mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-01 19:36:32 +02:00
c13459bb88
* authorize: authorization module adds support for per-route access policy. In this release we support the most common forms of identity based access policy: `allowed_users`, `allowed_groups`, and `allowed_domains`. In future versions, the authorization module will also support context and device based authorization policy and decisions. See website documentation for more details. * docs: updated `env.example` to include a `POLICY` setting example. * docs: added `IDP_SERVICE_ACCOUNT` to `env.example` . * docs: removed `PROXY_ROOT_DOMAIN` settings which has been replaced by `POLICY`. * all: removed `ALLOWED_DOMAINS` settings which has been replaced by `POLICY`. Authorization is now handled by the authorization service and is defined in the policy configuration files. * proxy: `ROUTES` settings which has been replaced by `POLICY`. * internal/log: `http.Server` and `httputil.NewSingleHostReverseProxy` now uses pomerium's logging package instead of the standard library's built in one. Closes #54 Closes #41 Closes #61 Closes #58
81 lines
1.6 KiB
Go
81 lines
1.6 KiB
Go
package cryptutil // import "github.com/pomerium/pomerium/internal/cryptutil"
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/sha512"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"testing"
|
|
)
|
|
|
|
func TestPasswordHashing(t *testing.T) {
|
|
t.Parallel()
|
|
bcryptTests := []struct {
|
|
plaintext []byte
|
|
hash []byte
|
|
}{
|
|
{
|
|
plaintext: []byte("password"),
|
|
hash: []byte("$2a$14$uALAQb/Lwl59oHVbuUa5m.xEFmQBc9ME/IiSgJK/VHtNJJXASCDoS"),
|
|
},
|
|
}
|
|
|
|
for _, tt := range bcryptTests {
|
|
hashed, err := HashPassword(tt.plaintext)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
|
|
if err = CheckPasswordHash(hashed, tt.plaintext); err != nil {
|
|
t.Error(err)
|
|
}
|
|
}
|
|
}
|
|
|
|
// Benchmarks SHA256 on 16K of random data.
|
|
func BenchmarkSHA256(b *testing.B) {
|
|
data, err := ioutil.ReadFile("testdata/random")
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
b.SetBytes(int64(len(data)))
|
|
for i := 0; i < b.N; i++ {
|
|
_ = sha256.Sum256(data)
|
|
}
|
|
}
|
|
|
|
// Benchmarks SHA512/256 on 16K of random data.
|
|
func BenchmarkSHA512_256(b *testing.B) {
|
|
data, err := ioutil.ReadFile("testdata/random")
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
b.SetBytes(int64(len(data)))
|
|
for i := 0; i < b.N; i++ {
|
|
_ = sha512.Sum512_256(data)
|
|
}
|
|
}
|
|
|
|
func BenchmarkBcrypt(b *testing.B) {
|
|
for i := 0; i < b.N; i++ {
|
|
_, err := HashPassword([]byte("thisisareallybadpassword"))
|
|
if err != nil {
|
|
b.Error(err)
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
func ExampleHash() {
|
|
tag := "hashing file for lookup key"
|
|
contents, err := ioutil.ReadFile("testdata/random")
|
|
if err != nil {
|
|
fmt.Printf("could not read file: %v\n", err)
|
|
os.Exit(1)
|
|
}
|
|
digest := Hash(tag, contents)
|
|
fmt.Println(hex.EncodeToString(digest))
|
|
// Output: 9f4c795d8ae5c207f19184ccebee6a606c1fdfe509c793614066d613580f03e1
|
|
}
|