Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrKeyNotFound is raised when KeyResolverFunc desn't find the requested key. ErrKeyNotFound = errors.New("key not found") // ErrExpiredSignature is raised when trying to operate using an expired // signature input. ErrExpiredSignature = errors.New("expired signature") // ErrNotSupportedSignature is raised when KeyResolverFunc returned an // invalid key type for operation. ErrNotSupportedSignature = errors.New("not supported signature") )
Functions ¶
This section is empty.
Types ¶
type Algorithm ¶
type Algorithm string
Algorithm describes supported signing suite supported.
const ( // AlgorithmRSAPSSSHA512 represents signature algorithm RSASSA-PSS using SHA-512 AlgorithmRSAPSSSHA512 Algorithm = "rsa-pss-sha512" // AlgorithmRSAV15SHA256 represents signature algorithm RSASSA-PKCS1-v1_5 using SHA-256 AlgorithmRSAV15SHA256 Algorithm = "rsa-v1_5-sha256" // AlgorithmRSAV15SHA256 represents signature algorithm HMAC using SHA-256 AlgorithmHMACSHA256 Algorithm = "hmac-sha256" // AlgorithmECDSAP256SHA256 represents signature algorithm using ECDA P-256 curve with SHA-256 AlgorithmECDSAP256SHA256 Algorithm = "ecdsa-p256-sha256" // AlgorithmEdDSAEd25519SHA512 represents signature algorithm using EdDSA Ed25519 curve with SHA-512 AlgorithmEdDSAEd25519SHA512 Algorithm = "eddsa-ed25519-sha512" )
type KeyResolverFunc ¶
KeyResolverFunc is used to resolve crypto material from key identifier.
type SignatureInput ¶
type SignatureInput struct { ID string Algorithm Algorithm KeyID string Expires uint64 Created uint64 Nonce string Headers []string }
SignatureInput represents signature metadata.
func DefaultSignatureInput ¶
func DefaultSignatureInput(kid string) *SignatureInput
DefaultSignatureInput returns a default signature-inpupt for request signing.
func ParseSignatureInput ¶
func ParseSignatureInput(input string) ([]*SignatureInput, error)
ParseSignatureInput returns the SignatureInput descriptor.
func (*SignatureInput) IsExpired ¶
func (s *SignatureInput) IsExpired() bool
IsExpired returns true if signature is expired.
func (*SignatureInput) Params ¶
func (s *SignatureInput) Params() string
func (*SignatureInput) String ¶
func (s *SignatureInput) String() string
type SignatureSet ¶
SignatureSet represents a dictionary of signature-input reference and signature payload.
func ParseSignatureSet ¶
func ParseSignatureSet(input string) (*SignatureSet, error)
ParseSignatureSet returns the signature map from given input.
func (*SignatureSet) Add ¶
func (set *SignatureSet) Add(name string, sig []byte)
Add a signature to current set.
func (*SignatureSet) Get ¶
func (set *SignatureSet) Get(name string) ([]byte, bool)
Get a signature by handle.
func (*SignatureSet) Keys ¶
func (set *SignatureSet) Keys() []string
Keys returns the list of available signatures.
func (*SignatureSet) String ¶
func (set *SignatureSet) String() string
type Signer ¶
type Signer interface {
Sign(ctx context.Context, sigMeta *SignatureInput, r *http.Request) ([]byte, error)
}
Signer describes signature signature implementation contract.
func NewSigner ¶
func NewSigner(alg Algorithm, krf KeyResolverFunc) Signer
NewSigner returns a signer implementation instance for `hs2019` only.
type Verifier ¶
type Verifier interface {
Verify(ctx context.Context, sigMeta *SignatureInput, signature []byte, r *http.Request) (bool, error)
}
Verifier describes signature verification implementation contract.
func NewVerifier ¶
func NewVerifier(krf KeyResolverFunc) Verifier
NewVerifier returns a verifier implementation instance for `hs2019` only.