Move non-standard security modules back

2024-10-01 19:31:18 -04:00 · 2024-10-01 19:31:18 -04:00 · 38032520fa
commit 38032520fa
parent 2c6c508643
5 changed files with 0 additions and 336 deletions
--- a/authentication/session.go
+++ b/authentication/session.go
@ -1,106 +0,0 @@
 package authentication
 import (
 	"crypto/rand"
 	"fmt"
 	"time"
 	"somehole.com/common/security/identity"
 )
 const (
 	RetryCreateSessionToken = 3
 	MaxSessionAge           = 1 * time.Hour
 )
 type SessionToken [8]byte
 func NewSessionToken() (st SessionToken) {
 	var stBytes = make([]byte, 8)
 	rand.Read(stBytes)
 	st = SessionToken(stBytes)
 	return
 }
 type NextToken [4]byte
 func NewNextToken() (nt NextToken) {
 	var ntBytes = make([]byte, 4)
 	rand.Read(ntBytes)
 	nt = NextToken(ntBytes)
 	return
 }
 type Session struct {
 	identity.Identity
 	nextTokens []NextToken
 	expiration time.Time
 }
 func NewSession(identity identity.Identity) (s *Session) {
 	s = &Session{
 		Identity:   identity,
 		nextTokens: make([]NextToken, 0),
 		expiration: time.Now().Add(MaxSessionAge),
 	}
 	return
 }
 func (s *Session) Active() (ok bool) {
 	ok = time.Now().Before(s.expiration)
 	return
 }
 func (s *Session) NewNextToken() (nt NextToken) {
 	nt = NewNextToken()
 	s.nextTokens = append(s.nextTokens, nt)
 	return
 }
 func (s *Session) NextTokenIsCurrent(nt NextToken) (ok bool) {
 	ok = s.nextTokens[len(s.nextTokens)-1] == nt
 	return
 }
 type SessionService struct {
 	sessions map[SessionToken]*Session
 }
 func NewSessionService() (srv *SessionService) {
 	srv = &SessionService{
 		sessions: make(map[SessionToken]*Session),
 	}
 	return
 }
 func (srv *SessionService) NewSessionToken() (st SessionToken, err error) {
 	for i := 0; i < RetryCreateSessionToken; i++ {
 		st = NewSessionToken()
 		if _, exists := srv.sessions[st]; exists {
 			err = fmt.Errorf("could only creat colliding session tokens in %d tries", RetryCreateSessionToken)
 			continue
 		}
 		err = nil
 		break
 	}
 	return
 }
 func (srv *SessionService) AddSession(st SessionToken, session *Session) (err error) {
 	if _, exists := srv.sessions[st]; exists {
 		err = fmt.Errorf("session already exists")
 		return
 	}
 	srv.sessions[st] = session
 	return
 }
 func (srv *SessionService) GetSession(sessionToken SessionToken) (session *Session, err error) {
 	var exists bool
 	session, exists = srv.sessions[sessionToken]
 	if !exists {
 		err = fmt.Errorf("session not found")
 		return
 	}
 	return
 }
--- a/authorization/audit.go
+++ b/authorization/audit.go
@ -1,22 +0,0 @@
 package authorization
 import (
 	"time"
 	"somehole.com/common/security/identity"
 )
 type record struct {
 	Verb
 	Noun
 	time.Time
 }
 type AuditService struct {
 	records map[identity.Id][]record
 }
 func NewAuditService() (srv *AuditService) {
 	srv = &AuditService{}
 	return
 }
--- a/authorization/authorization.go
+++ b/authorization/authorization.go
@ -1,43 +0,0 @@
 package authorization
 import "somehole.com/common/security/identity"
 type Verb int
 const (
 	_ Verb = iota
 	Create
 	Read
 	Watch
 	Update
 	Patch
 	Delete
 )
 type Noun int
 const (
 	_ Noun = iota
 	Identity
 	Command
 	Log
 )
 type AuthorizationService struct {
 	*AuditService
 }
 func NewAuthorizationService(auditService *AuditService) (srv *AuthorizationService) {
 	if auditService == nil {
 		auditService = NewAuditService()
 	}
 	srv = &AuthorizationService{
 		AuditService: auditService,
 	}
 	return
 }
 func (srv *AuthorizationService) Authorized(identity identity.Identity, verb Verb, noun Noun) (authorized bool, err error) {
 	authorized = true
 	return
 }
--- a/identity/identity.go
+++ b/identity/identity.go
@ -1,120 +0,0 @@
 package identity
 import (
 	"crypto/rand"
 	"encoding/base64"
 	"errors"
