httpsig

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 7, 2022 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type KeyResolver

type KeyResolver struct {
	// contains filtered or unexported fields
}

KeyResolver resolves the public key for an ActivityPub actor.

func NewKeyResolver

func NewKeyResolver(actorRetriever actorRetriever) *KeyResolver

NewKeyResolver returns a new KeyResolver.

func (*KeyResolver) Resolve

func (r *KeyResolver) Resolve(keyID string) (*ariesverifier.PublicKey, error)

Resolve returns the public key for the given key ID.

type SecretRetriever

type SecretRetriever struct{}

SecretRetriever implements a custom key retriever to be used with the HTTP signature library.

func (*SecretRetriever) Get

func (r *SecretRetriever) Get(keyID string) (httpsig.Secret, error)

Get returns a 'secret' that directs the HTTP signature library to use the custom SignatureHashAlgorithm above.

type SignatureHashAlgorithm

type SignatureHashAlgorithm struct {
	Crypto crypto
	KMS    keyManager
	// contains filtered or unexported fields
}

SignatureHashAlgorithm is a custom httpsignatures.SignatureHashAlgorithm that uses KMS to sign HTTP requests.

func NewSignerAlgorithm

func NewSignerAlgorithm(c crypto, km keyManager, keyID string) *SignatureHashAlgorithm

NewSignerAlgorithm returns a new SignatureHashAlgorithm which uses KMS to sign HTTP requests.

func NewVerifierAlgorithm

func NewVerifierAlgorithm(c crypto, km keyManager, keyResolver keyResolver) *SignatureHashAlgorithm

NewVerifierAlgorithm returns a new SignatureHashAlgorithm which is used to verify the signature in the HTTP request header.

func (*SignatureHashAlgorithm) Algorithm

func (a *SignatureHashAlgorithm) Algorithm() string

Algorithm returns this algorithm's name.

func (*SignatureHashAlgorithm) Create

func (a *SignatureHashAlgorithm) Create(secret httpsig.Secret, data []byte) ([]byte, error)

Create signs data with the secret.

func (*SignatureHashAlgorithm) Verify

func (a *SignatureHashAlgorithm) Verify(secret httpsig.Secret, data, signature []byte) error

Verify verifies the signature over data with the secret.

type Signer

type Signer struct {
	SignerConfig
	// contains filtered or unexported fields
}

Signer signs HTTP requests.

func NewSigner

func NewSigner(cfg SignerConfig, cr crypto, km keyManager, keyID string) *Signer

NewSigner returns a new signer.

func (*Signer) SignRequest

func (s *Signer) SignRequest(pubKeyID string, req *http.Request) error

SignRequest signs an HTTP request.

type SignerConfig

type SignerConfig struct {
	Headers []string
}

SignerConfig contains the configuration for signing HTTP requests.

func DefaultGetSignerConfig

func DefaultGetSignerConfig() SignerConfig

DefaultGetSignerConfig returns the default configuration for signing HTTP GET requests.

func DefaultPostSignerConfig

func DefaultPostSignerConfig() SignerConfig

DefaultPostSignerConfig returns the default configuration for signing HTTP POST requests.

type Verifier

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier verifies signatures of HTTP requests.

func NewVerifier

func NewVerifier(actorRetriever actorRetriever, cr crypto, km keyManager) *Verifier

NewVerifier returns a new HTTP signature verifier.

func (*Verifier) VerifyRequest

func (v *Verifier) VerifyRequest(req *http.Request) (bool, *url.URL, error)

VerifyRequest verifies the following: - HTTP signature on the request. - Ensures that the key ID in the request header is owned by the actor.

Returns: - true if the signature was successfully verified, otherwise false. - Actor IRI if the signature was successfully verified. - An error if the signature could not be verified due to server error.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL