From 0240f9430de9ced956e686ac7795698ef8b7af08 Mon Sep 17 00:00:00 2001
From: Richard Gee <richard@technologee.co.uk>
Date: Thu, 28 Oct 2021 20:45:33 +0100
Subject: [PATCH] Make use of v2 of the hmac module

Signed-off-by: Richard Gee <richard@technologee.co.uk>
---
 go.mod                                        |  2 +-
 go.sum                                        |  4 +-
 main.go                                       |  2 +-
 vendor/github.com/alexellis/hmac/go.mod       |  3 -
 vendor/github.com/alexellis/hmac/pkg.go       | 58 ----------------
 .../alexellis/hmac/{ => v2}/LICENSE           |  0
 .../alexellis/hmac/{ => v2}/README.md         | 13 +++-
 vendor/github.com/alexellis/hmac/v2/go.mod    |  3 +
 vendor/github.com/alexellis/hmac/v2/pkg.go    | 67 +++++++++++++++++++
 vendor/modules.txt                            |  4 +-
 10 files changed, 88 insertions(+), 68 deletions(-)
 delete mode 100644 vendor/github.com/alexellis/hmac/go.mod
 delete mode 100644 vendor/github.com/alexellis/hmac/pkg.go
 rename vendor/github.com/alexellis/hmac/{ => v2}/LICENSE (100%)
 rename vendor/github.com/alexellis/hmac/{ => v2}/README.md (66%)
 create mode 100644 vendor/github.com/alexellis/hmac/v2/go.mod
 create mode 100644 vendor/github.com/alexellis/hmac/v2/pkg.go

diff --git a/go.mod b/go.mod
index 3c4dc19..6e7ff20 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/alexellis/derek
 go 1.15
 
 require (
-	github.com/alexellis/hmac v1.3.0
+	github.com/alexellis/hmac/v2 v2.0.0
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/google/go-github v17.0.0+incompatible
 	github.com/google/go-querystring v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index 26d04fb..c58e02f 100644
--- a/go.sum
+++ b/go.sum
@@ -33,8 +33,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/alexellis/hmac v1.3.0 h1:DJl5wfuhwj2IjG9XRXzPY6bHZYrwrARFTotpxX3KS08=
-github.com/alexellis/hmac v1.3.0/go.mod h1:WmZwlIfB7EQaDuiScnQoMSs3K+1UalW/7ExXP3Cc2zU=
+github.com/alexellis/hmac/v2 v2.0.0 h1:/sH/UJxDXPpJorUeg2DudeKSeUrWPF32Yamw2TiDoOQ=
+github.com/alexellis/hmac/v2 v2.0.0/go.mod h1:O7hZZgTfh5fp5+vAamzodZPlbw+aQK+nnrrJNHsEvL0=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
diff --git a/main.go b/main.go
index ec78946..2695402 100644
--- a/main.go
+++ b/main.go
@@ -19,7 +19,7 @@ import (
 	"github.com/alexellis/derek/handler"
 
 	"github.com/alexellis/derek/types"
-	"github.com/alexellis/hmac"
+	"github.com/alexellis/hmac/v2"
 )
 
 const (
diff --git a/vendor/github.com/alexellis/hmac/go.mod b/vendor/github.com/alexellis/hmac/go.mod
deleted file mode 100644
index 615f3b8..0000000
--- a/vendor/github.com/alexellis/hmac/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/alexellis/hmac
-
-go 1.16
diff --git a/vendor/github.com/alexellis/hmac/pkg.go b/vendor/github.com/alexellis/hmac/pkg.go
deleted file mode 100644
index e10a374..0000000
--- a/vendor/github.com/alexellis/hmac/pkg.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package hmac
-
-import (
-	"crypto/hmac"
-	"crypto/sha1"
-	"encoding/hex"
-	"fmt"
-)
-
-// CheckMAC verifies hash checksum
-func CheckMAC(message, messageMAC, key []byte) bool {
-	mac := hmac.New(sha1.New, key)
-	mac.Write(message)
-	expectedMAC := mac.Sum(nil)
-
-	return hmac.Equal(messageMAC, expectedMAC)
-}
-
-// Sign a message with the key and return bytes.
-// Note: for human readable output see encoding/hex and
-// encode string functions.
-func Sign(message, key []byte) []byte {
-	mac := hmac.New(sha1.New, key)
-	mac.Write(message)
-	signed := mac.Sum(nil)
-	return signed
-}
-
-// Validate validate an encodedHash taken
-// from GitHub via X-Hub-Signature HTTP Header.
-// Note: if using another source, just add a 5 letter prefix such as "sha1="
-func Validate(bytesIn []byte, encodedHash string, secretKey string) error {
-	var validated error
-
-	if len(encodedHash) > 5 {
-
-		hashingMethod := encodedHash[:5]
-		if hashingMethod != "sha1=" {
-			return fmt.Errorf("unexpected hashing method: %s", hashingMethod)
-		}
-
-		messageMAC := encodedHash[5:] // first few chars are: sha1=
-		messageMACBuf, _ := hex.DecodeString(messageMAC)
-
-		res := CheckMAC(bytesIn, []byte(messageMACBuf), []byte(secretKey))
-		if res == false {
-			validated = fmt.Errorf("invalid message digest or secret")
-		}
-	} else {
-		return fmt.Errorf("invalid encodedHash, should have at least 5 characters")
-	}
-
-	return validated
-}
-
-func init() {
-
-}
diff --git a/vendor/github.com/alexellis/hmac/LICENSE b/vendor/github.com/alexellis/hmac/v2/LICENSE
similarity index 100%
rename from vendor/github.com/alexellis/hmac/LICENSE
rename to vendor/github.com/alexellis/hmac/v2/LICENSE
diff --git a/vendor/github.com/alexellis/hmac/README.md b/vendor/github.com/alexellis/hmac/v2/README.md
similarity index 66%
rename from vendor/github.com/alexellis/hmac/README.md
rename to vendor/github.com/alexellis/hmac/v2/README.md
index e190b39..80a923e 100644
--- a/vendor/github.com/alexellis/hmac/README.md
+++ b/vendor/github.com/alexellis/hmac/v2/README.md
@@ -2,10 +2,21 @@
 
