-
-
Notifications
You must be signed in to change notification settings - Fork 17
/
message.go
170 lines (137 loc) · 4.59 KB
/
message.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
package paseto
import (
"strings"
"aidanwoods.dev/go-paseto/internal/encoding"
)
// Message is a building block type, only use if you need to use Paseto
// cryptography without Paseto's token or validator semantics.
type message struct {
protocol Protocol
p payload
footer []byte
}
// NewMessage creates a new message from the given token, with an expected
// protocol. If the given token does not match the given token, or if the
// token cannot be parsed, will return an error instead.
func newMessage(protocol Protocol, token string) (message, error) {
header, encodedPayload, encodedFooter, err := deconstructToken(token)
if err != nil {
return message{}, err
}
if header != protocol.Header() {
return message{}, errorMessageHeader(protocol, header)
}
payloadBytes, err := encoding.Decode(encodedPayload)
if err != nil {
return message{}, &TokenError{err}
}
footer, err := encoding.Decode(encodedFooter)
if err != nil {
return message{}, &TokenError{err}
}
payload, err := protocol.newPayload(payloadBytes)
if err != nil {
return message{}, err
}
return newMessageFromPayload(payload, footer), nil
}
// Header returns the header string for a Paseto message.
func (m message) header() string {
return m.protocol.Header()
}
// UnsafeFooter returns the footer of a Paseto message. Beware that this footer
// is not cryptographically verified at this stage.
func (m message) unsafeFooter() []byte {
return m.footer
}
// Encoded returns the string representation of a Paseto message.
func (m message) encoded() string {
main := m.header() + encoding.Encode(m.p.bytes())
if len(m.footer) == 0 {
return main
}
return main + "." + encoding.Encode(m.footer)
}
func newMessageFromPayload(payload payload, footer []byte) message {
if protocol, err := protocolForPayload(payload); err == nil {
return message{protocol, payload, footer}
}
// Assume internal callers won't construct bad payloads
panic("Sanity check for payload failed")
}
func deconstructToken(token string) (header string, encodedPayload string, encodedFooter string, err error) {
parts := strings.Split(token, ".")
partsLen := len(parts)
if partsLen != 3 && partsLen != 4 {
err = errorMessageParts(len(parts))
return
}
header = parts[0] + "." + parts[1] + "."
encodedPayload = parts[2]
if partsLen == 4 {
encodedFooter = parts[3]
} else {
encodedFooter = ""
}
return header, encodedPayload, encodedFooter, nil
}
// V2Verify will verify a v2 public paseto message. Will return a pointer to
// the verified token (but not validated with rules) if successful, or error in
// the event of failure.
func (m message) v2Verify(key V2AsymmetricPublicKey) (*Token, error) {
packet, err := v2PublicVerify(m, key)
if err != nil {
return nil, err
}
return packet.token()
}
// V2Decrypt will decrypt a v2 local paseto message. Will return a pointer to
// the decrypted token (but not validated with rules) if successful, or error in
// the event of failure.
func (m message) v2Decrypt(key V2SymmetricKey) (*Token, error) {
packet, err := v2LocalDecrypt(m, key)
if err != nil {
return nil, err
}
return packet.token()
}
// V3Verify will verify a v4 public paseto message. Will return a pointer to
// the verified token (but not validated with rules) if successful, or error in
// the event of failure.
func (m message) v3Verify(key V3AsymmetricPublicKey, implicit []byte) (*Token, error) {
packet, err := v3PublicVerify(m, key, implicit)
if err != nil {
return nil, err
}
return packet.token()
}
// V3Decrypt will decrypt a v3 local paseto message. Will return a pointer to
// the decrypted token (but not validated with rules) if successful, or error in
// the event of failure.
func (m message) v3Decrypt(key V3SymmetricKey, implicit []byte) (*Token, error) {
packet, err := v3LocalDecrypt(m, key, implicit)
if err != nil {
return nil, err
}
return packet.token()
}
// V4Verify will verify a v4 public paseto message. Will return a pointer to
// the verified token (but not validated with rules) if successful, or error in
// the event of failure.
func (m message) v4Verify(key V4AsymmetricPublicKey, implicit []byte) (*Token, error) {
packet, err := v4PublicVerify(m, key, implicit)
if err != nil {
return nil, err
}
return packet.token()
}
// V4Decrypt will decrypt a v4 local paseto message. Will return a pointer to
// the decrypted token (but not validated with rules) if successful, or error in
// the event of failure.
func (m message) v4Decrypt(key V4SymmetricKey, implicit []byte) (*Token, error) {
packet, err := v4LocalDecrypt(m, key, implicit)
if err != nil {
return nil, err
}
return packet.token()
}