butchering stuff

go-chef · Jul 9, 2014 · d4a400a · d4a400a
1 parent 98e7812
commit d4a400a
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 13 deletions.
diff --git a/authentication.go b/authentication.go
@@ -120,3 +120,14 @@ func base64BlockEncode(content []byte, limit int) []string {
 
 	return resultSlice
 }
+
+func publicDecrypt(pubKey *rsa.PublicKey, data []byte) ([]byte, error) {
+	c := new(big.Int)
+	m := new(big.Int)
+	m.SetBytes(data)
+	e := big.NewInt(int64(pubKey.E))
+	c.Exp(m, e, pubKey.N)
+	out := c.Bytes()
+
+	return out, nil
+}
diff --git a/http.go b/http.go
@@ -7,6 +7,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"path"
 	"strings"
@@ -91,11 +92,14 @@ func (ac AuthConfig) SignRequest(request *http.Request) error {
 		content += fmt.Sprintf("%s:%s\n", key, request.Header.Get(key))
 	}
 	content = strings.TrimSuffix(content, "\n")
-
 	// generate signed string of headers
 	// Since we've gone through additional validation steps above,
 	// we shouldn't get an error at this point
-	signature, _ := generateSignature(ac.privateKey, content)
+	signature, err := generateSignature(ac.privateKey, content)
+	if err != nil {
+		log.Println("unexpected signature generation error:", err)
+		return err
+	}
 
 	// TODO: THIS IS CHEF PROTOCOL SPECIFIC
 	// Signature is made up of n 60 length chunks

diff --git a/http_test.go b/http_test.go
@@ -2,7 +2,6 @@ package chef
 
 import (
 	"bytes"
-	"crypto"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/base64"
@@ -24,6 +23,7 @@ var testRequiredHeaders = []string{
 	"X-Ops-UserId",
 	"X-Ops-Sign",
 	"X-Ops-Content-Hash",
+	"X-Ops-Authorization-1",
 }
 
