46 lines
1.6 KiB
Go
46 lines
1.6 KiB
Go
package licensing
|
|
|
|
import (
|
|
"errors"
|
|
|
|
"github.com/yuanyuanxiang/SimpleRemoter/server/go/protocol"
|
|
)
|
|
|
|
// LocalSigner signs directly with the deployment's HMAC master key. The
|
|
// operator's own Go server runs in this mode; it also serves as License
|
|
// Server for any RemoteSigner customer deployments (LicenseServer in
|
|
// server.go reuses the same Signer instance via its public Sign() method).
|
|
//
|
|
// Sign is HMAC-SHA256 in microseconds — no I/O, no caching needed.
|
|
type LocalSigner struct {
|
|
masterKey string
|
|
}
|
|
|
|
// minMasterKeyLen rejects obviously-broken HMAC keys (empty string, "x").
|
|
// Real keys are typically `openssl rand -hex 32` (64 chars); 16 bytes is
|
|
// the floor we'll accept to catch fat-finger configs without being too
|
|
// strict for tests.
|
|
const minMasterKeyLen = 16
|
|
|
|
// NewLocal returns a LocalSigner. An empty or too-short masterKey is a
|
|
// configuration bug — silently accepting it would produce stable but
|
|
// worthless HMAC output, so we reject at construction.
|
|
func NewLocal(masterKey string) (*LocalSigner, error) {
|
|
if masterKey == "" {
|
|
return nil, errors.New("LocalSigner: master HMAC key is empty (set YAMA_SIGN_PASSWORD)")
|
|
}
|
|
if len(masterKey) < minMasterKeyLen {
|
|
return nil, errors.New("LocalSigner: master HMAC key too short (need >= 16 chars)")
|
|
}
|
|
return &LocalSigner{masterKey: masterKey}, nil
|
|
}
|
|
|
|
func (l *LocalSigner) Sign(startTime, clientID string) (string, error) {
|
|
msg := startTime + "|" + clientID
|
|
return protocol.SignMessage(l.masterKey, []byte(msg)), nil
|
|
}
|
|
|
|
func (l *LocalSigner) Mode() string { return "local" }
|
|
|
|
func (l *LocalSigner) Close() error { return nil }
|