package arvados
import (
+ "bytes"
"crypto/hmac"
"crypto/sha1"
"errors"
"fmt"
"regexp"
"strconv"
- "strings"
"time"
)
// makePermSignature generates a SHA-1 HMAC digest for the given blob,
// token, expiry, and site secret.
-func makePermSignature(blobHash, apiToken, expiry, blobSignatureTTL string, permissionSecret []byte) string {
+func makePermSignature(blobHash []byte, apiToken, expiry, blobSignatureTTL string, permissionSecret []byte) string {
hmac := hmac.New(sha1.New, permissionSecret)
- hmac.Write([]byte(blobHash))
+ hmac.Write(blobHash)
hmac.Write([]byte("@"))
hmac.Write([]byte(apiToken))
hmac.Write([]byte("@"))
return blobLocator
}
// Strip off all hints: only the hash is used to sign.
- blobHash := strings.Split(blobLocator, "+")[0]
+ blobHash := []byte(blobLocator)
+ if hints := bytes.IndexRune(blobHash, '+'); hints > 0 {
+ blobHash = blobHash[:hints]
+ }
timestampHex := fmt.Sprintf("%08x", expiry.Unix())
blobSignatureTTLHex := strconv.FormatInt(int64(blobSignatureTTL.Seconds()), 16)
return blobLocator +
if matches == nil {
return ErrSignatureMissing
}
- blobHash := matches[1]
+ blobHash := []byte(matches[1])
signatureHex := matches[6]
expiryHex := matches[7]
if expiryTime, err := parseHexTimestamp(expiryHex); err != nil {
type BlobSignatureSuite struct{}
+func (s *BlobSignatureSuite) BenchmarkSignManifest(c *check.C) {
+ DebugLocksPanicMode = false
+ ts, err := parseHexTimestamp(knownTimestamp)
+ c.Check(err, check.IsNil)
+ c.Logf("test manifest is %d bytes", len(bigmanifest))
+ for i := 0; i < c.N; i++ {
+ m := SignManifest(bigmanifest, knownToken, ts, blobSignatureTTL, []byte(knownKey))
+ c.Check(m, check.Not(check.Equals), "")
+ }
+}
+
func (s *BlobSignatureSuite) TestSignLocator(c *check.C) {
ts, err := parseHexTimestamp(knownTimestamp)
c.Check(err, check.IsNil)