eric/onix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
08db0c6d460bab0d3dcec241325ceaca62895c88
onix/pkg/plugin/implementation/signVerifier/signVerifier.go
mayur.popli 530740c428 fix: logging module
2025-03-23 17:06:44 +05:30

121 lines
3.8 KiB
Go
Raw Blame History

package verifier
import (
"context"
"crypto/ed25519"
"encoding/base64"
"fmt"
"strconv"
"strings"
"time"
"golang.org/x/crypto/blake2b"
)
// Config struct for Verifier.
type Config struct {
}
// Verifier implements the Verifier interface.
type Verifier struct {
config *Config
}
// New creates a new Verifier instance.
func New(ctx context.Context, config *Config) (*Verifier, func() error, error) {
v := &Verifier{config: config}
return v, v.Close, nil
}
// Verify checks the signature for the given payload and public key.
func (v *Verifier) Verify(ctx context.Context, body []byte, header []byte, publicKeyBase64 string) (bool, error) {
createdTimestamp, expiredTimestamp, signature, err := parseAuthHeader(string(header))
if err != nil {
// TODO: Return appropriate error code when Error Code Handling Module is ready
return false, fmt.Errorf("error parsing header: %w", err)
}
signatureBytes, err := base64.StdEncoding.DecodeString(signature)
if err != nil {
// TODO: Return appropriate error code when Error Code Handling Module is ready
return false, fmt.Errorf("error decoding signature: %w", err)
}
currentTime := time.Now().Unix()
if createdTimestamp > currentTime || currentTime > expiredTimestamp {
// TODO: Return appropriate error code when Error Code Handling Module is ready
return false, fmt.Errorf("signature is expired or not yet valid")
}
createdTime := time.Unix(createdTimestamp, 0)
expiredTime := time.Unix(expiredTimestamp, 0)
signingString := hash(body, createdTime.Unix(), expiredTime.Unix())
decodedPublicKey, err := base64.StdEncoding.DecodeString(publicKeyBase64)
if err != nil {
// TODO: Return appropriate error code when Error Code Handling Module is ready
return false, fmt.Errorf("error decoding public key: %w", err)
}
if !ed25519.Verify(ed25519.PublicKey(decodedPublicKey), []byte(signingString), signatureBytes) {
// TODO: Return appropriate error code when Error Code Handling Module is ready
return false, fmt.Errorf("signature verification failed")
}
return true, nil
}
// parseAuthHeader extracts signature values from the Authorization header.
func parseAuthHeader(header string) (int64, int64, string, error) {
header = strings.TrimPrefix(header, "Signature ")
parts := strings.Split(header, ",")
signatureMap := make(map[string]string)
for _, part := range parts {
keyValue := strings.SplitN(strings.TrimSpace(part), "=", 2)
if len(keyValue) == 2 {
key := strings.TrimSpace(keyValue[0])
value := strings.Trim(keyValue[1], "\"")
signatureMap[key] = value
}
}
createdTimestamp, err := strconv.ParseInt(signatureMap["created"], 10, 64)
if err != nil {
// TODO: Return appropriate error code when Error Code Handling Module is ready
return 0, 0, "", fmt.Errorf("invalid created timestamp: %w", err)
}
expiredTimestamp, err := strconv.ParseInt(signatureMap["expires"], 10, 64)
if err != nil {
// TODO: Return appropriate error code when Error Code Handling Module is ready
return 0, 0, "", fmt.Errorf("invalid expires timestamp: %w", err)
}
signature := signatureMap["signature"]
if signature == "" {
// TODO: Return appropriate error code when Error Code Handling Module is ready
return 0, 0, "", fmt.Errorf("signature missing in header")
}
return createdTimestamp, expiredTimestamp, signature, nil
}
// hash constructs a signing string for verification.
func hash(payload []byte, createdTimestamp, expiredTimestamp int64) string {
hasher, _ := blake2b.New512(nil)
hasher.Write(payload)
hashSum := hasher.Sum(nil)
digestB64 := base64.StdEncoding.EncodeToString(hashSum)
return fmt.Sprintf("(created): %d\n(expires): %d\ndigest: BLAKE-512=%s", createdTimestamp, expiredTimestamp, digestB64)
}
// Close releases resources (mock implementation returning nil).
func (v *Verifier) Close() error {
return nil
}
Reference in New Issue View Git Blame Copy Permalink