httpsig

package
v1.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 1, 2023 License: MIT Imports: 14 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// Rand is a hookable reader used as a random byte source.
	Rand io.Reader = rand.Reader
)

Functions

func BuildSignatureData

func BuildSignatureData(req *http.Request, headers []string) []byte

BuildSignatureData is a convenience wrapper around BuildSignatureString that returns []byte instead of a string.

func BuildSignatureString

func BuildSignatureString(req *http.Request, headers []string) string

BuildSignatureString constructs a signature string following section 2.3

func HMACSign

func HMACSign(key []byte, hash crypto.Hash, data []byte) ([]byte, error)

HMACSign signs a digest of the data hashed using the provided hash and key.

func HMACVerify

func HMACVerify(key []byte, hash crypto.Hash, data, sig []byte) error

HMACVerify verifies a signed digest of the data hashed using the provided hash and key.

func ParseRsaPrivateKeyFromPemStr

func ParseRsaPrivateKeyFromPemStr(privPEM string) (*rsa.PrivateKey, error)

func RSASign

func RSASign(key *rsa.PrivateKey, hash crypto.Hash, data []byte) (
	signature []byte, err error)

RSASign signs a digest of the data hashed using the provided hash

func RSAVerify

func RSAVerify(key *rsa.PublicKey, hash crypto.Hash, data, sig []byte) (
	err error)

RSAVerify verifies a signed digest of the data hashed using the provided hash

func RequireSignature

func RequireSignature(h http.Handler, v *Verifier, realm string) (
	out http.Handler)

Types

type Algorithm

type Algorithm interface {
	Name() string
	Sign(key interface{}, data []byte) (sig []byte, err error)
	Verify(key interface{}, data, sig []byte) error
}

Algorithm provides methods used to sign/verify signatures.

var HMACSHA256 Algorithm = hmac_sha256{}

HMACSHA256 implements keyed HMAC over SHA256 digests

var RSASHA1 Algorithm = rsa_sha1{}

RSASHA1 implements RSA PKCS1v15 signatures over a SHA1 digest

var RSASHA256 Algorithm = rsa_sha256{}

RSASHA256 implements RSA PKCS1v15 signatures over a SHA256 digest

type KeyGetter

type KeyGetter interface {
	GetKey(id string) interface{}
}

KeyGetter is an interface used by the verifier to retrieve a key stored by key id.

The following types are supported for the specified algorithms: []byte - HMAC signatures *rsa.PublicKey - RSA signatures *rsa.PrivateKey - RSA signatures

Other types will treated as if no key was returned.

type KeyGetterFunc

type KeyGetterFunc func(id string) interface{}

KeyGetterFunc is a convenience type for implementing a KeyGetter with a regular function

func (KeyGetterFunc) GetKey

func (fn KeyGetterFunc) GetKey(id string) interface{}

GetKey calls fn(id)

type MemoryKeyStore

type MemoryKeyStore struct {
	// contains filtered or unexported fields
}

func NewMemoryKeyStore

func NewMemoryKeyStore() *MemoryKeyStore

func (*MemoryKeyStore) GetKey

func (m *MemoryKeyStore) GetKey(id string) interface{}

func (*MemoryKeyStore) SetKey

func (m *MemoryKeyStore) SetKey(id string, key interface{})

type Params

type Params struct {
	KeyId     string
	Algorithm string
	Headers   []string
	Signature []byte
}

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

func NewHMACSHA256Signer

func NewHMACSHA256Signer(id string, key []byte, headers []string) (
	signer *Signer)

NewHMACSHA256Signer contructs a signer with the specified key id, hmac key, and headers to sign.

func NewRSASHA1Signer

func NewRSASHA1Signer(id string, key *rsa.PrivateKey, headers []string) (
	signer *Signer)

NewRSASHA1Signer contructs a signer with the specified key id, rsa private key and headers to sign.

func NewRSASHA256Signer

func NewRSASHA256Signer(id string, key *rsa.PrivateKey, headers []string) (
	signer *Signer)

NewRSASHA256Signer contructs a signer with the specified key id, rsa private key and headers to sign.

func NewSigner

func NewSigner(id string, key interface{}, algo Algorithm, headers []string) (
	signer *Signer)

NewSigner contructs a signer with the specified key id, key, algorithm, and headers to sign. By default, if headers is nil or empty, the request-target and date headers will be signed.

func (*Signer) Sign

func (r *Signer) Sign(req *http.Request) error

Sign signs an http request and adds the signature to the authorization header

type Verifier

type Verifier struct {
	// contains filtered or unexported fields
}

func NewVerifier

func NewVerifier(key_getter KeyGetter) *Verifier

func (*Verifier) RequiredHeaders

func (v *Verifier) RequiredHeaders() []string

func (*Verifier) SetRequiredHeaders

func (v *Verifier) SetRequiredHeaders(headers []string)

func (*Verifier) Verify

func (v *Verifier) Verify(req *http.Request) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL