diff options
| author |   简律纯 <hsiangnianian@outlook.com> | 2023-04-28 01:36:55 +0800 |
|---|---|---|
| committer | 简律纯 <hsiangnianian@outlook.com> | 2023-04-28 01:36:55 +0800 |
| commit | fc8c5fdce62fb229202659408798a7b6c98f6e8b (patch) | |
| tree | 7554f80e50de4af6fd255afa7c21bcdd58a7af34 /cli/internal/cache/cache_signature_authentication.go | |
| parent | dd84b9d64fb98746a230cd24233ff50a562c39c9 (diff) | |
| download | HydroRoll-fc8c5fdce62fb229202659408798a7b6c98f6e8b.tar.gz HydroRoll-fc8c5fdce62fb229202659408798a7b6c98f6e8b.zip | |
Diffstat (limited to 'cli/internal/cache/cache_signature_authentication.go')
| -rw-r--r-- | cli/internal/cache/cache_signature_authentication.go | 88 |
1 files changed, 0 insertions, 88 deletions
diff --git a/cli/internal/cache/cache_signature_authentication.go b/cli/internal/cache/cache_signature_authentication.go deleted file mode 100644 index f9fe4c0..0000000 --- a/cli/internal/cache/cache_signature_authentication.go +++ /dev/null @@ -1,88 +0,0 @@ -// Adapted from https://github.com/thought-machine/please -// Copyright Thought Machine, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -package cache - -import ( - "crypto/hmac" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "hash" - "os" -) - -type ArtifactSignatureAuthentication struct { - teamId string - enabled bool -} - -func (asa *ArtifactSignatureAuthentication) isEnabled() bool { - return asa.enabled -} - -// If the secret key is not found or the secret key length is 0, an error is returned -// Preference is given to the environment specified secret key. -func (asa *ArtifactSignatureAuthentication) secretKey() ([]byte, error) { - secret := os.Getenv("TURBO_REMOTE_CACHE_SIGNATURE_KEY") - if len(secret) == 0 { - return nil, errors.New("signature secret key not found. You must specify a secret key in the TURBO_REMOTE_CACHE_SIGNATURE_KEY environment variable") - } - return []byte(secret), nil -} - -func (asa *ArtifactSignatureAuthentication) generateTag(hash string, artifactBody []byte) (string, error) { - tag, err := asa.getTagGenerator(hash) - if err != nil { - return "", err - } - tag.Write(artifactBody) - return base64.StdEncoding.EncodeToString(tag.Sum(nil)), nil -} - -func (asa *ArtifactSignatureAuthentication) getTagGenerator(hash string) (hash.Hash, error) { - teamId := asa.teamId - secret, err := asa.secretKey() - if err != nil { - return nil, err - } - artifactMetadata := &struct { - Hash string `json:"hash"` - TeamId string `json:"teamId"` - }{ - Hash: hash, - TeamId: teamId, - } - metadata, err := json.Marshal(artifactMetadata) - if err != nil { - return nil, err - } - - // TODO(Gaspar) Support additional signing algorithms here - h := hmac.New(sha256.New, secret) - h.Write(metadata) - return h, nil -} - -func (asa *ArtifactSignatureAuthentication) validate(hash string, artifactBody []byte, expectedTag string) (bool, error) { - computedTag, err := asa.generateTag(hash, artifactBody) - if err != nil { - return false, fmt.Errorf("failed to verify artifact tag: %w", err) - } - return hmac.Equal([]byte(computedTag), []byte(expectedTag)), nil -} - -type StreamValidator struct { - currentHash hash.Hash -} - -func (sv *StreamValidator) Validate(expectedTag string) bool { - computedTag := base64.StdEncoding.EncodeToString(sv.currentHash.Sum(nil)) - return hmac.Equal([]byte(computedTag), []byte(expectedTag)) -} - -func (sv *StreamValidator) CurrentValue() string { - return base64.StdEncoding.EncodeToString(sv.currentHash.Sum(nil)) -} |