alrm/api/command.go

package api

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/json"
	"fmt"
	"time"
)

type Command struct {
	Expires   time.Time `json:"exp"`
	Command   string    `json:"cmd"`
	Scheme    string    `json:"sch"`
	Signature []byte    `json:"sig,omitempty"`
}

func ParseCommand(jsn []byte) (*Command, error) {
	cmd := &Command{}
	err := json.Unmarshal(jsn, cmd)
	if err != nil {
		return nil, err
	}
	return cmd, nil
}

func (c *Command) JSON() ([]byte, error) {
	return json.Marshal(c)
}

func (c *Command) Sign(key []byte) error {
	switch c.Scheme {
	case "hmac-sha256":
		j, err := c.JSON()
		if err != nil {
			return fmt.Errorf("json encoding error")
		}

		mac := hmac.New(sha256.New, key)
		mac.Write(j)
		c.Signature = mac.Sum(nil)

	case "":
		return fmt.Errorf("scheme may not be empty")

	default:
		return fmt.Errorf("unsupported scheme: %s", c.Scheme)
	}
	return nil
}

func (c *Command) Validate(key []byte) error {
	cpy := &Command{
		Expires: c.Expires,
		Command: c.Command,
		Scheme:  c.Scheme,
	}
	err := cpy.Sign(key)
	if err != nil {
		return err
	}

	if !hmac.Equal(cpy.Signature, c.Signature) {
		return fmt.Errorf("invalid signature")
	}

	if time.Now().After(c.Expires) {
		return fmt.Errorf("command expired")
	}

	return nil
}
segregated api machinery 2021-03-07 16:43:51 -09:00			`package api`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00
			`import (`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"encoding/json"`
			`"fmt"`
			`"time"`
			`)`

segregated api machinery 2021-03-07 16:43:51 -09:00			`type Command struct {`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			Expires time.Time `json:"exp"`
			Command string `json:"cmd"`
			Scheme string `json:"sch"`
			Signature []byte `json:"sig,omitempty"`
			`}`

segregated api machinery 2021-03-07 16:43:51 -09:00			`func ParseCommand(jsn []byte) (*Command, error) {`
			`cmd := &Command{}`
			`err := json.Unmarshal(jsn, cmd)`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			`if err != nil {`
			`return nil, err`
			`}`
segregated api machinery 2021-03-07 16:43:51 -09:00			`return cmd, nil`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			`}`

segregated api machinery 2021-03-07 16:43:51 -09:00			`func (c *Command) JSON() ([]byte, error) {`
			`return json.Marshal(c)`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			`}`

segregated api machinery 2021-03-07 16:43:51 -09:00			`func (c *Command) Sign(key []byte) error {`
			`switch c.Scheme {`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			`case "hmac-sha256":`
segregated api machinery 2021-03-07 16:43:51 -09:00			`j, err := c.JSON()`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			`if err != nil {`
			`return fmt.Errorf("json encoding error")`
			`}`

			`mac := hmac.New(sha256.New, key)`
			`mac.Write(j)`
segregated api machinery 2021-03-07 16:43:51 -09:00			`c.Signature = mac.Sum(nil)`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00
			`case "":`
			`return fmt.Errorf("scheme may not be empty")`

			`default:`
segregated api machinery 2021-03-07 16:43:51 -09:00			`return fmt.Errorf("unsupported scheme: %s", c.Scheme)`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			`}`
			`return nil`
			`}`

segregated api machinery 2021-03-07 16:43:51 -09:00			`func (c *Command) Validate(key []byte) error {`
			`cpy := &Command{`
			`Expires: c.Expires,`
			`Command: c.Command,`
			`Scheme: c.Scheme,`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			`}`
			`err := cpy.Sign(key)`
			`if err != nil {`
			`return err`
			`}`

segregated api machinery 2021-03-07 16:43:51 -09:00			`if !hmac.Equal(cpy.Signature, c.Signature) {`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			`return fmt.Errorf("invalid signature")`
			`}`

segregated api machinery 2021-03-07 16:43:51 -09:00			`if time.Now().After(c.Expires) {`
added hmac validation to http based api 2021-03-01 07:26:27 -09:00			`return fmt.Errorf("command expired")`
			`}`

			`return nil`
			`}`