 const (
@@ -32,16 +32,75 @@ const (
 	// Generated from
 	// openssl genrsa -out privkey.pem 2048
 	// perl -pe 's/\n/\\n/g' privkey.pem
-	privateKey = "-----BEGIN RSA PRIVATE KEY-----\nMIICXwIBAAKBgQDAoFRfamHVOqmJkmKyufLqvpPwLGN49a/Ze+RQ3pcwdFdb8sex\nEvr/TYAKEcxs057i8Wuaf5pFt8DFXyYL3iJlFwO30WHmeTv7WsGng2GmlxYKkYMg\nWCt5x3twLahPGzP11KSel7cPy4rzKRvkZP7aLiPIfskJ8kKQ2czCsXYibQIDAQAB\nAoGBALwSzs5qnCMJJ8c+ukcu71LryJ3TeTv9Bjkekgmzi4Kv1Svdm8P0eEUVclJi\nlmobJSMH/LvYotQ3WWxcPlWQCZtgNVWbFfAlsIc39zMOk3lsR9MF5EQIcWZZp3i2\n2h2sR1K/2cx0H+/iU7oeuPtkpGVAihb2iDEd7BK+r7jrfbcBAkEA5kAzqtblhEc4\nUPqrgVOZHiScACT8tHC/r4xUC3VqLmnfcOJKOH1E2XhLjb76IHnLD04yOXvmhS++\n58yzQY0jUQJBANYq+/7PMhJRo8AW/MDI1vOBTToKzcvwcBVZqhY/znqrA3Yg26tu\nM9oqezyc3uIN3HOCQuiZbRRVBZeKmY/r7l0CQQDF1IHQFoXrSpoLkeUL4D0eFgxn\nX2A01O8NsP+BPOf3awYNYpCsyoz+YQphhqY4gwzCYMhsdZVR9/0KAuo9tzuRAkEA\n1JzFoHfHKKJ9osPvVd/MbN8PcLCrD2v5iWiDTyU28VZ20D3cdfqoZUxJHapKJjZG\nhTFrBQjTXhztuTyyKEu7TQJBAIzBLyFcBQdLxor2bH2P2ijU/iAsCxWc5I7VE6zi\n34tYrujX4pAsT+v+06/dMsEtojLIMzffzp11l2zddH66j5g=\n-----END RSA PRIVATE KEY-----"
+	privateKey = `
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAx12nDxxOwSPHRSJEDz67a0folBqElzlu2oGMiUTS+dqtj3FU
+h5lJc1MjcprRVxcDVwhsSSo9948XEkk39IdblUCLohucqNMzOnIcdZn8zblN7Cnp
+W03UwRM0iWX1HuwHnGvm6PKeqKGqplyIXYO0qlDWCzC+VaxFTwOUk31MfOHJQn4y
+fTrfuE7h3FTElLBu065SFp3dPICIEmWCl9DadnxbnZ8ASxYQ9xG7hmZduDgjNW5l
+3x6/EFkpym+//D6AbWDcVJ1ovCsJL3CfH/NZC3ekeJ/aEeLxP/vaCSH1VYC5VsYK
+5Qg7SIa6Nth3+RZz1hYOoBJulEzwljznwoZYRQIDAQABAoIBADPQol+qAsnty5er
+PTcdHcbXLJp5feZz1dzSeL0gdxja/erfEJIhg9aGUBs0I55X69VN6h7l7K8PsHZf
+MzzJhUL4QJJETOYP5iuVhtIF0I+DTr5Hck/5nYcEv83KAvgjbiL4ZE486IF5awnL
+2OE9HtJ5KfhEleNcX7MWgiIHGb8G1jCqu/tH0GI8Z4cNgUrXMbczGwfbN/5Wc0zo
+Dtpe0Tec/Fd0DLFwRiAuheakPjlVWb7AGMDX4TyzCXfMpS1ul2jk6nGFk77uQozF
+PQUawCRp+mVS4qecgq/WqfTZZbBlW2L18/kpafvsxG8kJ7OREtrb0SloZNFHEc2Q
+70GbgKECgYEA6c/eOrI3Uour1gKezEBFmFKFH6YS/NZNpcSG5PcoqF6AVJwXg574
+Qy6RatC47e92be2TT1Oyplntj4vkZ3REv81yfz/tuXmtG0AylH7REbxubxAgYmUT
+18wUAL4s3TST2AlK4R29KwBadwUAJeOLNW+Rc4xht1galsqQRb4pUzkCgYEA2kj2
+vUhKAB7QFCPST45/5q+AATut8WeHnI+t1UaiZoK41Jre8TwlYqUgcJ16Q0H6KIbJ
+jlEZAu0IsJxjQxkD4oJgv8n5PFXdc14HcSQ512FmgCGNwtDY/AT7SQP3kOj0Rydg
+N02uuRb/55NJ07Bh+yTQNGA+M5SSnUyaRPIAMW0CgYBgVU7grDDzB60C/g1jZk/G
+VKmYwposJjfTxsc1a0gLJvSE59MgXc04EOXFNr4a+oC3Bh2dn4SJ2Z9xd1fh8Bur
+UwCLwVE3DBTwl2C/ogiN4C83/1L4d2DXlrPfInvloBYR+rIpUlFweDLNuve2pKvk
