xmlsig

package module
v0.0.0-...-091d0f6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 27, 2023 License: Apache-2.0 Imports: 15 Imported by: 4

README

= XML Signature library for Golang

I wrote this to sign XML documents produced by using Go's default XML encoder. It's not capable of signing arbitrary XML because canonicalization of external XML is a good bit more work. Despite its limitations is the way to go for most Go programs because you don't have to link to C code or run an external command to create a signature. The following example shows how to produce a simple signature. 

----
import (
	"crypto/tls"
	"encoding/xml"
	"os"

	"github.com/descope-dev/xmlsig"
)

func example() error {
	cert, err := tls.LoadX509KeyPair("cert.pem", "key.pem")
	if err != nil {
		return err
	}
	signer, err := xmlsig.NewSigner(cert)
	if err != nil {
		return err
	}
	doc := Test1{
		Data: "Hello, World!",
		ID:   "_1234",
	}
	sig, err := signer.CreateSignature(doc)
	if err != nil {
		return err
	}
	doc.Signature = sig
	encoder := xml.NewEncoder(os.Stdout)
	return encoder.Encode(doc)
}

type Test1 struct {
	XMLName   xml.Name `xml:"urn:envelope Envelope"`
	ID        string   `xml:",attr"`
	Data      string   `xml:"urn:envelope Data"`
	Signature *xmlsig.Signature
}
----

Documentation

Overview

Package xmlsig supports add XML Digital Signatures to Go structs marshalled to XML.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Algorithm

type Algorithm struct {
	Algorithm string `xml:",attr"`
}

Algorithm describes the digest or signature used when digest or signature.

type KeyInfo

type KeyInfo struct {
	XMLName  xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# KeyInfo"`
	X509Data *X509Data
	Children []interface{}
}

KeyInfo is an optional element that enables the recipient(s) to obtain the key needed to validate the signature.

type Reference

type Reference struct {
	XMLName      xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Reference"`
	URI          string   `xml:",attr,omitempty"`
	Transforms   Transforms
	DigestMethod Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# DigestMethod"`
	DigestValue  string    `xml:"http://www.w3.org/2000/09/xmldsig# DigestValue"`
}

Reference specifies a digest algorithm and digest value, and optionally an identifier of the object being signed, the type of the object, and/or a list of transforms to be applied prior to digesting.

type Signature

type Signature struct {
	XMLName        xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Signature"`
	SignedInfo     SignedInfo
	SignatureValue string `xml:"http://www.w3.org/2000/09/xmldsig# SignatureValue"`
	KeyInfo        KeyInfo
}

Signature element is the root element of an XML Signature.

type SignedInfo

type SignedInfo struct {
	XMLName                xml.Name  `xml:"http://www.w3.org/2000/09/xmldsig# SignedInfo"`
	CanonicalizationMethod Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# CanonicalizationMethod"`
	SignatureMethod        Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# SignatureMethod"`
	Reference              Reference
}

SignedInfo includes a canonicalization algorithm, a signature algorithm, and a reference.

type Signer

type Signer interface {
	Sign([]byte) (string, error)
	CreateSignature(interface{}) (*Signature, error)
	Algorithm() string
}

Signer is used to create a Signature for the provided object.

func NewSigner

func NewSigner(cert tls.Certificate) (Signer, error)

NewSigner creates a new Signer with the certificate.

func NewSignerWithOptions

func NewSignerWithOptions(cert tls.Certificate, options SignerOptions) (Signer, error)

NewSigner creates a new Signer with the certificate and options

type SignerOptions

type SignerOptions struct {
	SignatureAlgorithm string
	DigestAlgorithm    string
}

type Transforms

type Transforms struct {
	XMLName   xml.Name    `xml:"http://www.w3.org/2000/09/xmldsig# Transforms"`
	Transform []Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# Transform"`
}

Transforms is an optional ordered list of processing steps that were applied to the resource's content before it was digested.

type X509Data

type X509Data struct {
	XMLName         xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# X509Data"`
	X509Certificate string   `xml:"http://www.w3.org/2000/09/xmldsig# X509Certificate"`
}

X509Data element within KeyInfo contains one an X509 certificate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL