2021-12-26 09:10:14 +00:00
|
|
|
package domain
|
|
|
|
|
2022-02-01 17:27:48 +00:00
|
|
|
//nolint: gosec // support old clients
|
2021-12-26 09:10:14 +00:00
|
|
|
import (
|
|
|
|
"crypto/md5"
|
|
|
|
"crypto/sha1"
|
|
|
|
"crypto/sha256"
|
|
|
|
"crypto/sha512"
|
2022-01-08 10:27:37 +00:00
|
|
|
"encoding/base64"
|
2021-12-26 09:10:14 +00:00
|
|
|
"fmt"
|
|
|
|
"hash"
|
2021-12-29 20:08:30 +00:00
|
|
|
"strconv"
|
2021-12-26 09:10:14 +00:00
|
|
|
"strings"
|
|
|
|
)
|
|
|
|
|
2022-01-29 17:50:45 +00:00
|
|
|
// CodeChallengeMethod represent a PKCE challenge method for validate verifier.
|
|
|
|
//
|
2021-12-26 09:10:14 +00:00
|
|
|
// NOTE(toby3d): Encapsulate enums in structs for extra compile-time safety:
|
|
|
|
// https://threedots.tech/post/safer-enums-in-go/#struct-based-enums
|
|
|
|
type CodeChallengeMethod struct {
|
|
|
|
hash hash.Hash
|
2022-01-29 17:50:45 +00:00
|
|
|
uid string
|
2021-12-26 09:10:14 +00:00
|
|
|
}
|
|
|
|
|
2022-02-01 17:27:48 +00:00
|
|
|
//nolint: gochecknoglobals // structs cannot be constants
|
2021-12-26 09:10:14 +00:00
|
|
|
var (
|
|
|
|
CodeChallengeMethodUndefined = CodeChallengeMethod{
|
2022-01-29 17:50:45 +00:00
|
|
|
uid: "",
|
2021-12-26 09:10:14 +00:00
|
|
|
hash: nil,
|
|
|
|
}
|
|
|
|
|
|
|
|
CodeChallengeMethodPLAIN = CodeChallengeMethod{
|
2022-01-29 17:50:45 +00:00
|
|
|
uid: "PLAIN",
|
2021-12-26 09:10:14 +00:00
|
|
|
hash: nil,
|
|
|
|
}
|
|
|
|
|
|
|
|
CodeChallengeMethodMD5 = CodeChallengeMethod{
|
2022-02-01 17:27:48 +00:00
|
|
|
uid: "MD5",
|
|
|
|
//nolint: gosec // support old clients
|
2021-12-26 09:10:14 +00:00
|
|
|
hash: md5.New(),
|
|
|
|
}
|
|
|
|
|
|
|
|
CodeChallengeMethodS1 = CodeChallengeMethod{
|
2022-02-01 17:27:48 +00:00
|
|
|
uid: "S1",
|
|
|
|
//nolint: gosec // support old clients
|
2021-12-26 09:10:14 +00:00
|
|
|
hash: sha1.New(),
|
|
|
|
}
|
|
|
|
|
|
|
|
CodeChallengeMethodS256 = CodeChallengeMethod{
|
2022-01-29 17:50:45 +00:00
|
|
|
uid: "S256",
|
2021-12-26 09:10:14 +00:00
|
|
|
hash: sha256.New(),
|
|
|
|
}
|
|
|
|
|
|
|
|
CodeChallengeMethodS512 = CodeChallengeMethod{
|
2022-01-29 17:50:45 +00:00
|
|
|
uid: "S512",
|
2021-12-26 09:10:14 +00:00
|
|
|
hash: sha512.New(),
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
2022-01-29 19:30:57 +00:00
|
|
|
var ErrCodeChallengeMethodUnknown error = NewError(
|
|
|
|
ErrorCodeInvalidRequest,
|
|
|
|
"unknown code_challene_method",
|
|
|
|
"https://indieauth.net/source/#authorization-request",
|
|
|
|
)
|
2021-12-26 09:10:14 +00:00
|
|
|
|
2022-02-01 17:27:48 +00:00
|
|
|
//nolint: gochecknoglobals // maps cannot be constants
|
2021-12-26 09:10:14 +00:00
|
|
|
var slugsMethods = map[string]CodeChallengeMethod{
|
2022-01-29 17:50:45 +00:00
|
|
|
CodeChallengeMethodMD5.uid: CodeChallengeMethodMD5,
|
|
|
|
CodeChallengeMethodPLAIN.uid: CodeChallengeMethodPLAIN,
|
|
|
|
CodeChallengeMethodS1.uid: CodeChallengeMethodS1,
|
|
|
|
CodeChallengeMethodS256.uid: CodeChallengeMethodS256,
|
|
|
|
CodeChallengeMethodS512.uid: CodeChallengeMethodS512,
|
2021-12-26 09:10:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ParseCodeChallengeMethod parse string identifier of code challenge method
|
|
|
|
// into struct enum.
