minor refactor of HMAC verify for legibility. no functional changes

This commit is contained in:
Dave Grijalva 2015-09-14 12:07:47 -07:00
parent 127f538a32
commit 581ca99478
1 changed files with 25 additions and 15 deletions

30
hmac.go
View File

@ -44,26 +44,36 @@ func (m *SigningMethodHMAC) Alg() string {
return m.Name return m.Name
} }
// Verify the signature of HSXXX tokens. Returns nil if the signature is valid.
func (m *SigningMethodHMAC) Verify(signingString, signature string, key interface{}) error { func (m *SigningMethodHMAC) Verify(signingString, signature string, key interface{}) error {
if keyBytes, ok := key.([]byte); ok { // Verify the key is the right type
var sig []byte keyBytes, ok := key.([]byte)
var err error if !ok {
if sig, err = DecodeSegment(signature); err == nil { return ErrInvalidKey
}
// Decode signature, for comparison
sig, err := DecodeSegment(signature)
if err != nil {
return err
}
// Can we use the specified hashing method?
if !m.Hash.Available() { if !m.Hash.Available() {
return ErrHashUnavailable return ErrHashUnavailable
} }
// This signing method is symmetric, so we validate the signature
// by reproducing the signature from the signing string and key, then
// comparing that against the provided signature.
hasher := hmac.New(m.Hash.New, keyBytes) hasher := hmac.New(m.Hash.New, keyBytes)
hasher.Write([]byte(signingString)) hasher.Write([]byte(signingString))
if !hmac.Equal(sig, hasher.Sum(nil)) { if !hmac.Equal(sig, hasher.Sum(nil)) {
err = ErrSignatureInvalid return ErrSignatureInvalid
}
}
return err
} }
return ErrInvalidKey // No validation errors. Signature is good.
return nil
} }
// Implements the Sign method from SigningMethod for this signing method. // Implements the Sign method from SigningMethod for this signing method.