httpsignature-proxy

command module

v1.3.9 Latest Latest Go to latest Published: Nov 6, 2023 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/upvestco/httpsignature-proxy

Links

Open Source Insights

README ¶

httpsignature-proxy

Localhost HTTP Signatures proxy.

The Upvest Investment API requires you to use HTTP Signatures for extra layer of security to verify the call is coming from a real tenant as well as ensure the request hasn't been tampered with on the way.

This is good for security but can be cumbersome while developing. That's why this tool exists. You run it locally on your dev machine and use the localhost port in your Postman, Insomnia, etc. tool to make your calls to the Upvest Sandbox.

Installation

You can download the binaries from the Releases-page

OR

You can install it from Homebrew:

brew tap upvestco/httpsignature-proxy
brew install httpsignature-proxy

Building locally

git clone https://github.com/upvestco/httpsignature-proxy.git
make

Usage

$ ./httpsignature-proxy start --help
Starts the proxy on localhost for signing HTTP-requests

Usage:
  httpsignature-proxy start [flags]

Flags:
  -h, --help                          help for start
  -p, --port int                      port to start server
  -v  --verbose-mode bool             enables verbose mode for proxy
  -f, --private-key string            filename of the private key file
  -P, --private-key-password string   password of the private key
  -s, --server-base-url string        server base URL to pipe the requests to
  -i, --key-id string                 key id for specified private key
  -c, --client-id string              client id for specified private key

Global Flags:
      --config string   config file (default is $HOME/.httpsignature-proxy.yaml)

Key generation

Upvest Investment API supports ECDSA and ed25519 types of private/public key pair.

Generate ECDSA key pair

To generate private key which can be used with http proxy use this command:

openssl ecparam -name prime256v1 -genkey -noout -out ./ec-priv-key.pem

After that you need to encrypt your key with the password:

openssl ec -in ./ec-priv-key.pem -out ./ec-encr-priv-key.pem -aes256

Remove unused key:

rm ./ec-priv-key.pem

Extract public key from private:

openssl ec -in ./ec-encr-priv-key.pem -pubout > ec-pub-key.pem

Generated key should be in PEM format. You can see an example in private_key_example.ppk (password:123456)

Please note that the httpsignature-proxy is designed to use ECDSA key only.

Generate ed25519 key pair

OSx does not support the native generation of ed25519 private/public key pair. You can use this way of generation only on OS Unix based systems.

Generate private ed25519 key:

openssl genpkey -algorithm ed25519 -outform PEM -out ed25519.pem

Extract public key from private:

openssl pkey -outform DER -pubout -in ed25519.pem | tail -c +13 | \
openssl base64 > ed25519.pub

Please note that the httpsignature-proxy does not support es25519 key type. Despite the fact that httpsignature-proxy supports not protected by password private keys, we strongly recommend to use only keys with password.

Configuration

You can configure your proxy in a few different ways:

Passing in all config as command-line arguments
Specifying a configuration file to use
Exposing the config in environment variables

Config-file

You can use a config-file .httpsignature-proxy.yaml to collect your config without having to pass it in via command line arguments. Config-file support more than one private key.

Please see .httpsignature-proxy.sample for reference.

Example of usage

You can do a test request with the sample config. To do it you should:

Rename .httpsignature-proxy.sample to httpsignature-proxy.yaml
Start signature proxy:

./httpsignature-proxy --config ./httpsignature-proxy.yaml start

Do a request:

curl -X GET "http://localhost:3000/headers" -H "accept: application/json"

Authors

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
config
service
runtime
signer
signer/logger
signer/material
signer/request
signer/schema

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL