5 лет назад · 5941f0674a
--- a/mtglib/secret.go
+++ b/mtglib/secret.go
@@ -5,13 +5,12 @@ import (
 
				
				 	"encoding/base64"
			
 
				
				 	"encoding/hex"
			
 
				
				 	"fmt"
			
 
				
				-	"strings"
			
 
				
				 )
			
 
				
				 
			
 
				
				 const (
			
 
				
				 	SecretKeyLength = 16
			
 
				
				 
			
 
				
				-	secretFakeTLSFirstByte byte = 238
			
 
				
				+	secretFakeTLSFirstByte byte = 0xee
			
 
				
				 )
			
 
				
				 
			
 
				
				 var secretEmptyKey [SecretKeyLength]byte
			
@@ -35,31 +34,26 @@ func (s *Secret) UnmarshalText(data []byte) error {
 
				
				 		return ErrSecretEmpty
			
 
				
				 	}
			
 
				
				 
			
 
				
				-	var (
			
 
				
				-		decoded []byte
			
 
				
				-		err     error
			
 
				
				-	)
			
 
				
				-
			
 
				
				-	if strings.HasPrefix(text, "ee") {
			
 
				
				-		decoded, err = hex.DecodeString(strings.TrimPrefix(text, "ee"))
			
 
				
				-	}
			
 
				
				-
			
 
				
				-	if err != nil || len(decoded) <= SecretKeyLength {
			
 
				
				+	decoded, err := hex.DecodeString(text)
			
 
				
				+	if err != nil {
			
 
				
				 		decoded, err = base64.RawURLEncoding.DecodeString(text)
			
 
				
				+	}
			
 
				
				 
			
 
				
				-		if err != nil {
			
 
				
				-			return fmt.Errorf("incorrect secret format: %w", err)
			
 
				
				-		}
			
 
				
				+	if err != nil {
			
 
				
				+		return fmt.Errorf("incorrect secret format: %w", err)
			
 
				
				+	}
			
 
				
				 
			
 
				
				-		if len(decoded) <= SecretKeyLength {
			
 
				
				-			return fmt.Errorf("secret has incorrect length %d", len(text))
			
 
				
				-		}
			
 
				
				+	if len(decoded) < 2 { // nolint: gomnd // we need at least 1 byte here
			
 
				
				+		return fmt.Errorf("secret is truncated, length=%d", len(decoded))
			
 
				
				+	}
			
 
				
				 
			
 
				
				-		if decoded[0] != secretFakeTLSFirstByte {
			
 
				
				-			return fmt.Errorf("incorrect first byte: %v", decoded[0])
			
 
				
				-		}
			
 
				
				+	if decoded[0] != secretFakeTLSFirstByte {
			
 
				
				+		return fmt.Errorf("incorrect first byte of secret: %#x", decoded[0])
			
 
				
				+	}
			
 
				
				 
			
 
				
				-		decoded = decoded[1:]
			
 
				
				+	decoded = decoded[1:]
			
 
				
				+	if len(decoded) < SecretKeyLength {
			
 
				
				+		return fmt.Errorf("secret has incorrect length %d", len(decoded))
			
 
				
				 	}
			
 
				
				 
			
 
				
				 	copy(s.Key[:], decoded[:SecretKeyLength])
			
--- a/mtglib/secret_test.go
+++ b/mtglib/secret_test.go
@@ -45,8 +45,14 @@ func (suite *SecretTestSuite) TestParseSecret() {
 
				
				 }
			
 
				
				 
			
 
				
				 func (suite *SecretTestSuite) TestSerialize() {
			
 
				
				+	s := mtglib.Secret{}
			
 
				
				+
			
 
				
				+	data, err := s.MarshalText()
			
 
				
				+	suite.NoError(err)
			
 
				
				+	suite.Empty(data)
			
 
				
				+
			
 
				
				 	secretData, _ := hex.DecodeString("d11c6cbbd9efe7fed5bc0db220b09665")
			
 
				
				-	s := mtglib.Secret{
			
 
				
				+	s = mtglib.Secret{
			
 
				
				 		Host: "google.com",
			
 
				
				 	}
			
 
				
				 
			
@@ -77,6 +83,10 @@ func (suite *SecretTestSuite) TestIncorrectSecret() {
 
				
				 		"+ueJ0q91t5XOnFYP8Xac3A",
			
 
				
				 		"eed11c6cbbd9efe7fed5bc0db220b09665",
			
 
				
				 		"ed11c6cbbd9efe7fed5bc0db220b09665",
			
 
				
				+		"",
			
 
				
				+		"+**",
			
 
				
				+		"ee",
			
 
				
				+		"efd11c6cbbd9efe7fed5bc0db220b09665",
			
 
				
				 	}
			
 
				
				 
			
 
				
				 	for _, v := range testData {