httpsig

package module

v0.0.1 Latest Latest Go to latest Published: Nov 3, 2020 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Implements HTTP request and response signing and verification. Supports the major MAC and asymmetric key signature algorithms. It has several safety restrictions: One, none of the widely known non-cryptographically safe algorithms are permitted; Two, the RSA SHA256 algorithms must be available in the binary (and it should, barring export restrictions); Finally, the library assumes either the 'Authorizationn' or 'Signature' headers are to be set (but not both).

Index ¶

Constants
func NewSSHSigner(s ssh.Signer, dAlgo DigestAlgorithm, headers []string, scheme SignatureScheme, ...) (SSHSigner, Algorithm, error)
func NewSigner(prefs []Algorithm, dAlgo DigestAlgorithm, headers []string, ...) (Signer, Algorithm, error)
type Algorithm
type DigestAlgorithm
type SSHSigner
type SignatureScheme
type Signer
type Verifier
- func NewResponseVerifier(rsp *http.Response) (Verifier, error)
- func NewVerifier(req *http.Request) (verifier Verifier, err error)

Constants ¶

View Source

const (
	RequestTarget = "(request-target)"
)

Variables ¶

This section is empty.

Functions ¶

func NewSSHSigner ¶

func NewSSHSigner(s ssh.Signer, dAlgo DigestAlgorithm, headers []string, scheme SignatureScheme, expiresIn int64) (SSHSigner, Algorithm, error)

func NewSigner ¶

func NewSigner(prefs []Algorithm, dAlgo DigestAlgorithm, headers []string, scheme SignatureScheme, expiresIn int64) (Signer, Algorithm, error)

Types ¶

type Algorithm ¶

type Algorithm string

Algorithm specifies a cryptography secure algorithm for signing HTTP requests and responses.

const (
	// MAC-based algoirthms.
	HMAC_SHA224      Algorithm = hmacPrefix + "-" + sha224String
	HMAC_SHA256      Algorithm = hmacPrefix + "-" + sha256String
	HMAC_SHA384      Algorithm = hmacPrefix + "-" + sha384String
	HMAC_SHA512      Algorithm = hmacPrefix + "-" + sha512String
	HMAC_RIPEMD160   Algorithm = hmacPrefix + "-" + ripemd160String
	HMAC_SHA3_224    Algorithm = hmacPrefix + "-" + sha3_224String
	HMAC_SHA3_256    Algorithm = hmacPrefix + "-" + sha3_256String
	HMAC_SHA3_384    Algorithm = hmacPrefix + "-" + sha3_384String
	HMAC_SHA3_512    Algorithm = hmacPrefix + "-" + sha3_512String
	HMAC_SHA512_224  Algorithm = hmacPrefix + "-" + sha512_224String
	HMAC_SHA512_256  Algorithm = hmacPrefix + "-" + sha512_256String
	HMAC_BLAKE2S_256 Algorithm = hmacPrefix + "-" + blake2s_256String
	HMAC_BLAKE2B_256 Algorithm = hmacPrefix + "-" + blake2b_256String
	HMAC_BLAKE2B_384 Algorithm = hmacPrefix + "-" + blake2b_384String
	HMAC_BLAKE2B_512 Algorithm = hmacPrefix + "-" + blake2b_512String
	BLAKE2S_256      Algorithm = blake2s_256String
	BLAKE2B_256      Algorithm = blake2b_256String
	BLAKE2B_384      Algorithm = blake2b_384String
	BLAKE2B_512      Algorithm = blake2b_512String
	// RSA-based algorithms.
	RSA_SHA1   Algorithm = rsaPrefix + "-" + sha1String
	RSA_SHA224 Algorithm = rsaPrefix + "-" + sha224String
	// RSA_SHA256 is the default algorithm.
	RSA_SHA256    Algorithm = rsaPrefix + "-" + sha256String
	RSA_SHA384    Algorithm = rsaPrefix + "-" + sha384String
	RSA_SHA512    Algorithm = rsaPrefix + "-" + sha512String
	RSA_RIPEMD160 Algorithm = rsaPrefix + "-" + ripemd160String
	// ECDSA algorithms
	ECDSA_SHA224    Algorithm = ecdsaPrefix + "-" + sha224String
	ECDSA_SHA256    Algorithm = ecdsaPrefix + "-" + sha256String
	ECDSA_SHA384    Algorithm = ecdsaPrefix + "-" + sha384String
	ECDSA_SHA512    Algorithm = ecdsaPrefix + "-" + sha512String
	ECDSA_RIPEMD160 Algorithm = ecdsaPrefix + "-" + ripemd160String
	// ED25519 algorithms
	// can only be SHA512
	ED25519 Algorithm = ed25519Prefix
)

type DigestAlgorithm ¶

type DigestAlgorithm string

DigestAlgorithm 算法摘要

const (
	// DigestSha256 SHA 256算法
	DigestSha256 DigestAlgorithm = "SHA-256"
	// DigestSha512 SHA 512算法
	DigestSha512 DigestAlgorithm = "SHA-512"
)

type SSHSigner ¶

type SSHSigner interface {
	// SignRequest 签名请求
	SignRequest(keyId string, req *http.Request, body []byte) (err error)
	// SignResponse 签名响应
	SignResponse(keyId string, rsp http.ResponseWriter, body []byte) (err error)
}

SSHSigner SSH签名接口

type SignatureScheme ¶

type SignatureScheme string

SignatureScheme 签名类型

const (
	// Signature 使用Signature头鉴权方式
	Signature SignatureScheme = "Signature"
	// Authorization 使用Authorization的鉴权方式
	Authorization SignatureScheme = "Authorization"
)

type Signer ¶

type Signer interface {
	// SignRequest 签名请求
	SignRequest(privateKey crypto.PrivateKey, keyId string, req *http.Request, body []byte) (err error)
	// SignResponse 签名响应
	SignResponse(privateKey crypto.PrivateKey, keyId string, rsp http.ResponseWriter, body []byte) (err error)
}

Signer 签名接口

type Verifier ¶

type Verifier interface {
	// KeyId 取得签名的公钥
	KeyId() string

	// Verify 验证签名
	Verify(publicKey crypto.PublicKey, alg Algorithm) (err error)
}

Verifier 签名验证接口

func NewResponseVerifier ¶

func NewResponseVerifier(rsp *http.Response) (Verifier, error)

func NewVerifier ¶

func NewVerifier(req *http.Request) (verifier Verifier, err error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL