forked from TrueCloudLab/lego
a7b11e0447
Co-authored-by: Dominik Menke <git@dmke.org>
91 lines
2.3 KiB
Go
91 lines
2.3 KiB
Go
package internal
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha1"
|
|
"encoding/base64"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
)
|
|
|
|
const securityTokenHeader = "x-cns-security-token"
|
|
|
|
// TokenTransport HTTP transport for API authentication.
|
|
type TokenTransport struct {
|
|
apiKey string
|
|
secretKey string
|
|
|
|
// Transport is the underlying HTTP transport to use when making requests.
|
|
// It will default to http.DefaultTransport if nil.
|
|
Transport http.RoundTripper
|
|
}
|
|
|
|
// NewTokenTransport Creates a HTTP transport for API authentication.
|
|
func NewTokenTransport(apiKey, secretKey string) (*TokenTransport, error) {
|
|
if apiKey == "" {
|
|
return nil, errors.New("credentials missing: API key")
|
|
}
|
|
if secretKey == "" {
|
|
return nil, errors.New("credentials missing: secret key")
|
|
}
|
|
|
|
return &TokenTransport{apiKey: apiKey, secretKey: secretKey}, nil
|
|
}
|
|
|
|
// RoundTrip executes a single HTTP transaction.
|
|
func (t *TokenTransport) RoundTrip(req *http.Request) (*http.Response, error) {
|
|
enrichedReq := &http.Request{}
|
|
*enrichedReq = *req
|
|
|
|
enrichedReq.Header = make(http.Header, len(req.Header))
|
|
for k, s := range req.Header {
|
|
enrichedReq.Header[k] = append([]string(nil), s...)
|
|
}
|
|
|
|
if t.apiKey != "" && t.secretKey != "" {
|
|
securityToken := createCnsSecurityToken(t.apiKey, t.secretKey)
|
|
enrichedReq.Header.Set(securityTokenHeader, securityToken)
|
|
}
|
|
|
|
return t.transport().RoundTrip(enrichedReq)
|
|
}
|
|
|
|
func (t *TokenTransport) transport() http.RoundTripper {
|
|
if t.Transport != nil {
|
|
return t.Transport
|
|
}
|
|
return http.DefaultTransport
|
|
}
|
|
|
|
// Client Creates a new HTTP client.
|
|
func (t *TokenTransport) Client() *http.Client {
|
|
return &http.Client{Transport: t}
|
|
}
|
|
|
|
// Wrap wraps an HTTP client Transport with the TokenTransport.
|
|
func (t *TokenTransport) Wrap(client *http.Client) *http.Client {
|
|
backup := client.Transport
|
|
t.Transport = backup
|
|
client.Transport = t
|
|
|
|
return client
|
|
}
|
|
|
|
func createCnsSecurityToken(apiKey, secretKey string) string {
|
|
timestamp := time.Now().Round(time.Millisecond).UnixNano() / int64(time.Millisecond)
|
|
|
|
hm := encodedHmac(timestamp, secretKey)
|
|
requestDate := strconv.FormatInt(timestamp, 10)
|
|
|
|
return fmt.Sprintf("%s:%s:%s", apiKey, hm, requestDate)
|
|
}
|
|
|
|
func encodedHmac(message int64, secret string) string {
|
|
h := hmac.New(sha1.New, []byte(secret))
|
|
_, _ = h.Write([]byte(strconv.FormatInt(message, 10)))
|
|
|
|
return base64.StdEncoding.EncodeToString(h.Sum(nil))
|
|
}
|