httpsig

package module

v0.0.1 Latest Latest Go to latest Published: Nov 3, 2020 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Implements HTTP request and response signing and verification. Supports the major MAC and asymmetric key signature algorithms. It has several safety restrictions: One, none of the widely known non-cryptographically safe algorithms are permitted; Two, the RSA SHA256 algorithms must be available in the binary (and it should, barring export restrictions); Finally, the library assumes either the 'Authorizationn' or 'Signature' headers are to be set (but not both).

Index ¶

Constants
func NewSSHSigner(s ssh.Signer, dAlgo DigestAlgorithm, headers []string, scheme SignatureScheme, ...) (SSHSigner, Algorithm, error)
func NewSigner(prefs []Algorithm, dAlgo DigestAlgorithm, headers []string, ...) (Signer, Algorithm, error)
type Algorithm
type DigestAlgorithm
type SSHSigner
type SignatureScheme
type Signer
type Verifier
- func NewResponseVerifier(rsp *http.Response) (Verifier, error)
- func NewVerifier(req *http.Request) (verifier Verifier, err error)

Constants ¶

View Source

const (
	RequestTarget = "(request-target)"
)

Variables ¶

This section is empty.

Functions ¶

func NewSSHSigner ¶

func NewSSHSigner(s ssh.Signer, dAlgo DigestAlgorithm, headers []string, scheme SignatureScheme, expiresIn int64) (SSHSigner, Algorithm, error)

func NewSigner ¶

func NewSigner(prefs []Algorithm, dAlgo DigestAlgorithm, headers []string, scheme SignatureScheme, expiresIn int64) (Signer, Algorithm, error)

Types ¶

type Algorithm ¶

type Algorithm string

Algorithm specifies a cryptography secure algorithm for signing HTTP requests and responses.

const (
	// MAC-based algoirthms.
	HMAC_SHA224      Algorithm = hmacPrefix + "-" + sha224String
	HMAC_SHA256      Algorithm = hmacPrefix + "-" + sha256String
	HMAC_SHA384      Algorithm = hmacPrefix + "-" + sha384String
	HMAC_SHA512      Algorithm = hmacPrefix + "-" + sha512String
	HMAC_RIPEMD160   Algorithm = hmacPrefix + "-" + ripemd160String
	HMAC_SHA3_224    Algorithm = hmacPrefix + "-" + sha3_224String
	HMAC_SHA3_256    Algorithm = hmacPrefix + "-" + sha3_256String
	HMAC_SHA3_384    Algorithm = hmacPrefix + "-" + sha3_384String
	HMAC_SHA3_512    Algorithm = hmacPrefix + "-" + sha3_512String
	HMAC_SHA512_224  Algorithm = hmacPrefix + "-" + sha512_224String
	HMAC_SHA512_256  Algorithm = hmacPrefix + "-" + sha512_256String
	HMAC_BLAKE2S_256 Algorithm = hmacPrefix + "-" + blake2s_256String
	HMAC_BLAKE2B_256 Algorithm = hmacPrefix + "-" + blake2b_256String
	HMAC_BLAKE2B_384 Algorithm = hmacPrefix + "-" + blake2b_384String
	HMAC_BLAKE2B_512 Algorithm = hmacPrefix + "-" + blake2b_512String
	BLAKE2S_256      Algorithm = blake2s_256String
	BLAKE2B_256      Algorithm = blake2b_256String
	BLAKE2B_384      Algorithm = blake2b_384String
	BLAKE2B_512      Algorithm = blake2b_512String
	// RSA-based algorithms.
	RSA_SHA1   Algorithm = rsaPrefix + "-" + sha1String
	RSA_SHA224 Algorithm = rsaPrefix + "-" + sha224String
	// RSA_SHA256 is the default algorithm.
	RSA_SHA256    Algorithm = rsaPrefix + "-" + sha256String
	RSA_SHA384    Algorithm = rsaPrefix + "-" + sha384String
	RSA_SHA512    Algorithm = rsaPrefix + "-" + sha512String
	RSA_RIPEMD160 Algorithm = rsaPrefix + "-" + ripemd160String
	// ECDSA algorithms
	ECDSA_SHA224    Algorithm = ecdsaPrefix + "-" + sha224String
	ECDSA_SHA256    Algorithm = ecdsaPrefix + "-" + sha256String
	ECDSA_SHA384    Algorithm = ecdsaPrefix + "-" + sha384String
	ECDSA_SHA512    Algorithm = ecdsaPrefix + "-" + sha512String
	ECDSA_RIPEMD160 Algorithm = ecdsaPrefix + "-" + ripemd160String
	// ED25519 algorithms
	// can only be SHA512
	ED25519 Algorithm = ed25519Prefix
)

type DigestAlgorithm ¶

type DigestAlgorithm string

DigestAlgorithm 算法摘要

const (
	// DigestSha256 SHA 256算法
	DigestSha256 DigestAlgorithm = "SHA-256"
	// DigestSha512 SHA 512算法
	DigestSha512 DigestAlgorithm = "SHA-512"
)

type SSHSigner ¶

type SSHSigner interface {
	// SignRequest 签名请求
	SignRequest(keyId string, req *http.Request, body []byte) (err error)
	// SignResponse 签名响应
	SignResponse(keyId string, rsp http.ResponseWriter, body []byte) (err error)
}

SSHSigner SSH签名接口

type SignatureScheme ¶

type SignatureScheme string

SignatureScheme 签名类型

const (
	// Signature 使用Signature头鉴权方式
	Signature SignatureScheme = "Signature"
	// Authorization 使用Authorization的鉴权方式
	Authorization SignatureScheme = "Authorization"
)

type Signer ¶

type Signer interface {
	// SignRequest 签名请求
	SignRequest(privateKey crypto.PrivateKey, keyId string, req *http.Request, body []byte) (err error)
	// SignResponse 签名响应
	SignResponse(privateKey crypto.PrivateKey, keyId string, rsp http.ResponseWriter, body []byte) (err error)
}

Signer 签名接口

type Verifier ¶

type Verifier interface {
	// KeyId 取得签名的公钥
	KeyId() string

	// Verify 验证签名
	Verify(publicKey crypto.PublicKey, alg Algorithm) (err error)
}

Verifier 签名验证接口

func NewResponseVerifier ¶

func NewResponseVerifier(rsp *http.Response) (Verifier, error)

func NewVerifier ¶

func NewVerifier(req *http.Request) (verifier Verifier, err error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL