more cleanups

solarwinds · May 10, 2024 · fce8a22 · fce8a22
1 parent 85cba6e
commit fce8a22
Show file tree

Hide file tree

Showing 6 changed files with 101 additions and 125 deletions.
diff --git a/internal/oboe/oboe.go b/internal/oboe/oboe.go
@@ -16,6 +16,7 @@ package oboe
 
 import (
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"github.com/solarwinds/apm-go/internal/config"
 	"github.com/solarwinds/apm-go/internal/constants"
@@ -53,6 +54,7 @@ type Oboe interface {
 	HasDefaultSetting() bool
 	SampleRequest(continued bool, url string, triggerTrace TriggerTraceMode, swState w3cfmt.SwTraceState) SampleDecision
 	FlushRateCounts() map[string]*metrics.RateCounts
+	GetTriggerTraceToken() ([]byte, error)
 }
 
 func NewOboe() Oboe {
@@ -301,6 +303,17 @@ func (o *oboe) HasDefaultSetting() bool {
 	return false
 }
 
+func (o *oboe) GetTriggerTraceToken() ([]byte, error) {
+	setting, ok := o.GetSetting()
+	if !ok {
+		return nil, errors.New("failed to get settings")
+	}
+	if len(setting.TriggerToken) == 0 {
+		return nil, errors.New("no valid signature key found")
+	}
+	return setting.TriggerToken, nil
+}
+
 func shouldSample(sampleRate int) bool {
 	return sampleRate == maxSamplingRate || rand.RandIntn(maxSamplingRate) <= sampleRate
 }

diff --git a/internal/reporter/context.go b/internal/reporter/context.go
diff --git a/internal/sampler/sampler_test.go b/internal/sampler/sampler_test.go
@@ -18,7 +18,6 @@ import (
 	"fmt"
 	"github.com/solarwinds/apm-go/internal/oboe"
 	"github.com/solarwinds/apm-go/internal/oboetestutils"
-	"github.com/solarwinds/apm-go/internal/reporter"
 	"github.com/solarwinds/apm-go/internal/swotel"
 	"github.com/solarwinds/apm-go/internal/testutils"
 	"github.com/solarwinds/apm-go/internal/xtrace"
@@ -484,7 +483,7 @@ func TestHydrateTraceStateValidSignature(t *testing.T) {
 	})
 	opts := fmt.Sprintf("trigger-trace;ts=%d", time.Now().Unix())
 	ctx := context.WithValue(context.Background(), xtrace.OptionsKey, opts)
-	sig, err := reporter.HmacHashTT(o, []byte(opts))
+	sig, err := xtrace.HmacHashTT(o, []byte(opts))
 	require.NoError(t, err)
 	ctx = context.WithValue(ctx, xtrace.SignatureKey, sig)
 	xto := xtrace.GetXTraceOptions(ctx, o)

diff --git a/internal/xtrace/auth.go b/internal/xtrace/auth.go
@@ -0,0 +1,31 @@
+package xtrace
+
+import "github.com/solarwinds/apm-go/internal/log"
+
+type AuthStatus int
+
+const (
+	AuthOK = iota
+	AuthBadTimestamp
+	AuthNoSignatureKey
+	AuthBadSignature
+)
+
+func (a AuthStatus) IsError() bool {
+	return a != AuthOK
+}
+
+func (a AuthStatus) Msg() string {
+	switch a {
+	case AuthOK:
+		return "ok"
+	case AuthBadTimestamp:
+		return "bad-timestamp"
+	case AuthNoSignatureKey:
+		return "no-signature-key"
+	case AuthBadSignature:
+		return "bad-signature"
+	}
+	log.Debugf("could not read msg for unknown AuthStatus: %s", a)
+	return ""
+}
diff --git a/internal/xtrace/xtrace.go b/internal/xtrace/xtrace.go
@@ -16,12 +16,17 @@ package xtrace
 
