xmlsig

package module
v0.1.1-0...-4cc7cce Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

README 

= XML Signature library for Golang

I wrote this to sign XML documents produced by using Go's default XML encoder. It's not capable of signing arbitrary XML because canonicalization of external XML is a good bit more work. Despite its limitations is the way to go for most Go programs because you don't have to link to C code or run an external command to create a signature. The following example shows how to produce a simple signature. 

----
import (
	"crypto/tls"
	"encoding/xml"
	"os"

	"github.com/amdonov/xmlsig"
)

func example() error {
	cert, err := tls.LoadX509KeyPair("cert.pem", "key.pem")
	if err != nil {
		return err
	}
	signer, err := xmlsig.NewSigner(cert)
	if err != nil {
		return err
	}
	doc := Test1{
		Data: "Hello, World!",
		ID:   "_1234",
	}
	sig, err := signer.CreateSignature(doc)
	if err != nil {
		return err
	}
	doc.Signature = sig
	encoder := xml.NewEncoder(os.Stdout)
	return encoder.Encode(doc)
}

type Test1 struct {
	XMLName   xml.Name `xml:"urn:envelope Envelope"`
	ID        string   `xml:",attr"`
	Data      string   `xml:"urn:envelope Data"`
	Signature *xmlsig.Signature
}
----

Documentation

Overview

Package xmlsig supports add XML Digital Signatures to Go structs marshalled to XML.

Index

Constants

View Source 
const (
	SignatureAlgorithmDsigRSASHA1   = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
	SignatureAlgorithmDsigRSASHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
)
View Source 
const (
	DigestAlgorithmDsigRSASHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
	DigestAlgorithmDsigSHA256  = "http://www.w3.org/2001/04/xmlenc#sha256"
)

Variables

View Source 
var Canonicalize = canonicalize

Functions

This section is empty.

Types

type Algorithm 

type Algorithm struct {
	Algorithm string `xml:",attr"`
}

Algorithm describes the digest or signature used when digest or signature.

type KeyInfo 

type KeyInfo struct {
	XMLName  xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# KeyInfo"`
	X509Data *X509Data
	Children []interface{}
}

KeyInfo is an optional element that enables the recipient(s) to obtain the key needed to validate the signature.

type Reference 

type Reference struct {
	XMLName      xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Reference"`
	URI          string   `xml:",attr,omitempty"`
	Transforms   Transforms
	DigestMethod Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# DigestMethod"`
	DigestValue  string    `xml:"http://www.w3.org/2000/09/xmldsig# DigestValue"`
}

Reference specifies a digest algorithm and digest value, and optionally an identifier of the object being signed, the type of the object, and/or a list of transforms to be applied prior to digesting.

type Signature 

type Signature struct {
	XMLName        xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Signature"`
	SignedInfo     SignedInfo
	SignatureValue string `xml:"http://www.w3.org/2000/09/xmldsig# SignatureValue"`
	KeyInfo        KeyInfo
}

Signature element is the root element of an XML Signature.

type SignedInfo 

type SignedInfo struct {
	XMLName                xml.Name  `xml:"http://www.w3.org/2000/09/xmldsig# SignedInfo"`
	CanonicalizationMethod Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# CanonicalizationMethod"`
	SignatureMethod        Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# SignatureMethod"`
	Reference              Reference
}

SignedInfo includes a canonicalization algorithm, a signature algorithm, and a reference.

type Signer 

type Signer interface {
	Sign([]byte) (string, error)
	CreateSignature(interface{}) (*Signature, error)
	Algorithm() string
}

Signer is used to create a Signature for the provided object.

func NewSigner 

func NewSigner(cert *x509.Certificate, key *rsa.PrivateKey, options ...SignerOptions) (Signer, error)

NewSigner creates a new Signer with the certificate and options

type SignerOptions 

type SignerOptions struct {
	SignatureAlgorithm string
	DigestAlgorithm    string
}

type Transforms 

type Transforms struct {
	XMLName   xml.Name    `xml:"http://www.w3.org/2000/09/xmldsig# Transforms"`
	Transform []Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# Transform"`
}

Transforms is an optional ordered list of processing steps that were applied to the resource's content before it was digested.

type Verifier 

type Verifier interface {
	Verify([]byte, *Signature) (bool, error)
	VerifySignature(interface{}, *Signature) (bool, error)
	Algorithm() string
}

func NewVerifier 

func NewVerifier(cert *x509.Certificate, options ...VerifierOptions) (Verifier, error)

NewVerifier creates a new Signer with the certificate and options

type VerifierOptions 

type VerifierOptions struct {
	SignatureAlgorithm string
	DigestAlgorithm    string
	// If specified, is compared against the certificate data for equality
	X509Data string
}

type X509Data 

type X509Data struct {
	XMLName         xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# X509Data"`
	X509Certificate string   `xml:"http://www.w3.org/2000/09/xmldsig# X509Certificate"`
}

X509Data element within KeyInfo contains one an X509 certificate

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.