func SignatureFromHeaders(signatureHeader, metadataHeader string, crypto secure.Crypto) (Signature, error) {
metadata := Metadata{}
signature := Signature{}
if metadataHeader == "" {
return signature, errors.New("No metadata found")
}
metadataDecoded, err := base64.URLEncoding.DecodeString(metadataHeader)
if err != nil {
return signature, err
}
err = json.Unmarshal(metadataDecoded, &metadata)
signatureDecoded, err := base64.URLEncoding.DecodeString(signatureHeader)
if err != nil {
return signature, err
}
signatureDecrypted, err := crypto.Decrypt(signatureDecoded, metadata.Nonce)
if err != nil {
return signature, err
}
err = json.Unmarshal([]byte(signatureDecrypted), &signature)
return signature, err
}
plainText = []byte("this is a secret message!")
cipherText []byte
nonce []byte
)
BeforeEach(func() {
var err error
cipherText, nonce, err = aesGcm.Encrypt(plainText)
Expect(err).ToNot(HaveOccurred())
Expect(cipherText).ToNot(Equal(plainText))
Expect(nonce).ToNot(BeNil())
})
Context("when using correct key and nonce", func() {
It("decrypts the cipher text", func() {
decryptedText, err := aesGcm.Decrypt(cipherText, nonce)
Expect(err).ToNot(HaveOccurred())
Expect(decryptedText).To(Equal(plainText))
})
})
Context("when using an invalid key", func() {
It("returns an error", func() {
otherKey := []byte("0123456789ABCDEF")
otherAesGcm, err := secure.NewAesGCM(otherKey)
Expect(err).ToNot(HaveOccurred())
decryptedText, err := otherAesGcm.Decrypt(cipherText, nonce)
Expect(err).To(HaveOccurred())
Expect(err.Error()).Should(ContainSubstring("authentication failed"))