1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: Apache-2.0
18 reObsoleteToken = regexp.MustCompile(`^[0-9a-z]{41,}$`)
19 ErrObsoleteToken = errors.New("obsolete token format")
20 ErrTokenFormat = errors.New("badly formatted token")
21 ErrSalted = errors.New("token already salted")
24 func SaltToken(token, remote string) (string, error) {
25 parts := strings.Split(token, "/")
26 if len(parts) < 3 || parts[0] != "v2" {
27 if reObsoleteToken.MatchString(token) {
28 return "", ErrObsoleteToken
30 return "", ErrTokenFormat
35 if len(secret) != 40 {
37 hmac := hmac.New(sha1.New, []byte(secret))
38 io.WriteString(hmac, remote)
39 secret = fmt.Sprintf("%x", hmac.Sum(nil))
40 return "v2/" + uuid + "/" + secret, nil
41 } else if strings.HasPrefix(uuid, remote) {
42 // already salted for the desired remote
45 // salted for a different remote, can't be used