gcisigner

package

v0.0.0-...-b8194ae Latest Latest Go to latest Published: Nov 22, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/thomasdesr/roast

Links

Open Source Insights

Documentation ¶

Index ¶

type SigV4Signer
- func NewSigner(regionName string, creds aws.CredentialsProvider) (*SigV4Signer, error)
- func (s *SigV4Signer) Sign(ctx context.Context, payload []byte) (*SignedMessage, error)
type SigV4Verifier
- func NewVerifier(validSources SourceVerifier, tr http.RoundTripper) *SigV4Verifier
- func (v *SigV4Verifier) Verify(ctx context.Context, msg *UnverifiedMessage) (*VerifiedMessage, error)
type SignedMessage
type Signer
type SourceVerifier
type UnverifiedMessage
type VerifiedMessage
type Verifier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type SigV4Signer ¶

type SigV4Signer struct {
	// contains filtered or unexported fields
}

SigV4Signer is a `Signer` that uses the provided `aws.CredentialsProvider` to construct a GetCallerIdentity requests using SigV4. `Sign` returns a message that can be send to a `Verifier` for verification.

func NewSigner ¶

func NewSigner(regionName string, creds aws.CredentialsProvider) (*SigV4Signer, error)

func (*SigV4Signer) Sign ¶

func (s *SigV4Signer) Sign(ctx context.Context, payload []byte) (*SignedMessage, error)

Sign takes a payload and returns a `SignedMessage` that can be sent to a another client and probably validated by a `Verifier`.

type SigV4Verifier ¶

type SigV4Verifier struct {
	IsValidSource SourceVerifier
	// contains filtered or unexported fields
}

SigV4Verifier is a Verifier that uses SigV4 signed GetCallerIdentity requests (usually constructed by a `Signer`) to verify the contents of the message and confirms that the source meets the requirements of the `IsValidSource`.

func NewVerifier ¶

func NewVerifier(validSources SourceVerifier, tr http.RoundTripper) *SigV4Verifier

func (*SigV4Verifier) Verify ¶

func (v *SigV4Verifier) Verify(ctx context.Context, msg *UnverifiedMessage) (*VerifiedMessage, error)

type SignedMessage ¶

type SignedMessage struct {
	Body []byte
	Mask []byte

	Region            awsapi.Region
	AmzAuthorization  string
	XAmzSecurityToken string
	XAmzDate          string
}

type Signer ¶

type Signer interface {
	Sign(ctx context.Context, payload []byte) (*SignedMessage, error)
}

type SourceVerifier ¶

type SourceVerifier func(*awsapi.GetCallerIdentityResult) (bool, error)

SourceVerifier is a function that is called when a SigV4Verifier is attempting to determine if a client should be allowed to connect. You can rely on its argument never being null.

type UnverifiedMessage ¶

type UnverifiedMessage SignedMessage

Same as a SignedMessage, but since we're on the read side, we want to make it clear to readers we don't trust its contents yet

type VerifiedMessage ¶

type VerifiedMessage struct {
	Payload        []byte
	CallerIdentity awsapi.GetCallerIdentityResult

	// The original message that was verified
	Raw *SignedMessage
}

type Verifier ¶

type Verifier interface {
	Verify(ctx context.Context, msg *UnverifiedMessage) (*VerifiedMessage, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
awsapi
internal
masker Masker exists to provide a simple way to obfuscate data in a way that will make it much harder for someone using the gcisigner to accidentially bypass the SigV4 signed message verification.	Masker exists to provide a simple way to obfuscate data in a way that will make it much harder for someone using the gcisigner to accidentially bypass the SigV4 signed message verification.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL