func GenerateSignature(c *cli.Context) { url := c.String("url") if url == "" { cli.ShowCommandHelp(c, "generate") os.Exit(1) } crypto, err := common.CreateCrypto(c) if err != nil { os.Exit(1) } signature, err := createSigFromArgs(c) if err != nil { os.Exit(1) } sigEncoded, metaEncoded, err := route_service.BuildSignatureAndMetadata(crypto, &signature) if err != nil { fmt.Printf("Failed to create signature: %s", err.Error()) os.Exit(1) } fmt.Printf("Encoded Signature:\n%s\n\n", sigEncoded) fmt.Printf("Encoded Metadata:\n%s\n\n", metaEncoded) }
crypto.EncryptStub = func(plainText []byte) ([]byte, []byte, []byte, error) { nonce := []byte("some-nonce") iv := []byte("some-iv") cipherText := append(plainText, "encrypted"...) cipherText = append(cipherText, nonce...) cipherText = append(cipherText, iv...) return cipherText, nonce, iv, nil } signature = &route_service.Signature{RequestedTime: time.Now()} }) Describe("Build Signature and Metadata", func() { It("builds signature and metadata headers", func() { signatureHeader, metadata, err := route_service.BuildSignatureAndMetadata(crypto, signature) Expect(err).ToNot(HaveOccurred()) Expect(signatureHeader).ToNot(BeNil()) metadataDecoded, err := base64.URLEncoding.DecodeString(metadata) Expect(err).ToNot(HaveOccurred()) metadataStruct := route_service.Metadata{} err = json.Unmarshal([]byte(metadataDecoded), &metadataStruct) Expect(err).ToNot(HaveOccurred()) Expect(metadataStruct.Nonce).To(Equal([]byte("some-nonce"))) Expect(metadataStruct.IV).To(Equal([]byte("some-iv"))) }) Context("when unable to encrypt the signature", func() { BeforeEach(func() { crypto.EncryptReturns([]byte{}, []byte{}, []byte{}, errors.New("No entropy")) })
// validate client request header Expect(r.Header.Get("X-CF-Forwarded-Url")).To(Equal(forwardedUrl)) w.Write([]byte("My Special Snowflake Route Service\n")) }) crypto, err := secure.NewAesGCM([]byte(cryptoKey)) Expect(err).ToNot(HaveOccurred()) signature := &route_service.Signature{ RequestedTime: time.Now(), ForwardedUrl: forwardedUrl, } signatureHeader, metadataHeader, err = route_service.BuildSignatureAndMetadata(crypto, signature) Expect(err).ToNot(HaveOccurred()) }) Context("with Route Services disabled", func() { BeforeEach(func() { conf.RouteServiceEnabled = false conf.SSLSkipValidation = true routeServiceHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { Fail("Should not get here into Route Service") }) }) It("return 502 Bad Gateway", func() { ln := registerHandlerWithRouteService(r, "my_host.com", "https://"+routeServiceListener.Addr().String(), func(conn *test_util.HttpConn) { Fail("Should not get here into the app")