rsa_signingservice

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

README

Signing Service

The type rsa-signingservice forwards the signing to a signing server. The calculated digest is sent as signing request together with the used hash algorithm

The URL of the signing service is passed YAML document instead of a private key.

It must has the field url with the desired server address.

The required credentials are taken from the credentials context using the consumer id Signingserver.gardener.cloud. If uses a hostpath matcher using the identity attrutes scheme, hostname, port and pathprefix derived from the given server URL.

The expected credential properties are:

  • clientCert: the client certificate used as TLS certificate and to authenticate the caller.
  • privateKey: the private key for the client certificate.
  • caCerts: the CA used to validate the identity of the signining server.

Documentation

Index

Constants

View Source 
const (
	AcceptHeader = "Accept"

	// MediaTypePEM defines the media type for PEM formatted data.
	MediaTypePEM = "application/x-pem-file"
)
View Source 
const (
	CONSUMER_TYPE = "Signingserver.gardener.cloud"

	ID_HOSTNAME   = hostpath.ID_HOSTNAME
	ID_PORT       = hostpath.ID_PORT
	ID_PATHPREFIX = hostpath.ID_PATHPREFIX
	ID_SCHEME     = hostpath.ID_SCHEME

	ATTR_CLIENT_CERT = "clientCert"
	ATTR_PRIVATE_KEY = "privateKey"
	ATTR_CA_CERTS    = "caCerts"
)
View Source 
const (
	Algorithm = rsa.Algorithm
	Name      = "rsa-signingservice"
)

Algorithm defines the type for the RSA PKCS #1 v1.5 signature algorithm.

View Source 
const SignaturePEMBlockAlgorithmHeader = "Algorithm"

SignaturePEMBlockAlgorithmHeader defines the header in a signature pem block where the signature algorithm is defined.

Variables

This section is empty.

Functions

func NewHandler added in v0.7.0 

func NewHandler() signing.Signer

func NewHandlerFor added in v0.7.0 

func NewHandlerFor(algo string) signing.Signer

Types

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler is a signatures.Signer compatible struct to sign with RSASSA-PKCS1-V1_5. using a signature service.

func (*Handler) Algorithm 

func (h *Handler) Algorithm() string

func (*Handler) Sign 

func (h *Handler) Sign(cctx credentials.Context, digest string, sctx signing.SigningContext) (signature *signing.Signature, err error)

type Key 

type Key struct {
	URL string `json:"url"`
}

func PrivateKey 

func PrivateKey(k interface{}) (*Key, error)

type SigningServerSigner 

type SigningServerSigner struct {
	ServerURL *url.URL
}

func NewSigningClient 

func NewSigningClient(serverURL string) (*SigningServerSigner, error)

func (*SigningServerSigner) Sign 

func (signer *SigningServerSigner) Sign(cctx credentials.Context, signatureAlgo string, hashAlgo crypto.Hash, digest string, sctx signing.SigningContext) (*signing.Signature, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.