/
decode.go
40 lines (35 loc) · 1.03 KB
/
decode.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
package roottoken
import (
"encoding/base64"
"fmt"
"strings"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/helper/xor"
)
// DecodeToken will decode the root token returned by the Vault API
// The algorithm was initially used in the generate root command
func DecodeToken(encoded, otp string, otpLength int) (string, error) {
switch otpLength {
case 0:
// Backwards compat
tokenBytes, err := xor.XORBase64(encoded, otp)
if err != nil {
return "", fmt.Errorf("error xoring token: %s", err)
}
uuidToken, err := uuid.FormatUUID(tokenBytes)
if err != nil {
return "", fmt.Errorf("error formatting base64 token value: %s", err)
}
return strings.TrimSpace(uuidToken), nil
default:
tokenBytes, err := base64.RawStdEncoding.DecodeString(encoded)
if err != nil {
return "", fmt.Errorf("error decoding base64'd token: %v", err)
}
tokenBytes, err = xor.XORBytes(tokenBytes, []byte(otp))
if err != nil {
return "", fmt.Errorf("error xoring token: %v", err)
}
return string(tokenBytes), nil
}
}