wrenn/sandbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e4ead076e363da61f9bcc230acd882562f466dbb
sandbox/envd/internal/shared/keys/key.go

102 lines
2.3 KiB
Go
Raw Blame History

// SPDX-License-Identifier: Apache-2.0
package keys
import (
"crypto/rand"
"encoding/hex"
"fmt"
"strings"
)
const (
identifierValueSuffixLength = 4
identifierValuePrefixLength = 2
keyLength = 20
)
var hasher Hasher = NewSHA256Hashing()
type Key struct {
PrefixedRawValue string
HashedValue string
Masked MaskedIdentifier
}
type MaskedIdentifier struct {
Prefix string
ValueLength int
MaskedValuePrefix string
MaskedValueSuffix string
}
// MaskKey returns identifier masking properties in accordance to the OpenAPI response spec
func MaskKey(prefix, value string) (MaskedIdentifier, error) {
valueLength := len(value)
suffixOffset := valueLength - identifierValueSuffixLength
prefixOffset := identifierValuePrefixLength
if suffixOffset < 0 {
return MaskedIdentifier{}, fmt.Errorf("mask value length is less than identifier suffix length (%d)", identifierValueSuffixLength)
}
if suffixOffset == 0 {
return MaskedIdentifier{}, fmt.Errorf("mask value length is equal to identifier suffix length (%d), which would expose the entire identifier in the mask", identifierValueSuffixLength)
}
// cap prefixOffset by suffixOffset to prevent overlap with the suffix.
if prefixOffset > suffixOffset {
prefixOffset = suffixOffset
}
maskPrefix := value[:prefixOffset]
maskSuffix := value[suffixOffset:]
maskedIdentifierProperties := MaskedIdentifier{
Prefix: prefix,
ValueLength: valueLength,
MaskedValuePrefix: maskPrefix,
MaskedValueSuffix: maskSuffix,
}
return maskedIdentifierProperties, nil
}
func GenerateKey(prefix string) (Key, error) {
keyBytes := make([]byte, keyLength)
_, err := rand.Read(keyBytes)
if err != nil {
return Key{}, err
}
generatedIdentifier := hex.EncodeToString(keyBytes)
mask, err := MaskKey(prefix, generatedIdentifier)
if err != nil {
return Key{}, err
}
return Key{
PrefixedRawValue: prefix + generatedIdentifier,
HashedValue: hasher.Hash(keyBytes),
Masked: mask,
}, nil
}
func VerifyKey(prefix string, key string) (string, error) {
if !strings.HasPrefix(key, prefix) {
return "", fmt.Errorf("invalid key prefix")
}
keyValue := key[len(prefix):]
keyBytes, err := hex.DecodeString(keyValue)
if err != nil {
return "", fmt.Errorf("invalid key")
}
return hasher.Hash(keyBytes), nil
}
Reference in New Issue View Git Blame Copy Permalink