-
Notifications
You must be signed in to change notification settings - Fork 18
/
common.go
109 lines (99 loc) · 2.7 KB
/
common.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
// Copyright (C) 2017 Space Monkey, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package httpsig
import (
"crypto/rand"
"crypto/rsa"
"fmt"
"io"
"net/http"
"strings"
"time"
)
var (
// Rand is a hookable reader used as a random byte source.
Rand io.Reader = rand.Reader
)
// requestPath returns the :path pseudo header according to the HTTP/2 spec.
func requestPath(req *http.Request) string {
path := req.URL.Path
if path == "" {
path = "/"
}
if req.URL.RawQuery != "" {
path += "?" + req.URL.RawQuery
}
return path
}
// BuildSignatureString constructs a signature string following section 2.3
func BuildSignatureString(req *http.Request, headers []string) string {
if len(headers) == 0 {
headers = []string{"date"}
}
values := make([]string, 0, len(headers))
for _, h := range headers {
switch h {
case "(request-target)":
values = append(values, fmt.Sprintf("%s: %s %s",
h, strings.ToLower(req.Method), requestPath(req)))
case "host":
values = append(values, fmt.Sprintf("%s: %s", h, req.Host))
case "date":
if req.Header.Get(h) == "" {
req.Header.Set(h, time.Now().UTC().Format(http.TimeFormat))
}
values = append(values, fmt.Sprintf("%s: %s", h, req.Header.Get(h)))
default:
for _, value := range req.Header[http.CanonicalHeaderKey(h)] {
values = append(values,
fmt.Sprintf("%s: %s", h, strings.TrimSpace(value)))
}
}
}
return strings.Join(values, "\n")
}
// BuildSignatureData is a convenience wrapper around BuildSignatureString that
// returns []byte instead of a string.
func BuildSignatureData(req *http.Request, headers []string) []byte {
return []byte(BuildSignatureString(req, headers))
}
func toRSAPrivateKey(key interface{}) *rsa.PrivateKey {
switch k := key.(type) {
case *rsa.PrivateKey:
return k
default:
return nil
}
}
func toRSAPublicKey(key interface{}) *rsa.PublicKey {
switch k := key.(type) {
case *rsa.PublicKey:
return k
case *rsa.PrivateKey:
return &k.PublicKey
default:
return nil
}
}
func toHMACKey(key interface{}) []byte {
switch k := key.(type) {
case []byte:
return k
default:
return nil
}
}
func unsupportedAlgorithm(a Algorithm) error {
return fmt.Errorf("key does not support algorithm %q", a.Name())
}