turret-io · October 27, 2024 01:40
diff --git a/verify_hmac.go b/verify_hmac.go
 package main

 import (
 	"crypto/hmac"
 	"crypto/sha512"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net/url"
 	"strconv"
 	"time"
 )

 const sharedSecret = "sup3rs3cr3t!!"

 func verifyString(stringToVerify []byte, signature []byte, sharedSecret []byte) bool {
 	h := hmac.New(sha512.New, sharedSecret)
 	h.Write(stringToVerify)
 	calculated := h.Sum(nil)
 	return hmac.Equal(calculated, signature)
 }

 func verifyTime(decodedJSON []byte) (map[string]string, error) {
 	payload := make(map[string]string)
 	err := json.Unmarshal(decodedJSON, &payload)
 	if err != nil {
 		return nil, err
 	}

 	time64, err := strconv.ParseInt(payload["timestamp"], 10, 64)
 	if err != nil {
 		return nil, err
 	}

 	if (time.Now().Unix() - time64) > 30 {
 		return nil, errors.New("Timestamp is too far in the past")
 	}

 	return payload, nil

 }

 func main() {
 	url, err := url.Parse("[QUERYSTRING]")
 	if err != nil {
 		panic(err)
 	}

 	decodedSignature, err := base64.URLEncoding.DecodeString(url.Query().Get("signature"))
 	if err != nil {
 		panic(err)
 	}

 	decodedJSON, err := base64.URLEncoding.DecodeString(url.Query().Get("data"))
 	if err != nil {
 		panic(err)
 	}

 	ok := verifyString(decodedJSON, decodedSignature, []byte(sharedSecret))
 	if ok {
 		fmt.Println("Signature verified")

 		payload, err := verifyTime(decodedJSON)
 		if err != nil {
 			panic(err)
 		}

 		fmt.Println("Payload verified")
 		fmt.Println(payload)

 	} else {
 		fmt.Println("Invalid signature")
 	}
 }
	package main

	import (
	"crypto/hmac"
	"crypto/sha512"
	"encoding/base64"
	"encoding/json"
	"errors"
	"fmt"
	"net/url"
	"strconv"
	"time"
	)

	const sharedSecret = "sup3rs3cr3t!!"

	func verifyString(stringToVerify []byte, signature []byte, sharedSecret []byte) bool {
	h := hmac.New(sha512.New, sharedSecret)
	h.Write(stringToVerify)
	calculated := h.Sum(nil)
	return hmac.Equal(calculated, signature)
	}

	func verifyTime(decodedJSON []byte) (map[string]string, error) {
	payload := make(map[string]string)
	err := json.Unmarshal(decodedJSON, &payload)
	if err != nil {
	return nil, err
	}

	time64, err := strconv.ParseInt(payload["timestamp"], 10, 64)
	if err != nil {
	return nil, err
	}

	if (time.Now().Unix() - time64) > 30 {
	return nil, errors.New("Timestamp is too far in the past")
	}

	return payload, nil

	}

	func main() {
	url, err := url.Parse("[QUERYSTRING]")
	if err != nil {
	panic(err)
	}

	decodedSignature, err := base64.URLEncoding.DecodeString(url.Query().Get("signature"))
	if err != nil {
	panic(err)
	}

	decodedJSON, err := base64.URLEncoding.DecodeString(url.Query().Get("data"))
	if err != nil {
	panic(err)
	}

	ok := verifyString(decodedJSON, decodedSignature, []byte(sharedSecret))
	if ok {
	fmt.Println("Signature verified")

	payload, err := verifyTime(decodedJSON)
	if err != nil {
	panic(err)
	}

	fmt.Println("Payload verified")
	fmt.Println(payload)

	} else {
	fmt.Println("Invalid signature")
	}
	}