+llU9YGeaXOiHnGoY8iKgsQKBgQDZKMOHtZYhHoZlsul0ylCGAEz5bRT0V8n7QJlw
+12+TSjN1F4n6Npr+00Y9ov1SUh38GXQFiLq4RXZitYKu6wEJZCm6Q8YXd1jzgDUp
+IyAEHNsrV7Y/fSSRPKd9kVvGp2r2Kr825aqQasg16zsERbKEdrBHmwPmrsVZhi7n
+rlXw1QKBgQDBOyUJKQOgDE2u9EHybhCIbfowyIE22qn9a3WjQgfxFJ+aAL9Bg124
+fJIEzz43fJ91fe5lTOgyMF5TtU5ClAOPGtlWnXU0e5j3L4LjbcqzEbeyxvP3sn1z
+dYkX7NdNQ5E6tcJZuJCGq0HxIAQeKPf3x9DRKzMnLply6BEzyuAC4g==
+-----END RSA PRIVATE KEY-----
+`
 	// Generated from
 	// openssl rsa -in privkey.pem -pubout -out pubkey.pem
 	// perl -pe 's/\n/\\n/g' pubkey.pem
-	publicKey = "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAoFRfamHVOqmJkmKyufLqvpPw\nLGN49a/Ze+RQ3pcwdFdb8sexEvr/TYAKEcxs057i8Wuaf5pFt8DFXyYL3iJlFwO3\n0WHmeTv7WsGng2GmlxYKkYMgWCt5x3twLahPGzP11KSel7cPy4rzKRvkZP7aLiPI\nfskJ8kKQ2czCsXYibQIDAQAB\n-----END PUBLIC KEY-----"
+	publicKey = `
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx12nDxxOwSPHRSJEDz67
+a0folBqElzlu2oGMiUTS+dqtj3FUh5lJc1MjcprRVxcDVwhsSSo9948XEkk39Idb
+lUCLohucqNMzOnIcdZn8zblN7CnpW03UwRM0iWX1HuwHnGvm6PKeqKGqplyIXYO0
+qlDWCzC+VaxFTwOUk31MfOHJQn4yfTrfuE7h3FTElLBu065SFp3dPICIEmWCl9Da
+dnxbnZ8ASxYQ9xG7hmZduDgjNW5l3x6/EFkpym+//D6AbWDcVJ1ovCsJL3CfH/NZ
+C3ekeJ/aEeLxP/vaCSH1VYC5VsYK5Qg7SIa6Nth3+RZz1hYOoBJulEzwljznwoZY
+RQIDAQAB
+-----END PUBLIC KEY-----
+`
 	// Generated from
 	// openssl dsaparam -out dsaparam.pem 2048
 	// openssl gendsa  -out privkey.pem dsaparam.pem
 	// perl -pe 's/\n/\\n/g' privkey.pem
-	badPrivateKey = "-----BEGIN DSA PRIVATE KEY-----\nMIIDVwIBAAKCAQEAxjWFrCnoPs1TTgA29DsltITlkDSJM7cMSdyoC4Ty2G+9/GgF\nHqnEtNwioNXQEORRShCM7NTB2TurOHNRR7Jlj+FssiGoXAdqAGyH3+5VQJ7B1h/V\nd0GUUOOKi6QQJPSn1Sw/QpGJAIr73A4FFlParzQ63o0kjeR1i2y37VVkfSXSbX/K\nFJ7I7M+DlBFwjx3wA7CYT6Kh5nGavU8xH296tO3HYqm/6vJw1uJJIQ92MKkND0su\niND3pgCBOMBVopD+cgUmq1g0NvhmzWbmy0J9m75Ko7Jgfhv4fRAThg8NDfQ3dgJ8\nE6BDTwwDtT2lvI0AVeN6L2pHFhiwZQZCTT2TSQIhAPkiWU5wt2zl/OdroEEvJLxX\n8GcEWt5ZpTKNIjmtfjkVAoIBAQCKKDw100UvH12/aGBvMc0CFgEJe7jgrAWVdz71\ndajp6wK+tVtaRWKe2SBTuMV98TH9Bm5b+YsEt/shFVaVPOrV4heVktfYg0Wtpbjl\nEz3ahAaKyTMc12t7YJuFbm2jLNSqZSVR039yVYmDAZ/QgAPu8EAVzBqXrr+7/9rW\nDAzB9Q1/TxjKKwhbDa/iCjXnac4jscYihSyRHTcQK3zRLm+jLO5H2O9ue5LEtE7j\nf9uDCg+p4gGDlCbbELdsPniQ1CaD0uL5/CDB+tDFuVdzNwzIijzX5DO+zlLN4d1U\nHDzKrgBNa1kYkgwxOaMZ2p2Wm8+aA6Gc/89RqNOOgcszA3njAoIBAQDBPixXu+BV\n4QqRN+uJj0afEvqVDAEiDA0b9reNw5fH+c9ruPtxutNiVyrnig7Fa+tjqc5jhw/S\nOEndlPE/aFdJJy4tlNLqKbxCqHuvSBJlg9t2HCd61gudXz8ka+OQHgylFlFRkFVn\nFLGYlFrsdufJDUh4ECpdxdBrCo2r6dr89bFTQFJCb+Rhq85sSlAOYqk25GDD+0bq\nPSpPwiVTAESMI5XNCzKHW4KH8uK3KXe3/71x8k4sngjYhUIVyZW5Q6ktqvTXGhSA\nf5C0PrWE7Jpgla376Xrq0n1sn1QfJY3RHYwieBGOgZ/rzl9+XnWGQ7kRuFr0P9EF\nxuIozl9/jP86AiBt8YyodfEGTSHNVYrtKd6EeVWaohG7ZdkbykhBs8wnlg==\n-----END DSA PRIVATE KEY-----"
