-
Notifications
You must be signed in to change notification settings - Fork 0
/
fident.go
106 lines (89 loc) · 2.24 KB
/
fident.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package gofident
import (
"crypto"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"errors"
"io/ioutil"
"net/http"
"sort"
"strings"
)
const fidentHeaderPrefix = "X-Fident"
var fidentPublicKey *rsa.PublicKey
// InitWithPubKeyPath Inits fident client library with fident public key
func InitWithPubKeyPath(pubKeyPath string) error {
key, err := loadFidentPublicKey(pubKeyPath)
if err != nil {
return err
}
fidentPublicKey = key
return nil
}
// GetAuthStatus returns true if user is logged in else returns false
func GetAuthStatus(req *http.Request) bool {
return !(GetIdentityID(req) == "")
}
// GetIdentityID returns the ID of currently authed identity
func GetIdentityID(req *http.Request) string {
return req.Header.Get(getFidentIdentityIDHeaderKey())
}
// Verify that request is signed by fident
func Verify(req *http.Request) bool {
if fidentPublicKey == nil {
return false
}
var keys []string
for k := range req.Header {
if strings.HasPrefix(k, fidentHeaderPrefix) && k != getFidentSignatureHeaderKey() {
keys = append(keys, k)
}
}
sort.Strings(keys)
message := req.RequestURI
for _, k := range keys {
message += k + req.Header.Get(k)
}
hash := sha256.New()
hash.Write([]byte(message))
hashResult := hash.Sum(nil)
sigEncoded := req.Header.Get(getFidentSignatureHeaderKey())
rawSignature, err := base64.URLEncoding.DecodeString(sigEncoded)
if err != nil {
return false
}
result := rsa.VerifyPKCS1v15(fidentPublicKey, crypto.SHA256, hashResult, rawSignature)
if result == nil {
return true
}
return false
}
// Loads fident public key into a memory
func loadFidentPublicKey(path string) (*rsa.PublicKey, error) {
data, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
block, _ := pem.Decode(data)
if block == nil {
return nil, errors.New("No Fident RSA key found")
}
publickey, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, errors.New("Failed to parse public key")
}
rsaPubKey := publickey.(*rsa.PublicKey)
return rsaPubKey, nil
}
/**
* Header Keys
**/
func getFidentSignatureHeaderKey() string {
return fidentHeaderPrefix + "-Signature"
}
func getFidentIdentityIDHeaderKey() string {
return fidentHeaderPrefix + "-Identity-Id"
}