 Validate HMAC in Golang.
 
-## Who uses it?
+## Who uses it HMAC?
 
 [GitHub](https://developer.github.com/webhooks/securing/), Patreon and some other parties will use HMAC signing with their outgoing webhooks so that you can verify the webhook is from the expected sender.
 
+## Who uses this project?
+
+A few of the notable dependents on this package, but there are many more:
+
+* [alexellis/derek](https://github.com/alexellis/derek/)
+* [openfaas/faas-cli](https://github.com/openfaas/faas-cli)
+* [openfaas/openfaas-cloud](https://github.com/openfaas/openfaas-cloud/)
+* [crossplane/tbs](https://github.com/crossplane/tbs)
+* [Qolzam/telar-cli](https://github.com/Qolzam/telar-cli)
+* [s8sg/faas-flow](https://github.com/s8sg/faas-flow)
+
 ## How it works:
 
 HMAC uses a symmetric key that both sender/receiver share ahead of time. The sender will generate a hash when wanting to transmit a message - this data is sent along with the payload. The recipient will then sign payload with the shared key and if the hash matches then the payload is assumed to be from the sender.
diff --git a/vendor/github.com/alexellis/hmac/v2/go.mod b/vendor/github.com/alexellis/hmac/v2/go.mod
new file mode 100644
index 0000000..d57cdc7
--- /dev/null
+++ b/vendor/github.com/alexellis/hmac/v2/go.mod
@@ -0,0 +1,3 @@
+module github.com/alexellis/hmac/v2
+
+go 1.16
diff --git a/vendor/github.com/alexellis/hmac/v2/pkg.go b/vendor/github.com/alexellis/hmac/v2/pkg.go
new file mode 100644
index 0000000..5e6782b
--- /dev/null
+++ b/vendor/github.com/alexellis/hmac/v2/pkg.go
@@ -0,0 +1,67 @@
+package hmac
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"hash"
+	"strings"
+)
+
+// CheckMAC verifies hash checksum
+func CheckMAC(message, messageMAC, key []byte, sha func() hash.Hash) bool {
+	mac := hmac.New(sha, key)
+	mac.Write(message)
+	expectedMAC := mac.Sum(nil)
+
+	return hmac.Equal(messageMAC, expectedMAC)
+}
+
+// Sign a message with the key and return bytes.
+// Note: for human readable output see encoding/hex and
+// encode string functions.
+func Sign(message, key []byte, sha func() hash.Hash) []byte {
+	mac := hmac.New(sha, key)
+	mac.Write(message)
+	signed := mac.Sum(nil)
+	return signed
+}
+
+// Validate validate an encodedHash taken
+// from GitHub via X-Hub-Signature HTTP Header.
+// Note: if using another source, just add a 5 letter prefix such as "sha1="
+func Validate(bytesIn []byte, encodedHash string, secretKey string) error {
+	var validated error
+
+	var hashFn func() hash.Hash
+	var payload string
+
+	if strings.HasPrefix(encodedHash, "sha1=") {
+		payload = strings.TrimPrefix(encodedHash, "sha1=")
+
+		hashFn = sha1.New
+
+	} else if strings.HasPrefix(encodedHash, "sha256=") {
+		payload = strings.TrimPrefix(encodedHash, "sha256=")
+
+		hashFn = sha256.New
+	} else {
+		return fmt.Errorf("valid hash prefixes: [sha1=, sha256=], got: %s", encodedHash)
+	}
+
+	messageMAC := payload
+	messageMACBuf, _ := hex.DecodeString(messageMAC)
+
+	res := CheckMAC(bytesIn, []byte(messageMACBuf), []byte(secretKey), hashFn)
+	if !res {
+		validated = fmt.Errorf("invalid message digest or secret")
+	}
+
+	return validated
+}
+
+func init() {
+
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index f1b78d3..466a587 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,6 +1,6 @@
-# github.com/alexellis/hmac v1.3.0
+# github.com/alexellis/hmac/v2 v2.0.0
 ## explicit
-github.com/alexellis/hmac
+github.com/alexellis/hmac/v2
 # github.com/dgrijalva/jwt-go v3.2.0+incompatible
 ## explicit
 github.com/dgrijalva/jwt-go