func BuildSignatureAndMetadata(crypto secure.Crypto, signature *Signature) (string, string, error) { signatureJson, err := json.Marshal(&signature) if err != nil { return "", "", err } signatureJsonEncrypted, nonce, err := crypto.Encrypt(signatureJson) if err != nil { return "", "", err } metadata := Metadata{ Nonce: nonce, } metadataJson, err := json.Marshal(&metadata) if err != nil { return "", "", err } metadataHeader := base64.URLEncoding.EncodeToString(metadataJson) signatureHeader := base64.URLEncoding.EncodeToString(signatureJsonEncrypted) return signatureHeader, metadataHeader, nil }
func SignatureFromHeaders(signatureHeader, metadataHeader string, crypto secure.Crypto) (Signature, error) { metadata := Metadata{} signature := Signature{} if metadataHeader == "" { return signature, errors.New("No metadata found") } metadataDecoded, err := base64.URLEncoding.DecodeString(metadataHeader) if err != nil { return signature, err } err = json.Unmarshal(metadataDecoded, &metadata) signatureDecoded, err := base64.URLEncoding.DecodeString(signatureHeader) if err != nil { return signature, err } signatureDecrypted, err := crypto.Decrypt(signatureDecoded, metadata.Nonce) if err != nil { return signature, err } err = json.Unmarshal([]byte(signatureDecrypted), &signature) return signature, err }
package secure_test import ( "github.com/cloudfoundry/gorouter/common/secure" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) var _ = Describe("Crypto", func() { var ( aesGcm secure.Crypto key []byte ) BeforeEach(func() { var err error // valid key size key = []byte("super-secret-key") Expect(err).ToNot(HaveOccurred()) aesGcm, err = secure.NewAesGCM(key) Expect(err).ToNot(HaveOccurred()) }) Describe("NewPbkdf2", func() { Context("when a plaintext secret is provided", func() { Context("when password length is less than desired key len", func() { It("generates an encryption key of desired ken length", func() { k := secure.NewPbkdf2([]byte(""), 16)