You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
80 lines
1.4 KiB
80 lines
1.4 KiB
package api
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/json"
|
|
"fmt"
|
|
"time"
|
|
)
|
|
|
|
type Command struct {
|
|
Expires time.Time `json:"exp"`
|
|
Command string `json:"cmd"`
|
|
Scheme string `json:"sch"`
|
|
Signature []byte `json:"sig,omitempty"`
|
|
}
|
|
|
|
func NewCommand(cm string) *Command {
|
|
return &Command{
|
|
Expires: time.Now().Add(time.Second * 5),
|
|
Command: cm,
|
|
Scheme: "hmac-sha256",
|
|
}
|
|
}
|
|
|
|
func ParseCommand(jsn []byte) (*Command, error) {
|
|
cmd := &Command{}
|
|
err := json.Unmarshal(jsn, cmd)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return cmd, nil
|
|
}
|
|
|
|
func (c *Command) JSON() ([]byte, error) {
|
|
return json.Marshal(c)
|
|
}
|
|
|
|
func (c *Command) Sign(key []byte) error {
|
|
switch c.Scheme {
|
|
case "hmac-sha256":
|
|
j, err := c.JSON()
|
|
if err != nil {
|
|
return fmt.Errorf("json encoding error")
|
|
}
|
|
|
|
mac := hmac.New(sha256.New, key)
|
|
mac.Write(j)
|
|
c.Signature = mac.Sum(nil)
|
|
|
|
case "":
|
|
return fmt.Errorf("scheme may not be empty")
|
|
|
|
default:
|
|
return fmt.Errorf("unsupported scheme: %s", c.Scheme)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (c *Command) Validate(key []byte) error {
|
|
cpy := &Command{
|
|
Expires: c.Expires,
|
|
Command: c.Command,
|
|
Scheme: c.Scheme,
|
|
}
|
|
err := cpy.Sign(key)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if !hmac.Equal(cpy.Signature, c.Signature) {
|
|
return fmt.Errorf("invalid signature")
|
|
}
|
|
|
|
if time.Now().After(c.Expires) {
|
|
return fmt.Errorf("command expired")
|
|
}
|
|
|
|
return nil
|
|
}
|