+	badPrivateKey = `
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVgIBAAKCAQEApv0SsaKRWyn0IrbI6i547c/gldLQ3vB5xoSuTkVOvmD3HfuE
+EVPKMS+XKlhgHOJy677zYNKUOIR78vfDVr1M89w19NSic81UwGGaOkrjQWOkoHaA
+BS4046AzYKWqHWQNn9dm7WdQlbMBcBv9u+J6EqlzstPwWVaRdbAzyPtwQZRF5WfC
+OcrQr8XpXbKsPh55FzfvFpu4KEKTY+8ynLz9uDNW2iAxj9NtRlUHQNqKQvjQsr/8
+4pVrEBh+CnzNrmPXQIbyxV0y8WukAo3I3ZXK5nsUcJhFoVCRx4aBlp9W96mYZ7OE
+dPCkFsoVhUNFo0jlJhMPODR1NXy77c4v1Kh6xwIhAJwFm6CQBOWJxZdGo2luqExE
+acUG9Hkr2qd0yccgs2tFAoIBAQCQJCwASD7X9l7nZyZvJpXMe6YreGaP3VbbHCz8
+GHs1P5exOausfJXa9gRLx2qDW0sa1ZyFUDnd2Dt810tgAhY143lufNoV3a4IRHpS
+Fm8jjDRMyBQ/BrLBBXgpwiZ9LHBuUSeoRKY0BdyRsULmcq2OaBq9J38NUblWSe2R
+NjQ45X6SGgUdHy3CrQtLjCA9l8+VPg3l05IBbXIhVSllP5AUmMG4T9x6M7NHEoSr
+c7ewKSJNvc1C8+G66Kfz8xcChKcKC2z1YzvxrlcDHF+BBLw1Ppp+yMBfhQDWIZfe
+6tpiKEEyWoyi4GkzQ+vooFIriaaL+Nnggh+iJ7BEUByHBaHnAoIBAFUxSB3bpbbp
+Vna0HN6b+svuTCFhYi9AcmI1dcyEFKycUvZjP/X07HvX2yrL8aGxMJgF6RzPob/F
++SZar3u9Fd8DUYLxis6/B5d/ih7GnfPdChrDOJM1nwlferTGHXd1TBDzugpAovCe
+JAjXiPsGmcCi9RNyoGib/FgniT7IKA7s3yJAzYSeW3wtLToSNGFJHn+TzFDBuWV4
+KH70bpEV84JIzWo0ejKzgMBQ0Zrjcsm4lGBtzaBqGSvOrlIVFuSWFYUxrSTTxthQ
+/JYz4ch8+HsQC/0HBuJ48yALDCVKsWq4Y21LRRJIOC25DfjwEYWWaKNGlDDsJA1m
+Y5WF0OX+ABcCIEXhrzI1NddyFwLnfDCQ+sy6HT8/xLKXfaipd2rpn3gL
+-----END DSA PRIVATE KEY-----
+`
 )
 
 // Gave up trying to implement this myself
@@ -219,21 +278,17 @@ func checkHeader(rw http.ResponseWriter, req *http.Request) {
 
 	// signedHeaders are base64 encoded still, we'll need to
 	// Decode them
-	sig, err := base64.StdEncoding.DecodeString(signedHeaders)
+	_, err := base64.StdEncoding.DecodeString(signedHeaders)
 	if err != nil {
 		fmt.Fprintf(rw, "Unable to decode signed headers "+err.Error())
 	}
 
 	headToCheck := assembleHeaderToCheck(req)
 	pubKey, err := publicKeyFromString([]byte(publicKey))
 
-	hash := crypto.SHA1.New()
-	hash.Write([]byte(headToCheck))
-	hashed := hash.Sum(nil)
-
-	err = rsa.VerifyPKCS1v15(pubKey, crypto.SHA1, hashed, sig)
+	_, err = publicDecrypt(pubKey, []byte(headToCheck))
 	if err != nil {
-		fmt.Fprintf(rw, "Unable to verify signature")
+		fmt.Fprintf(rw, "Unable to publicDecrypt headers")
 	}
 }