osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Watch 14
Star 6
Wiki 捐赠
本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branch: gamification
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'gamification'
${ noResults }
com/vendor/github.com/yohcop/openid-go/nonce_store.go

88 lines
2.3KB
Raw Permalink Blame History 

  1. package openid

  2. 

  3. import (

  4. 	"errors"

  5. 	"flag"

  6. 	"fmt"

  7. 	"sync"

  8. 	"time"

  9. )

  10. 

  11. var maxNonceAge = flag.Duration("openid-max-nonce-age",

  12. 	60*time.Second,

  13. 	"Maximum accepted age for openid nonces. The bigger, the more"+

  14. 		"memory is needed to store used nonces.")

  15. 

  16. type NonceStore interface {

  17. 	// Returns nil if accepted, an error otherwise.

  18. 	Accept(endpoint, nonce string) error

  19. }

  20. 

  21. type Nonce struct {

  22. 	T time.Time

  23. 	S string

  24. }

  25. 

  26. type SimpleNonceStore struct {

  27. 	store map[string][]*Nonce

  28. 	mutex *sync.Mutex

  29. }

  30. 

  31. func NewSimpleNonceStore() *SimpleNonceStore {

  32. 	return &SimpleNonceStore{store: map[string][]*Nonce{}, mutex: &sync.Mutex{}}

  33. }

  34. 

  35. func (d *SimpleNonceStore) Accept(endpoint, nonce string) error {

  36. 	// Value: A string 255 characters or less in length, that MUST be

  37. 	// unique to this particular successful authentication response.

  38. 	if len(nonce) < 20 || len(nonce) > 256 {

  39. 		return errors.New("Invalid nonce")

  40. 	}

  41. 

  42. 	// The nonce MUST start with the current time on the server, and MAY

  43. 	// contain additional ASCII characters in the range 33-126 inclusive

  44. 	// (printable non-whitespace characters), as necessary to make each

  45. 	// response unique. The date and time MUST be formatted as specified in

  46. 	// section 5.6 of [RFC3339], with the following restrictions:

  47. 

  48. 	// All times must be in the UTC timezone, indicated with a "Z".  No

  49. 	// fractional seconds are allowed For example:

  50. 	// 2005-05-15T17:11:51ZUNIQUE

  51. 	ts, err := time.Parse(time.RFC3339, nonce[0:20])

  52. 	if err != nil {

  53. 		return err

  54. 	}

  55. 	now := time.Now()

  56. 	diff := now.Sub(ts)

  57. 	if diff > *maxNonceAge {

  58. 		return fmt.Errorf("Nonce too old: %ds", diff.Seconds())

  59. 	}

  60. 

  61. 	s := nonce[20:]

  62. 

  63. 	// Meh.. now we have to use a mutex, to protect that map from

  64. 	// concurrent access. Could put a go routine in charge of it

  65. 	// though.

  66. 	d.mutex.Lock()

  67. 	defer d.mutex.Unlock()

  68. 

  69. 	if nonces, hasOp := d.store[endpoint]; hasOp {

  70. 		// Delete old nonces while we are at it.

  71. 		newNonces := []*Nonce{{ts, s}}

  72. 		for _, n := range nonces {

  73. 			if n.T == ts && n.S == s {

  74. 				// If return early, just ignore the filtered list

  75. 				// we have been building so far...

  76. 				return errors.New("Nonce already used")

  77. 			}

  78. 			if now.Sub(n.T) < *maxNonceAge {

  79. 				newNonces = append(newNonces, n)

  80. 			}

  81. 		}

  82. 		d.store[endpoint] = newNonces

  83. 	} else {

  84. 		d.store[endpoint] = []*Nonce{{ts, s}}

  85. 	}

  86. 	return nil

  87. }
上海开阖软件有限公司 沪ICP备12045867号-1