Пример #1
0
func GenerateSignature(c *cli.Context) {
	url := c.String("url")

	if url == "" {
		cli.ShowCommandHelp(c, "generate")
		os.Exit(1)
	}

	crypto, err := common.CreateCrypto(c)
	if err != nil {
		os.Exit(1)
	}

	signature, err := createSigFromArgs(c)
	if err != nil {
		os.Exit(1)
	}

	sigEncoded, metaEncoded, err := header.BuildSignatureAndMetadata(crypto, &signature)
	if err != nil {
		fmt.Printf("Failed to create signature: %s", err.Error())
		os.Exit(1)
	}

	fmt.Printf("Encoded Signature:\n%s\n\n", sigEncoded)
	fmt.Printf("Encoded Metadata:\n%s\n\n", metaEncoded)
}
Пример #2
0
func (rs *RouteServiceConfig) generateSignatureAndMetadata(forwardedUrlRaw string) (string, string, error) {
	decodedURL, err := url.QueryUnescape(forwardedUrlRaw)
	if err != nil {
		rs.logger.Error("proxy.route-service.invalidForwardedURL", err)
		return "", "", err
	}
	signature := &header.Signature{
		RequestedTime: time.Now(),
		ForwardedUrl:  decodedURL,
	}

	signatureHeader, metadataHeader, err := header.BuildSignatureAndMetadata(rs.crypto, signature)
	if err != nil {
		return "", "", err
	}
	return signatureHeader, metadataHeader, nil
}
Пример #3
0
			return []byte(decryptedStr), nil
		}

		crypto.EncryptStub = func(plainText []byte) ([]byte, []byte, error) {
			nonce := []byte("some-nonce")
			cipherText := append(plainText, "encrypted"...)
			cipherText = append(cipherText, nonce...)
			return cipherText, nonce, nil
		}

		signature = &header.Signature{RequestedTime: time.Now()}
	})

	Describe("Build Signature and Metadata", func() {
		It("builds signature and metadata headers", func() {
			signatureHeader, metadata, err := header.BuildSignatureAndMetadata(crypto, signature)
			Expect(err).ToNot(HaveOccurred())
			Expect(signatureHeader).ToNot(BeNil())
			metadataDecoded, err := base64.URLEncoding.DecodeString(metadata)
			Expect(err).ToNot(HaveOccurred())
			metadataStruct := header.Metadata{}
			err = json.Unmarshal([]byte(metadataDecoded), &metadataStruct)
			Expect(err).ToNot(HaveOccurred())
			Expect(metadataStruct.Nonce).To(Equal([]byte("some-nonce")))
		})

		Context("when unable to encrypt the signature", func() {
			BeforeEach(func() {
				crypto.EncryptReturns([]byte{}, []byte{}, errors.New("No entropy"))
			})
Пример #4
0
				req.Header.Set(routeservice.RouteServiceSignature, signatureHeader)
				req.Header.Set(routeservice.RouteServiceMetadata, metadataHeader)
				conn.WriteRequest(req)

				res, body := conn.ReadResponse()
				Expect(res.StatusCode).To(Equal(http.StatusOK))
				Expect(body).To(ContainSubstring("backend instance"))
			})

			Context("when a request has an expired Route service signature header", func() {
				BeforeEach(func() {
					signature := &header.Signature{
						RequestedTime: time.Now().Add(-10 * time.Hour),
						ForwardedUrl:  forwardedUrl,
					}
					signatureHeader, metadataHeader, _ = header.BuildSignatureAndMetadata(crypto, signature)
				})

				It("returns an route service request expired error", func() {
					ln := registerHandlerWithRouteService(r, "my_host.com", "https://expired.com", func(conn *test_util.HttpConn) {
						Fail("Should not get here")
					})
					defer ln.Close()
					conn := dialProxy(proxyServer)

					req := test_util.NewRequest("GET", "my_host.com", "/resource+9-9_9?query=123&query$2=345#page1..5", nil)
					req.Header.Set(routeservice.RouteServiceSignature, signatureHeader)
					req.Header.Set(routeservice.RouteServiceMetadata, metadataHeader)
					req.Header.Set(routeservice.RouteServiceForwardedURL, forwardedUrl)
					conn.WriteRequest(req)