-
Notifications
You must be signed in to change notification settings - Fork 5
/
hmac.go
33 lines (28 loc) · 903 Bytes
/
hmac.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
// Copyright (c) Derek Author(s) 2017. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
package auth
import (
"crypto/hmac"
"crypto/sha1"
"encoding/hex"
"fmt"
)
// CheckMAC verifies hash checksum
func CheckMAC(message, messageMAC, key []byte) bool {
mac := hmac.New(sha1.New, key)
mac.Write(message)
expectedMAC := mac.Sum(nil)
return hmac.Equal(messageMAC, expectedMAC)
}
// ValidateHMAC validate a digest from Github via xHubSignature
func ValidateHMAC(secret string, bytesIn []byte, xHubSignature string) error {
if len(xHubSignature) > 5 {
messageMAC := xHubSignature[5:] // first few chars are: sha1=
messageMACBuf, _ := hex.DecodeString(messageMAC)
res := CheckMAC(bytesIn, []byte(messageMACBuf), []byte(secret))
if !res {
return fmt.Errorf("invalid message digest or secret")
}
}
return nil
}