3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-25 05:58:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

internal/cryputil: combines aead and cryptutil packages.

Browse source 
- Refactored encrypt / decrypt methods to use aead's NonceSize() interface method.
- Add explicit GenerateKey function.
- Remove mutex on XChaCha20.
This commit is contained in:
Bobby DeSimone 2019-01-18 11:55:04 -08:00
parent 131810ccfe
commit 24b11b0428
No known key found for this signature in database
GPG key ID: AEE4CF12FE86D07E
11 changed files with 44 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

2
proxy/authenticator/authenticator.go
View file

@ -61,7 +61,6 @@ func NewAuthenticateClient(uri *url.URL, sharedKey string, sessionValid, session
return &AuthenticateClient{
AuthenticateServiceURL: uri,
// ClientID: clientID,
SharedKey: sharedKey,
SignInURL: uri.ResolveReference(&url.URL{Path: "/sign_in"}),
@ -258,7 +257,6 @@ func (p *AuthenticateClient) ValidateSessionState(s *sessions.SessionState) bool
// authentication, and is merely unavailable, we validate and continue
// as normal during the "grace period"
if isProviderUnavailable(resp.StatusCode) && p.withinGracePeriod(s) {
//tags := []string{"action:validate_session", "error:validation_failed"}
s.ValidDeadline = extendDeadline(p.SessionValidTTL)
return true
}

4
proxy/handlers.go
View file

@ -8,7 +8,7 @@ import (
"net/url"
"reflect"
"github.com/pomerium/pomerium/internal/aead"
"github.com/pomerium/pomerium/internal/cryptutil"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/log"
"github.com/pomerium/pomerium/internal/middleware"
@ -167,7 +167,7 @@ func (p *Proxy) OAuthStart(rw http.ResponseWriter, req *http.Request) {
callbackURL := p.GetRedirectURL(req.Host)
// generate nonce
key := aead.GenerateKey()
key := cryptutil.GenerateKey()
// state prevents cross site forgery and maintain state across the client and server
state := &StateParameter{

6
proxy/proxy.go
View file

@ -13,7 +13,7 @@ import (
"time"
"github.com/pomerium/envconfig"
"github.com/pomerium/pomerium/internal/aead"
"github.com/pomerium/pomerium/internal/cryptutil"
"github.com/pomerium/pomerium/internal/log"
"github.com/pomerium/pomerium/internal/sessions"
"github.com/pomerium/pomerium/internal/templates"
@ -117,7 +117,7 @@ type Proxy struct {
// services
authenticateClient *authenticator.AuthenticateClient
// session
cipher aead.Cipher
cipher cryptutil.Cipher
csrfStore sessions.CSRFStore
sessionStore sessions.SessionStore
@ -144,7 +144,7 @@ func NewProxy(opts *Options) (*Proxy, error) {
// error explicitly handled by validate
decodedSecret, _ := base64.StdEncoding.DecodeString(opts.CookieSecret)
cipher, err := aead.New(decodedSecret)
cipher, err := cryptutil.NewCipher(decodedSecret)
if err != nil {
return nil, fmt.Errorf("cookie-secret error: %s", err.Error())
}