-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathauth.go
110 lines (91 loc) · 3.45 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/*
Copyright (c) 2018 Usabilla
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, dis-
tribute, sublicense, and/or sell copies of the Software, and to permit
persons to whom the Software is furnished to do so, subject to the fol-
lowing conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
package usabilla
import "fmt"
const (
algorithm = "USBL1-HMAC-SHA256"
terminator = "usbl1_request"
startor = "USBL1"
)
// Auth holds the key and secret information and provides methods that
// encapsulate the whole request signing process of the API.
type auth struct {
key, secret string
}
// Header creates the authorization header.
func (au *auth) header(method, uri, query, rfcdate, host, shortDate, shortDateTime string) string {
return fmt.Sprintf(
"%s Credential=%s/%s, SignedHeaders=%s, Signature=%s",
algorithm,
au.key,
au.credentialScope(shortDate),
au.signedHeaders(),
au.signature(method, uri, query, rfcdate, host, shortDate, shortDateTime),
)
}
// Create the credential scope that includes the short date format and termination string.
func (au *auth) credentialScope(shortDate string) string {
return shortDate + "/" + terminator
}
// Create a signature using the string to sign.
func (au *auth) signature(method, uri, query, rfcdate, host, shortDate, shortDateTime string) string {
dig := keyedHash([]byte(startor+au.secret), []byte(shortDate))
dig = keyedHash(dig, []byte(terminator))
sts := au.stringToSign(method, uri, query, rfcdate, host, shortDate, shortDateTime)
return hexKeyedHash(dig, []byte(sts))
}
// Return the signed headers.
func (au *auth) signedHeaders() string {
return "date;host"
}
// Create a hexademical hash of the payload.
func (au *auth) payload(load string) string {
return hexHash([]byte(load))
}
// Create a hexademical hash of the canonical request.
func (au *auth) hashedCanonicalRequest(method, uri, query, rfcdate, host string) string {
return hexHash([]byte(au.canonicalRequest(method, uri, query, rfcdate, host)))
}
// Create the string to be used for signing.
func (au *auth) stringToSign(method, uri, query, rfcdate, host, shortDate, shortDateTime string) string {
return fmt.Sprintf(
"%s\n%s\n%s\n%s",
algorithm,
shortDateTime,
au.credentialScope(shortDate),
au.hashedCanonicalRequest(method, uri, query, rfcdate, host),
)
}
// Create a canonical format of the request.
func (au *auth) canonicalRequest(method, uri, query, rfcdate, host string) string {
return fmt.Sprintf(
"%s\n%s\n%s\n%s\n%s\n%s",
method,
uri,
query,
au.canonicalHeaders(rfcdate, host),
au.signedHeaders(),
au.payload(""),
)
}
// Create a canonical format of the headers.
func (au *auth) canonicalHeaders(rfcdate, host string) string {
return fmt.Sprintf("date:%s\nhost:%s\n", rfcdate, host)
}