caddy/vendor/github.com/jimstudt/http-authentication/basic/sha.go

package basic

import (
	"crypto/sha1"
	"crypto/subtle"
	"encoding/base64"
	"fmt"
	"strings"
)

type shaPassword struct {
	hashed []byte
}

// Accept valid SHA encoded passwords.
func AcceptSha(src string) (EncodedPasswd, error) {
	if !strings.HasPrefix(src, "{SHA}") {
		return nil, nil
	}

	b64 := strings.TrimPrefix(src, "{SHA}")
	hashed, err := base64.StdEncoding.DecodeString(b64)
	if err != nil {
		return nil, fmt.Errorf("Malformed sha1(%s): %s", src, err.Error())
	}
	if len(hashed) != sha1.Size {
		return nil, fmt.Errorf("Malformed sha1(%s): wrong length", src)
	}
	return &shaPassword{hashed}, nil
}

// Reject any password encoded as SHA.
func RejectSha(src string) (EncodedPasswd, error) {
	if !strings.HasPrefix(src, "{SHA}") {
		return nil, nil
	}
	return nil, fmt.Errorf("sha password rejected: %s", src)
}

func (s *shaPassword) MatchesPassword(pw string) bool {
	h := sha1.Sum([]byte(pw))
	return subtle.ConstantTimeCompare(h[:], s.hashed) == 1
}
Vendor all dependencies (Warning: Huge changeset.) The vendor/ folder was created with the help of @FiloSottile's gvt and vendorcheck. Any dependencies of Caddy plugins outside this repo are not vendored. We do not remove any unused, vendored packages because vendorcheck -u only checks using the current build configuration; i.e. packages that may be imported by files toggled by build tags of other systems. CI tests have been updated to ignore the vendor/ folder. When Go 1.9 is released, a few of the go commands should be revised to again use ./... as it will ignore the vendor folder by default. 2017-05-27 14:30:11 -05:00			`package basic`

			`import (`
			`"crypto/sha1"`
			`"crypto/subtle"`
			`"encoding/base64"`
			`"fmt"`
			`"strings"`
			`)`

			`type shaPassword struct {`
			`hashed []byte`
			`}`

			`// Accept valid SHA encoded passwords.`
			`func AcceptSha(src string) (EncodedPasswd, error) {`
			`if !strings.HasPrefix(src, "{SHA}") {`
			`return nil, nil`
			`}`

			`b64 := strings.TrimPrefix(src, "{SHA}")`
			`hashed, err := base64.StdEncoding.DecodeString(b64)`
			`if err != nil {`
			`return nil, fmt.Errorf("Malformed sha1(%s): %s", src, err.Error())`
			`}`
			`if len(hashed) != sha1.Size {`
			`return nil, fmt.Errorf("Malformed sha1(%s): wrong length", src)`
			`}`
			`return &shaPassword{hashed}, nil`
			`}`

			`// Reject any password encoded as SHA.`
			`func RejectSha(src string) (EncodedPasswd, error) {`
			`if !strings.HasPrefix(src, "{SHA}") {`
			`return nil, nil`
			`}`
			`return nil, fmt.Errorf("sha password rejected: %s", src)`
			`}`

			`func (s *shaPassword) MatchesPassword(pw string) bool {`
			`h := sha1.Sum([]byte(pw))`
			`return subtle.ConstantTimeCompare(h[:], s.hashed) == 1`
			`}`