go-mockid/mockid/api/common.go

package api

import (
	"bytes"
	"crypto/sha256"
	"encoding/binary"
	"encoding/json"
	"errors"
	"io"
	"log"
	"math/rand"
	mathrand "math/rand"
	"net/http"
)

type Object = map[string]interface{}

// options are the things that we may need to know about a request to fulfill it properly
type options struct {
	Key     string `json:"key"`
	KeyType string `json:"kty"`
	Seed    int64  `json:"-"`
	SeedStr string `json:"seed"`
	Claims  Object `json:"claims"`
	Header  Object `json:"header"`
}

// this shananigans is only for testing and debug API stuff
func (o *options) nextReader() io.Reader {
	if 0 == o.Seed {
		return RandomReader
	}
	return rand.New(rand.NewSource(o.Seed))
}

/*
func getJWS(r *http.Request) (*options, error) {

}
*/

func getOpts(r *http.Request) (*options, error) {
	tok := make(map[string]interface{})
	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&tok)
	if nil != err && io.EOF != err {
		log.Printf("json decode error: %s", err)
		return nil, errors.New("Bad Request: invalid json body")
	}
	defer r.Body.Close()

	var seed int64
	seedStr, _ := tok["seed"].(string)
	if "" != seedStr {
		if len(seedStr) > 256 {
			return nil, errors.New("Bad Request: base64 seed should be <256 characters (and is truncated to 64-bits anyway)")
		}
		b := sha256.Sum256([]byte(seedStr))
		seed, _ = binary.ReadVarint(bytes.NewReader(b[0:8]))
	}

	key, _ := tok["key"].(string)
	opts := &options{
		Seed: seed,
		Key:  key,
	}

	opts.Claims, _ = tok["claims"].(Object)
	opts.Header, _ = tok["header"].(Object)

	var n int
	if 0 != seed {
		n = opts.nextReader().(*mathrand.Rand).Intn(2)
	} else {
		n = rand.Intn(2)
	}

	opts.KeyType, _ = tok["kty"].(string)
	if "" == opts.KeyType {
		if 0 == n {
			opts.KeyType = "RSA"
		} else {
			opts.KeyType = "EC"
		}
	}

	return opts, nil
}
add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`package api`

			`import (`
			`"bytes"`
			`"crypto/sha256"`
			`"encoding/binary"`
			`"encoding/json"`
			`"errors"`
			`"io"`
			`"log"`
			`"math/rand"`
truly deterministic RSA keys 2020-08-02 08:16:28 +00:00			`mathrand "math/rand"`
add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`"net/http"`
			`)`

can now self-sign JWS and JWT 2020-08-04 07:09:43 +00:00			`type Object = map[string]interface{}`

add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`// options are the things that we may need to know about a request to fulfill it properly`
			`type options struct {`
add api and tests for generating public keys 2020-08-02 09:39:56 +00:00			Key string `json:"key"`
truly deterministic RSA keys 2020-08-02 08:16:28 +00:00			KeyType string `json:"kty"`
			Seed int64 `json:"-"`
			SeedStr string `json:"seed"`
can now self-sign JWS and JWT 2020-08-04 07:09:43 +00:00			Claims Object `json:"claims"`
			Header Object `json:"header"`
truly deterministic RSA keys 2020-08-02 08:16:28 +00:00			`}`

			`// this shananigans is only for testing and debug API stuff`
			`func (o *options) nextReader() io.Reader {`
			`if 0 == o.Seed {`
			`return RandomReader`
			`}`
			`return rand.New(rand.NewSource(o.Seed))`
add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`}`

WIP (broken) add verify 2020-08-05 08:13:32 +00:00			`/*`
			`func getJWS(r http.Request) (options, error) {`

			`}`
			`*/`

add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`func getOpts(r http.Request) (options, error) {`
			`tok := make(map[string]interface{})`
			`decoder := json.NewDecoder(r.Body)`
			`err := decoder.Decode(&tok)`
			`if nil != err && io.EOF != err {`
			`log.Printf("json decode error: %s", err)`
			`return nil, errors.New("Bad Request: invalid json body")`
			`}`
			`defer r.Body.Close()`

			`var seed int64`
			`seedStr, _ := tok["seed"].(string)`
			`if "" != seedStr {`
			`if len(seedStr) > 256 {`
			`return nil, errors.New("Bad Request: base64 seed should be <256 characters (and is truncated to 64-bits anyway)")`
			`}`
			`b := sha256.Sum256([]byte(seedStr))`
			`seed, _ = binary.ReadVarint(bytes.NewReader(b[0:8]))`
			`}`

add api and tests for generating public keys 2020-08-02 09:39:56 +00:00			`key, _ := tok["key"].(string)`
truly deterministic RSA keys 2020-08-02 08:16:28 +00:00			`opts := &options{`
			`Seed: seed,`
add api and tests for generating public keys 2020-08-02 09:39:56 +00:00			`Key: key,`
truly deterministic RSA keys 2020-08-02 08:16:28 +00:00			`}`

can now self-sign JWS and JWT 2020-08-04 07:09:43 +00:00			`opts.Claims, _ = tok["claims"].(Object)`
			`opts.Header, _ = tok["header"].(Object)`

make key type deterministic with seed 2020-08-02 00:11:50 +00:00			`var n int`
add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`if 0 != seed {`
add api and tests for generating public keys 2020-08-02 09:39:56 +00:00			`n = opts.nextReader().(*mathrand.Rand).Intn(2)`
make key type deterministic with seed 2020-08-02 00:11:50 +00:00			`} else {`
			`n = rand.Intn(2)`
add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`}`

truly deterministic RSA keys 2020-08-02 08:16:28 +00:00			`opts.KeyType, _ = tok["kty"].(string)`
			`if "" == opts.KeyType {`
make key type deterministic with seed 2020-08-02 00:11:50 +00:00			`if 0 == n {`
truly deterministic RSA keys 2020-08-02 08:16:28 +00:00			`opts.KeyType = "RSA"`
add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`} else {`
truly deterministic RSA keys 2020-08-02 08:16:28 +00:00			`opts.KeyType = "EC"`
add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`}`
			`}`

truly deterministic RSA keys 2020-08-02 08:16:28 +00:00			`return opts, nil`
add seed for random key generator (tested) 2020-08-01 23:59:20 +00:00			`}`