "" {
return signature, errors.New("No metadata found")
}
metadataDecoded, err := base64.URLEncoding.DecodeString(metadataHeader)
if err != nil {
return signature, err
}
err = json.Unmarshal(metadataDecoded, &metadata)
signatureDecoded, err := base64.URLEncoding.DecodeString(signatureHeader)
if err != nil {
return signature, err
}
signatureDecrypted, err := crypto.Decrypt(signatureDecoded, metadata.Nonce)
if err != nil {
return signature, err
}
err = json.Unmarshal([]byte(signatureDecrypted), &signature)
return signature, err
}
func BuildSignatureAndMetadata(crypto secure.Crypto, signature *Signature) (string, string, error) {
signatureJson, err := json.Marshal(&signature)
if err != nil {
return "", "", err
}
signatureJsonEncrypted, nonce, err := crypto.Encrypt(signatureJson)
if err != nil {
return "", "", err
}
metadata := Metadata{
Nonce: nonce,
}
metadataJson, err := json.Marshal(&metadata)
if err != nil {
return "", "", err
}
metadataHeader := base64.URLEncoding.EncodeToString(metadataJson)
signatureHeader := base64.URLEncoding.EncodeToString(signatureJsonEncrypted)
return signatureHeader, metadataHeader, nil
}
package secure_test
import (
"code.cloudfoundry.org/gorouter/common/secure"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var _ = Describe("Crypto", func() {
var (
aesGcm secure.Crypto
key []byte
)
BeforeEach(func() {
var err error
// valid key size
key = []byte("super-secret-key")
Expect(err).ToNot(HaveOccurred())
aesGcm, err = secure.NewAesGCM(key)
Expect(err).ToNot(HaveOccurred())
})
Describe("NewPbkdf2", func() {
Context("when a plaintext secret is provided", func() {
Context("when password length is less than desired key len", func() {
It("generates an encryption key of desired ken length", func() {
k := secure.NewPbkdf2([]byte(""), 16)