BAHAMAS
This commit is contained in:
@@ -1,13 +1,10 @@
|
||||
package claims
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"oc-auth/conf"
|
||||
"oc-auth/infrastructure/perms_connectors"
|
||||
"oc-auth/infrastructure/utils"
|
||||
@@ -43,11 +40,10 @@ func (h HydraClaims) decodeKey(key string) (tools.METHOD, string, error) {
|
||||
}
|
||||
|
||||
func (h HydraClaims) DecodeSignature(host string, signature string, publicKey string) (bool, error) {
|
||||
fmt.Println("DecodeSignature", host)
|
||||
hashed := sha256.Sum256([]byte(host))
|
||||
// get public key into a variable
|
||||
spkiBlock, _ := pem.Decode([]byte(publicKey))
|
||||
key, _ := x509.ParsePKCS1PublicKey(spkiBlock.Bytes)
|
||||
err := rsa.VerifyPKCS1v15(key, crypto.SHA256, hashed[:], []byte(signature))
|
||||
spkiBlock, _ := pem.Decode([]byte(publicKey)) // get public key into a variable
|
||||
err := VerifyDefault(hashed[:], spkiBlock.Bytes, signature)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
@@ -55,32 +51,28 @@ func (h HydraClaims) DecodeSignature(host string, signature string, publicKey st
|
||||
}
|
||||
|
||||
func (h HydraClaims) encodeSignature(host string) (string, error) {
|
||||
fmt.Println("encodeSignature", host)
|
||||
hashed := sha256.Sum256([]byte(host))
|
||||
// READ FILE TO GET PRIVATE KEY FROM PVK PEM PATH
|
||||
content, err := os.ReadFile(conf.GetConfig().PVKPath)
|
||||
content, err := os.ReadFile(conf.GetConfig().PrivateKeyPath)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
privateKey := string(content)
|
||||
spkiBlock, _ := pem.Decode([]byte(privateKey))
|
||||
key, _ := x509.ParsePKCS1PrivateKey(spkiBlock.Bytes)
|
||||
signature, err := rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA256, hashed[:])
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(signature), nil
|
||||
return SignDefault(hashed[:], spkiBlock.Bytes)
|
||||
}
|
||||
|
||||
func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward string, sessionClaims map[string]interface{}, publicKey string) (bool, error) {
|
||||
if sessionClaims["id_token"] == nil || sessionClaims["access_token"] == nil {
|
||||
return false, errors.New("invalid session claims")
|
||||
func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string) (bool, error) {
|
||||
idTokenClaims := sessionClaims.Session.IDToken
|
||||
if idTokenClaims["signature"] == nil {
|
||||
return false, errors.New("no signature found")
|
||||
}
|
||||
idTokenClaims := sessionClaims["id_token"].(map[string]interface{})
|
||||
signature := idTokenClaims["signature"].(string)
|
||||
if ok, err := h.DecodeSignature(host, signature, publicKey); !ok {
|
||||
return false, err
|
||||
}
|
||||
claims := sessionClaims["access_token"].(map[string]interface{})
|
||||
claims := sessionClaims.Session.AccessToken
|
||||
path := strings.ReplaceAll(forward, "http://"+host, "")
|
||||
splittedPath := strings.Split(path, "/")
|
||||
for m, p := range claims {
|
||||
@@ -114,6 +106,8 @@ func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims {
|
||||
if err != nil {
|
||||
return claims
|
||||
}
|
||||
claims.Session.AccessToken = make(map[string]interface{})
|
||||
claims.Session.IDToken = make(map[string]interface{})
|
||||
for _, perm := range perms {
|
||||
key, err := h.generateKey(perm.Relation, perm.Object)
|
||||
if err != nil {
|
||||
@@ -127,7 +121,6 @@ func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims {
|
||||
}
|
||||
claims.Session.IDToken["signature"] = sign
|
||||
return claims
|
||||
|
||||
}
|
||||
|
||||
// add signature in the token MISSING
|
||||
|
||||
Reference in New Issue
Block a user