2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2021-12-01 13:05:49 +00:00
|
|
|
package roottoken
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/hashicorp/vault/sdk/helper/xor"
|
|
|
|
)
|
|
|
|
|
|
|
|
// EncodeToken gets a token and an OTP and encodes the token.
|
|
|
|
// The OTP must have the same length as the token.
|
|
|
|
func EncodeToken(token, otp string) (string, error) {
|
|
|
|
if len(token) == 0 {
|
|
|
|
return "", fmt.Errorf("no token provided")
|
|
|
|
} else if len(otp) == 0 {
|
|
|
|
return "", fmt.Errorf("no otp provided")
|
|
|
|
}
|
|
|
|
|
|
|
|
// This function performs decoding checks so rather than decode the OTP,
|
|
|
|
// just encode the value we're passing in.
|
|
|
|
tokenBytes, err := xor.XORBytes([]byte(otp), []byte(token))
|
|
|
|
if err != nil {
|
|
|
|
return "", fmt.Errorf("xor of root token failed: %w", err)
|
|
|
|
}
|
|
|
|
return base64.RawStdEncoding.EncodeToString(tokenBytes), nil
|
|
|
|
}
|