 	"fmt"
 	"somehole.com/common/security/signature"
 )
 const (
 	RetryCreateId = 3
 )
 type identity interface {
 	GetId() []byte
 	GetPublicKey() []byte
 	GetPublicKeySignature() []byte
 }
 type Id [8]byte
 func (i Id) String() (out string) {
 	out = base64.StdEncoding.EncodeToString(i[:])
 	return
 }
 type Identity struct {
 	Id                 Id
 	PublicKey          signature.PublicKey
 	PublicKeySignature signature.Signature
 }
 func NewIdentity(ident identity) (i Identity, err error) {
 	id := ident.GetId()
 	if len(id) != 8 {
 		err = errors.New("wrong size id")
 		return
 	}
 	pubKey := ident.GetPublicKey()
 	if len(pubKey) != 96 {
 		err = errors.New("wrong size public key")
 		return
 	}
 	pubKeySig := ident.GetPublicKeySignature()
 	if len(pubKeySig) != 48 {
 		err = errors.New("wrong size public key signature")
 		return
 	}
 	i = Identity{
 		Id:                 Id(id),
 		PublicKey:          signature.PublicKey(pubKey),
 		PublicKeySignature: signature.Signature(pubKeySig),
 	}
 	return
 }
 func (i Identity) String() (out string) {
 	b := make([]byte, 0)
 	b = append(b, i.Id[:]...)
 	b = append(b, i.PublicKey[:]...)
 	b = append(b, i.PublicKeySignature[:]...)
 	out = base64.StdEncoding.EncodeToString(b)
 	return
 }
 func ParseIdentityString(in string) (i Identity, err error) {
 	var b []byte
 	b, err = base64.StdEncoding.DecodeString(in)
 	if err != nil {
 		return
 	}
 	if len(b) != 8+96+48 {
 		err = errors.New("wrong for size identity data in string")
 		return
 	}
 	i = Identity{
 		Id:                 Id(b[0:8]),
 		PublicKey:          signature.PublicKey(b[8:104]),
 		PublicKeySignature: signature.Signature(b[104:152]),
 	}
 	return
 }
 type IdentityService struct {
 	identities map[Id]Identity
 }
 func NewIdentityService() (srv *IdentityService) {
 	srv = &IdentityService{
 		identities: make(map[Id]Identity),
 	}
 	return
 }
 func (srv *IdentityService) NewId() (id Id, err error) {
 	var idBytes = make([]byte, 8)
 	for i := 0; i < RetryCreateId; i++ {
 		rand.Read(idBytes)
 		if _, exists := srv.identities[id]; exists {
 			err = fmt.Errorf("could only creat colliding ids in %d tries", RetryCreateId)
 			continue
 		}
 		id = Id(idBytes)
 		err = nil
 		break
 	}
 	return
 }
 func (srv *IdentityService) AddIdentity(id Id, identity Identity) (err error) {
 	_, exists := srv.identities[id]
 	if exists {
 		err = fmt.Errorf("failed to add identity")
 		return
 	}
 	srv.identities[id] = identity
 	return
 }
--- a/security.go
+++ b/security.go
@ -1,45 +0,0 @@
 package security
 import (
 	"somehole.com/common/security/authentication"
 	"somehole.com/common/security/authorization"
 	"somehole.com/common/security/identity"
 	"somehole.com/common/security/signature"
 )
 type Config struct {
 	Signer signature.Keypair
 }
 type SecurityService struct {
 	config Config
 	*authentication.SessionService
 	*authorization.AuditService
 	*authorization.AuthorizationService
 	*identity.IdentityService
 	*signature.SignatureService
 }
 func NewSecurityService(config ...Config) (srv *SecurityService) {
 	cfg := Config{}
 	if len(config) == 1 {
 		cfg = config[0]
 	}
 	signatureService, err := signature.NewSignatureService(&cfg.Signer)
 	if err != nil {
 		return
 	}
 	identityService := identity.NewIdentityService()
 	sessionService := authentication.NewSessionService()
 	auditService := authorization.NewAuditService()
 	authorizationService := authorization.NewAuthorizationService(auditService)
 	srv = &SecurityService{
 		config:               cfg,
 		SessionService:       sessionService,
 		AuditService:         auditService,
 		AuthorizationService: authorizationService,
 		IdentityService:      identityService,
 		SignatureService:     signatureService,
 	}
 	return
 }