github.com/hashicorp/vault/sdk@v0.11.0/helper/roottoken/decode.go

github.com/hashicorp/vault/sdk@v0.11.0/helper/roottoken/decode.go (about)

     1  // Copyright (c) HashiCorp, Inc.
     2  // SPDX-License-Identifier: MPL-2.0
     3  
     4  package roottoken
     5  
     6  import (
     7  	"encoding/base64"
     8  	"fmt"
     9  	"strings"
    10  
    11  	uuid "github.com/hashicorp/go-uuid"
    12  	"github.com/hashicorp/vault/sdk/helper/xor"
    13  )
    14  
    15  // DecodeToken will decode the root token returned by the Vault API
    16  // The algorithm was initially used in the generate root command
    17  func DecodeToken(encoded, otp string, otpLength int) (string, error) {
    18  	switch otpLength {
    19  	case 0:
    20  		// Backwards compat
    21  		tokenBytes, err := xor.XORBase64(encoded, otp)
    22  		if err != nil {
    23  			return "", fmt.Errorf("error xoring token: %s", err)
    24  		}
    25  
    26  		uuidToken, err := uuid.FormatUUID(tokenBytes)
    27  		if err != nil {
    28  			return "", fmt.Errorf("error formatting base64 token value: %s", err)
    29  		}
    30  		return strings.TrimSpace(uuidToken), nil
    31  	default:
    32  		tokenBytes, err := base64.RawStdEncoding.DecodeString(encoded)
    33  		if err != nil {
    34  			return "", fmt.Errorf("error decoding base64'd token: %v", err)
    35  		}
    36  
    37  		tokenBytes, err = xor.XORBytes(tokenBytes, []byte(otp))
    38  		if err != nil {
    39  			return "", fmt.Errorf("error xoring token: %v", err)
    40  		}
    41  		return string(tokenBytes), nil
    42  	}
    43  }