|
2022-01-29 17:50:45 +00:00
|
|
|
func ParseCodeChallengeMethod(uid string) (CodeChallengeMethod, error) {
|
|
|
|
if method, ok := slugsMethods[strings.ToUpper(uid)]; ok {
|
2021-12-26 09:10:14 +00:00
|
|
|
return method, nil
|
|
|
|
}
|
|
|
|
|
2022-01-29 17:50:45 +00:00
|
|
|
return CodeChallengeMethodUndefined, fmt.Errorf("%w: %s", ErrCodeChallengeMethodUnknown, uid)
|
2021-12-26 09:10:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// UnmarshalForm implements custom unmarshler for form values.
|
|
|
|
func (ccm *CodeChallengeMethod) UnmarshalForm(v []byte) error {
|
|
|
|
method, err := ParseCodeChallengeMethod(string(v))
|
|
|
|
if err != nil {
|
2022-01-29 17:50:45 +00:00
|
|
|
return fmt.Errorf("UnmarshalForm: %w", err)
|
2021-12-26 09:10:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
*ccm = method
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-01-29 17:50:45 +00:00
|
|
|
// UnmarshalJSON implements custom unmarshler for JSON.
|
2021-12-29 20:08:30 +00:00
|
|
|
func (ccm *CodeChallengeMethod) UnmarshalJSON(v []byte) error {
|
|
|
|
src, err := strconv.Unquote(string(v))
|
|
|
|
if err != nil {
|
2022-01-29 17:50:45 +00:00
|
|
|
return fmt.Errorf("UnmarshalJSON: %w", err)
|
2021-12-29 20:08:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
method, err := ParseCodeChallengeMethod(src)
|
|
|
|
if err != nil {
|
2022-01-29 17:50:45 +00:00
|
|
|
return fmt.Errorf("UnmarshalJSON: %w", err)
|
2021-12-29 20:08:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
*ccm = method
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-12-26 09:10:14 +00:00
|
|
|
// String returns string representation of code challenge method.
|
|
|
|
func (ccm CodeChallengeMethod) String() string {
|
2022-01-29 17:50:45 +00:00
|
|
|
return ccm.uid
|
2021-12-26 09:10:14 +00:00
|
|
|
}
|
|
|
|
|
2022-01-29 17:50:45 +00:00
|
|
|
// Validate checks for a match to the verifier with the hashed version of the
|
|
|
|
// challenge via the chosen method.
|
2022-01-08 10:27:37 +00:00
|
|
|
func (ccm CodeChallengeMethod) Validate(codeChallenge, verifier string) bool {
|
2022-01-29 17:50:45 +00:00
|
|
|
if ccm.uid == CodeChallengeMethodUndefined.uid {
|
2022-01-08 10:27:37 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2022-01-29 17:50:45 +00:00
|
|
|
if ccm.uid == CodeChallengeMethodPLAIN.uid {
|
2022-01-08 10:27:37 +00:00
|
|
|
return codeChallenge == verifier
|
|
|
|
}
|
|
|
|
|
|
|
|
return codeChallenge == base64.RawURLEncoding.EncodeToString(ccm.hash.Sum([]byte(verifier)))
|
2021-12-26 09:10:14 +00:00
|
|
|
}
|