// NewPublicKey reads the public key from a string. func NewPublicKey(text string) (*PublicKey, error) { text = strings.TrimSpace(text) if !strings.HasPrefix(text, PUBLIC_KEY_TYPE) { return nil, ErrPublicKeyFormat } text = strings.TrimSpace(strings.TrimPrefix(text, PUBLIC_KEY_TYPE)) b := buffer.NewBuffer(text) k := &PublicKey{} err := k.ReadBuffer(b) if err != nil { return nil, err } b.ScanEof() if b.Error != nil { return nil, b.Error } return k, nil }
// NewSignRequest reads a sign request from a string. func NewSignRequest(text string) (*SignRequest, error) { text = strings.TrimSpace(text) if !strings.HasPrefix(text, SIGN_REQUEST_HEADER) { return nil, ErrSignRequestFormat } text = strings.TrimPrefix(text, SIGN_REQUEST_HEADER) if !strings.HasSuffix(text, SIGN_REQUEST_FOOTER) { return nil, ErrSignRequestFormat } text = strings.TrimSuffix(text, SIGN_REQUEST_FOOTER) split := strings.Split(text, "\n\n") if len(split) > 2 { return nil, ErrSignRequestFormat } base64 := split[len(split)-1] b := buffer.NewBuffer(base64) request := new(SignRequest) err := request.ReadBuffer(b) if err != nil { return nil, err } b.ScanEof() if b.Error != nil { return nil, b.Error } return request, nil }
// NewPartialKey reads a PartialKey from its string representation func NewPartialKey(text string) (*PartialKey, error) { text = strings.TrimSpace(text) if !strings.HasPrefix(text, HEADER) { return nil, ErrPartialKeyFormat } text = strings.TrimPrefix(text, HEADER) if !strings.HasSuffix(text, FOOTER) { return nil, ErrPartialKeyFormat } text = strings.TrimSuffix(text, FOOTER) split := strings.Split(text, "\n\n") if len(split) > 2 { return nil, ErrPartialKeyFormat } base64 := strings.TrimSpace(split[len(split)-1]) b := buffer.NewBuffer(base64) t := b.ScanString() e := b.ScanMPInt() n := b.ScanMPInt() d := b.ScanMPInt() b.ScanEof() if b.Error != nil { return nil, b.Error } if t != KEY_TYPE { return nil, ErrPartialKeyFormat } if e.Cmp(big.NewInt(EXPONENT)) != 0 { return nil, ErrPartialKeyWrongExponent } if d.Cmp(n) > 0 { println("Oops d") return nil, ErrPartialKeyWrongExponent } k := new(PartialKey) k.E = EXPONENT k.N = n k.D = d return k, nil }
func (O *Octokey) SignChallenge(challenge string, requestUrl string, signer Signer) (string, error) { a := AuthRequest{ ChallengeBuffer: buffer.NewBuffer(challenge), RequestUrl: requestUrl, Username: signer.Username(), ServiceName: SERVICE_NAME, AuthMethod: AUTH_METHOD, SigningAlgorithm: SIGNING_ALGORITHM, } return a.Sign(signer) }
func (c *Challenge) ReadFrom(s string, clientIp net.IP) { b := buffer.NewBuffer(s) currentTime := now() c.Version = b.ScanUint8() c.Timestamp = b.ScanTimestamp() c.ClientIp = b.ScanIP() c.Random = b.ScanVarBytes() c.Digest = b.ScanVarBytes() b.ScanEof() if b.Error != nil { c.Errors = append(c.Errors, b.Error) return } if c.Version != CHALLENGE_VERSION { c.Errors = append(c.Errors, errors.New("octokey/challenge: version mismatch")) return } if currentTime.Unix()+MAX_AGE < c.Timestamp.Unix() { c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge too new")) } if currentTime.Unix()+MIN_AGE > c.Timestamp.Unix() { c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge too old")) } if !c.ClientIp.Equal(clientIp) { c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge IP mismatch")) } if len(c.Random) != RANDOM_SIZE { c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge random mismatch")) } if !hmac.Equal(c.Digest, c.expectedDigest()) { c.Errors = append(c.Errors, errors.New("octokey/challenge: challenge HMAC mismatch")) } }