 import (
 	"context"
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/hex"
+	"fmt"
+	"github.com/pkg/errors"
 	"github.com/solarwinds/apm-go/internal/log"
 	"github.com/solarwinds/apm-go/internal/oboe"
-	"github.com/solarwinds/apm-go/internal/reporter"
 	"regexp"
 	"strconv"
 	"strings"
+	"time"
 )
 
 const (
@@ -108,7 +113,7 @@ func parseXTraceOptions(o oboe.Oboe, opts string, sig string) Options {
 	if sig == "" {
 		x.sigState = NoSignature
 	} else {
-		x.authStatus = reporter.ValidateXTraceOptionsSignature(o, sig, strconv.FormatInt(x.timestamp, 10), opts)
+		x.authStatus = validateXTraceOptionsSignature(o, sig, strconv.FormatInt(x.timestamp, 10), opts)
 		if x.authStatus.IsError() {
 			log.Warning("Invalid xtrace options signature", x.authStatus.Msg())
 			x.sigState = InvalidSignature
@@ -128,7 +133,7 @@ type Options struct {
 	tt          bool
 	ignoredKeys []string
 	sigState    SignatureState
-	authStatus  reporter.AuthStatus
+	authStatus  AuthStatus
 }
 
 func (x Options) SwKeys() string {
@@ -170,3 +175,50 @@ func (x Options) IncludeResponse() bool {
 func (x Options) SigAuthMsg() string {
 	return x.authStatus.Msg()
 }
+
+func validateXTraceOptionsSignature(o oboe.Oboe, signature, ts, data string) AuthStatus {
+	var err error
+	_, err = tsInScope(ts)
+	if err != nil {
+		return AuthBadTimestamp
+	}
+
+	token, err := o.GetTriggerTraceToken()
+	if err != nil {
+		return AuthNoSignatureKey
+	}
+
+	if hmacHash(token, []byte(data)) != signature {
+		return AuthBadSignature
+	}
+	return AuthOK
+}
+
+func HmacHashTT(o oboe.Oboe, data []byte) (string, error) {
+	token, err := o.GetTriggerTraceToken()
+	if err != nil {
+		return "", err
+	}
+	return hmacHash(token, data), nil
+}
+
+func hmacHash(token, data []byte) string {
+	h := hmac.New(sha1.New, token)
+	h.Write(data)
+	sha := hex.EncodeToString(h.Sum(nil))
+	return sha
+}
+
+func tsInScope(tsStr string) (string, error) {
+	ts, err := strconv.ParseInt(tsStr, 10, 64)
+	if err != nil {
+		return "", errors.Wrap(err, "tsInScope")
+	}
+
+	t := time.Unix(ts, 0)
+	if t.Before(time.Now().Add(time.Minute*-5)) ||
+		t.After(time.Now().Add(time.Minute*5)) {
+		return "", fmt.Errorf("timestamp out of scope: %s", tsStr)
+	}
+	return strconv.FormatInt(ts, 10), nil
+}
diff --git a/internal/xtrace/xtrace_test.go b/internal/xtrace/xtrace_test.go
@@ -23,7 +23,6 @@ import (
 	"fmt"
 	"github.com/solarwinds/apm-go/internal/oboe"
 	"github.com/solarwinds/apm-go/internal/oboetestutils"
-	"github.com/solarwinds/apm-go/internal/reporter"
 	"testing"
 	"time"
 
@@ -38,7 +37,7 @@ func TestGetXTraceOptions(t *testing.T) {
 	// Timestamp required in signature validation
 	opts := fmt.Sprintf("sw-keys=check-id:check-1013,website-id;booking-demo;ts=%d", time.Now().Unix())
 	ctx = context.WithValue(ctx, OptionsKey, opts)
-	sig, err := reporter.HmacHashTT(o, []byte(opts))
+	sig, err := HmacHashTT(o, []byte(opts))
 	if err != nil {
 		t.Fatal(err)
 	}