From 8d260c6a7ebaa94b15f16adc85fa50f22aff839f Mon Sep 17 00:00:00 2001 From: Cameron Moore Date: Fri, 16 Feb 2018 20:26:33 -0600 Subject: [PATCH] Apply gofmt --- hook/hook.go | 84 +++++++++++++++++++++---------------------- hook/hook_test.go | 92 +++++++++++++++++++++++------------------------ test/hookecho.go | 2 +- 3 files changed, 89 insertions(+), 89 deletions(-) diff --git a/hook/hook.go b/hook/hook.go index 434d7f73..f5e20ade 100644 --- a/hook/hook.go +++ b/hook/hook.go @@ -11,8 +11,8 @@ import ( "errors" "fmt" "io/ioutil" - "math" "log" + "math" "net" "net/textproto" "os" @@ -129,44 +129,44 @@ func CheckPayloadSignature256(payload []byte, secret string, signature string) ( } return expectedMAC, err } - -func CheckScalrSignature(headers map[string]interface{}, body []byte, signingKey string, checkDate bool) (bool, error) { - // Check for the signature and date headers - if _, ok := headers["X-Signature"]; !ok { - return false, nil - } - if _, ok := headers["Date"]; !ok { - return false, nil - } - providedSignature := headers["X-Signature"].(string) - dateHeader := headers["Date"].(string) - mac := hmac.New(sha1.New, []byte(signingKey)) - mac.Write(body) - mac.Write([]byte(dateHeader)) - expectedSignature := hex.EncodeToString(mac.Sum(nil)) - - if !hmac.Equal([]byte(providedSignature), []byte(expectedSignature)) { - return false, &SignatureError{providedSignature} - } - - if !checkDate { - return true, nil - } - // Example format: Fri 08 Sep 2017 11:24:32 UTC - date, err := time.Parse("Mon 02 Jan 2006 15:04:05 MST", dateHeader) - //date, err := time.Parse(time.RFC1123, dateHeader) - if err != nil { - return false, err - } - now := time.Now() - delta := math.Abs(now.Sub(date).Seconds()) - - if delta > 300 { - return false, &SignatureError{"outdated"} - } - return true, nil - } - + +func CheckScalrSignature(headers map[string]interface{}, body []byte, signingKey string, checkDate bool) (bool, error) { + // Check for the signature and date headers + if _, ok := headers["X-Signature"]; !ok { + return false, nil + } + if _, ok := headers["Date"]; !ok { + return false, nil + } + providedSignature := headers["X-Signature"].(string) + dateHeader := headers["Date"].(string) + mac := hmac.New(sha1.New, []byte(signingKey)) + mac.Write(body) + mac.Write([]byte(dateHeader)) + expectedSignature := hex.EncodeToString(mac.Sum(nil)) + + if !hmac.Equal([]byte(providedSignature), []byte(expectedSignature)) { + return false, &SignatureError{providedSignature} + } + + if !checkDate { + return true, nil + } + // Example format: Fri 08 Sep 2017 11:24:32 UTC + date, err := time.Parse("Mon 02 Jan 2006 15:04:05 MST", dateHeader) + //date, err := time.Parse(time.RFC1123, dateHeader) + if err != nil { + return false, err + } + now := time.Now() + delta := math.Abs(now.Sub(date).Seconds()) + + if delta > 300 { + return false, &SignatureError{"outdated"} + } + return true, nil +} + // CheckIPWhitelist makes sure the provided remote address (of the form IP:port) falls within the provided IP range // (in CIDR form or a single IP address). func CheckIPWhitelist(remoteAddr string, ipRange string) (bool, error) { @@ -751,10 +751,10 @@ func (r MatchRule) Evaluate(headers, query, payload *map[string]interface{}, bod if r.Type == IPWhitelist { return CheckIPWhitelist(remoteAddr, r.IPRange) } - if r.Type == ScalrSignature { - return CheckScalrSignature(*headers, *body, r.Secret, true) + if r.Type == ScalrSignature { + return CheckScalrSignature(*headers, *body, r.Secret, true) } - + if arg, ok := r.Parameter.Get(headers, query, payload); ok { switch r.Type { case MatchValue: diff --git a/hook/hook_test.go b/hook/hook_test.go index d1134f17..1794a7c4 100644 --- a/hook/hook_test.go +++ b/hook/hook_test.go @@ -60,52 +60,52 @@ func TestCheckPayloadSignature256(t *testing.T) { } } -var checkScalrSignatureTests = []struct { - description string - headers