github.com/mysteriumnetwork/node@v0.0.0-20240516044423-365054f76801/tequilapi/pkce/pkce.go

github.com/mysteriumnetwork/node@v0.0.0-20240516044423-365054f76801/tequilapi/pkce/pkce.go (about)

     1  /*
     2   * Copyright (C) 2023 The "MysteriumNetwork/node" Authors.
     3   *
     4   * This program is free software: you can redistribute it and/or modify
     5   * it under the terms of the GNU General Public License as published by
     6   * the Free Software Foundation, either version 3 of the License, or
     7   * (at your option) any later version.
     8   *
     9   * This program is distributed in the hope that it will be useful,
    10   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    11   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12   * GNU General Public License for more details.
    13   *
    14   * You should have received a copy of the GNU General Public License
    15   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    16   */
    17  
    18  package pkce
    19  
    20  import (
    21  	"crypto/rand"
    22  	"crypto/sha256"
    23  	"encoding/base64"
    24  	"fmt"
    25  	"io"
    26  
    27  	"github.com/pkg/errors"
    28  )
    29  
    30  // Info contains codeVerifier and codeChallenge
    31  type Info struct {
    32  	CodeVerifier  string
    33  	CodeChallenge string
    34  }
    35  
    36  // Base64URLCodeVerifier encode to base64url for transport
    37  func (info Info) Base64URLCodeVerifier() string {
    38  	return base64.RawURLEncoding.EncodeToString([]byte(info.CodeVerifier))
    39  }
    40  
    41  // New returns a new set of codeVerifier and codeChallenge
    42  // https://www.rfc-editor.org/rfc/rfc7636
    43  func New(l uint) (Info, error) {
    44  	verifier, err := CodeVerifier(l)
    45  	if err != nil {
    46  		return Info{}, err
    47  	}
    48  
    49  	challenge := ChallengeSHA256(verifier)
    50  
    51  	return Info{
    52  		CodeVerifier:  verifier,
    53  		CodeChallenge: challenge,
    54  	}, nil
    55  }
    56  
    57  // CodeVerifier creates a codeVerifier
    58  // https://www.rfc-editor.org/rfc/rfc7636#section-4.1
    59  // using rand.Reader code verifier is generated from subset of [A-Z] / [a-z] / [0-9]
    60  func CodeVerifier(l uint) (string, error) {
    61  	if l < 43 || l > 128 {
    62  		return "", errors.New("l must be between [43;128]")
    63  	}
    64  
    65  	buf := make([]byte, l)
    66  	if _, err := io.ReadFull(rand.Reader, buf[:]); err != nil {
    67  		return "", fmt.Errorf("could not generate PKCE code: %w", err)
    68  	}
    69  
    70  	return string(buf[:]), nil
    71  }
    72  
    73  // ChallengeSHA256 generate codeChallenge from codeVerifier using sha256
    74  // also encodes it base64
    75  // https://www.rfc-editor.org/rfc/rfc7636#section-4.2
    76  func ChallengeSHA256(verifier string) string {
    77  	shaBytes := sha256.Sum256([]byte(verifier))
    78  	return base64.RawURLEncoding.EncodeToString(shaBytes[:])
    79  }