map[string]interface{} - payload []byte - secret string - expectedSignature string - ok bool -}{ - { - "Valid signature", - map[string]interface{}{"Date": "Thu 07 Sep 2017 06:30:04 UTC", "X-Signature": "48e395e38ac48988929167df531eb2da00063a7d"}, - []byte(`{"a": "b"}`), "bilFGi4ZVZUdG+C6r0NIM9tuRq6PaG33R3eBUVhLwMAErGBaazvXe4Gq2DcJs5q+", - "48e395e38ac48988929167df531eb2da00063a7d", true, - }, - { - "Wrong signature", - map[string]interface{}{"Date": "Thu 07 Sep 2017 06:30:04 UTC", "X-Signature": "999395e38ac48988929167df531eb2da00063a7d"}, - []byte(`{"a": "b"}`), "bilFGi4ZVZUdG+C6r0NIM9tuRq6PaG33R3eBUVhLwMAErGBaazvXe4Gq2DcJs5q+", - "48e395e38ac48988929167df531eb2da00063a7d", false, - }, - { - "Missing Date header", - map[string]interface{}{"X-Signature": "999395e38ac48988929167df531eb2da00063a7d"}, - []byte(`{"a": "b"}`), "bilFGi4ZVZUdG+C6r0NIM9tuRq6PaG33R3eBUVhLwMAErGBaazvXe4Gq2DcJs5q+", - "48e395e38ac48988929167df531eb2da00063a7d", false, - }, - { - "Missing X-Signature header", - map[string]interface{}{"Date": "Thu 07 Sep 2017 06:30:04 UTC"}, - []byte(`{"a": "b"}`), "bilFGi4ZVZUdG+C6r0NIM9tuRq6PaG33R3eBUVhLwMAErGBaazvXe4Gq2DcJs5q+", - "48e395e38ac48988929167df531eb2da00063a7d", false, - }, -} - -func TestCheckScalrSignature(t *testing.T) { - for _, testCase := range checkScalrSignatureTests { - valid, err := CheckScalrSignature(testCase.headers, testCase.payload, testCase.secret, false) - if valid != testCase.ok { - t.Errorf("failed to check scalr signature fot test case: %s\nexpected ok:%#v, got ok:%#v}", - testCase.description, testCase.ok, valid) - } - - if err != nil && strings.Contains(err.Error(), testCase.expectedSignature) { - t.Errorf("error message should not disclose expected mac: %s on test case %s", err, testCase.description) - } - } +var checkScalrSignatureTests = []struct { + description string + headers map[string]interface{} + payload []byte + secret string + expectedSignature string + ok bool +}{ + { + "Valid signature", + map[string]interface{}{"Date": "Thu 07 Sep 2017 06:30:04 UTC", "X-Signature": "48e395e38ac48988929167df531eb2da00063a7d"}, + []byte(`{"a": "b"}`), "bilFGi4ZVZUdG+C6r0NIM9tuRq6PaG33R3eBUVhLwMAErGBaazvXe4Gq2DcJs5q+", + "48e395e38ac48988929167df531eb2da00063a7d", true, + }, + { + "Wrong signature", + map[string]interface{}{"Date": "Thu 07 Sep 2017 06:30:04 UTC", "X-Signature": "999395e38ac48988929167df531eb2da00063a7d"}, + []byte(`{"a": "b"}`), "bilFGi4ZVZUdG+C6r0NIM9tuRq6PaG33R3eBUVhLwMAErGBaazvXe4Gq2DcJs5q+", + "48e395e38ac48988929167df531eb2da00063a7d", false, + }, + { + "Missing Date header", + map[string]interface{}{"X-Signature": "999395e38ac48988929167df531eb2da00063a7d"}, + []byte(`{"a": "b"}`), "bilFGi4ZVZUdG+C6r0NIM9tuRq6PaG33R3eBUVhLwMAErGBaazvXe4Gq2DcJs5q+", + "48e395e38ac48988929167df531eb2da00063a7d", false, + }, + { + "Missing X-Signature header", + map[string]interface{}{"Date": "Thu 07 Sep 2017 06:30:04 UTC"}, + []byte(`{"a": "b"}`), "bilFGi4ZVZUdG+C6r0NIM9tuRq6PaG33R3eBUVhLwMAErGBaazvXe4Gq2DcJs5q+", + "48e395e38ac48988929167df531eb2da00063a7d", false, + }, +} + +func TestCheckScalrSignature(t *testing.T) { + for _, testCase := range checkScalrSignatureTests { + valid, err := CheckScalrSignature(testCase.headers, testCase.payload, testCase.secret, false) + if valid != testCase.ok { + t.Errorf("failed to check scalr signature fot test case: %s\nexpected ok:%#v, got ok:%#v}", + testCase.description, testCase.ok, valid) + } + + if err != nil && strings.Contains(err.Error(), testCase.expectedSignature) { + t.Errorf("error message should not disclose expected mac: %s on test case %s", err, testCase.description) + } + } } var extractParameterTests = []struct { diff --git a/test/hookecho.go b/test/hookecho.go index 8e308ff4..6e5e9f7b 100644 --- a/test/hookecho.go +++ b/test/hookecho.go @@ -5,8 +5,8 @@ package main import ( "fmt" "os" - "strings" "strconv" + "strings" ) func main() {