README
¶
= XML Signature library for Golang
I wrote this to sign XML documents produced by using Go's default XML encoder. It's not capable of signing arbitrary XML because canonicalization of external XML is a good bit more work. Despite its limitations is the way to go for most Go programs because you don't have to link to C code or run an external command to create a signature. The following example shows how to produce a simple signature.
----
import (
"crypto/tls"
"encoding/xml"
"os"
"github.com/amdonov/xmlsig"
)
func example() error {
cert, err := tls.LoadX509KeyPair("cert.pem", "key.pem")
if err != nil {
return err
}
signer, err := xmlsig.NewSigner(cert)
if err != nil {
return err
}
doc := Test1{
Data: "Hello, World!",
ID: "_1234",
}
sig, err := signer.CreateSignature(doc)
if err != nil {
return err
}
doc.Signature = sig
encoder := xml.NewEncoder(os.Stdout)
return encoder.Encode(doc)
}
type Test1 struct {
XMLName xml.Name `xml:"urn:envelope Envelope"`
ID string `xml:",attr"`
Data string `xml:"urn:envelope Data"`
Signature *xmlsig.Signature
}
----
Documentation
¶
Overview ¶
Package xmlsig supports add XML Digital Signatures to Go structs marshalled to XML.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Algorithm ¶
type Algorithm struct {
Algorithm string `xml:",attr"`
}
Algorithm describes the digest or signature used when digest or signature.
type BinarySecurityToken ¶
type BinarySecurityToken struct {
ValueType string `xml:"ValueType,attr"`
EncodingType string `xml:"EncodingType,attr"`
ID string `xml:"wsu:Id,attr"`
Value string `xml:",chardata"`
}
BinarySecurityToken contains the binary security token for X509 certificates
type KeyInfo ¶
type KeyInfo struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# KeyInfo"`
X509Data *X509Data
// KeyValue KeyValue
Children []interface{}
}
KeyInfo is an optional element that enables the recipient(s) to obtain the key needed to validate the signature.
type KeyValue ¶
type KeyValue struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# KeyValue"`
RSAKeyValue RSAKeyValue
}
KeyValue holds the RSAKeyValue modulus & exponent
type RSAKeyValue ¶
type RSAKeyValue struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# RSAKeyValue"`
Modulus string `xml:"Modulus"`
Exponent string `xml:"Exponent"`
}
RSAKeyValue element within KeyValue holds rsa keyvalue
type Reference ¶
type Reference struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Reference"`
URI string `xml:",attr,omitempty"`
Transforms Transforms
DigestMethod Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# DigestMethod"`
DigestValue string `xml:"http://www.w3.org/2000/09/xmldsig# DigestValue"`
}
Reference specifies a digest algorithm and digest value, and optionally an identifier of the object being signed, the type of the object, and/or a list of transforms to be applied prior to digesting.
type Signature ¶
type Signature struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Signature"`
Xmlns string `xml:"xmlns,attr,omitempty"`
SignedInfo SignedInfo
SignatureValue SignatureValueType `xml:"SignatureValue"`
KeyInfo KeyInfo
CanonicalizedInput string `xml:"http://www.w3.org/2000/09/xmldsig#"`
}
Signature element is the root element of an XML Signature.
type SignatureValueType ¶ added in v1.0.5
type SignatureValueType struct {
IdAttr string `xml:"Id,attr,omitempty" json:"Id,attr,omitempty"`
Value string `xml:",chardata" json:",chardata"`
}
SignatureValueType ...
type SignatureXmlns ¶ added in v1.0.5
type SignatureXmlns struct {
Xmlns string `xml:"xmlns,attr"`
}
Signature with Attribute xmlns
type SignedInfo ¶
type SignedInfo struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# SignedInfo"`
CanonicalizationMethod Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# CanonicalizationMethod"`
SignatureMethod Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# SignatureMethod"`
Reference Reference
}
SignedInfo includes a canonicalization algorithm, a signature algorithm, and a reference.
type Signer ¶
type Signer interface {
Sign([]byte) (string, error)
CreateSignature(data interface{}) (*Signature, error)
ValidateSignature(digest, signedData string) bool
Algorithm() string
CreateBinarySecurityToken() *BinarySecurityToken
}
Signer is used to create a Signature for the provided object.
func NewSigner ¶
func NewSigner(cert tls.Certificate) (Signer, error)
NewSigner creates a new Signer with the certificate.
func NewSignerWithOptions ¶
func NewSignerWithOptions(cert tls.Certificate, options SignerOptions) (Signer, error)
NewSignerWithOptions creates a new Signer with the certificate and options
type SignerOptions ¶
type Transforms ¶
type Transforms struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Transforms"`
Transform []Algorithm `xml:"http://www.w3.org/2000/09/xmldsig# Transform"`
}
Transforms is an optional ordered list of processing steps that were applied to the resource's content before it was digested.
type X509Data ¶
type X509Data struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# X509Data"`
X509Certificate string `xml:"http://www.w3.org/2000/09/xmldsig# X509Certificate"`
X509IssuerSerial X509IssuerSerial
}
X509Data element within KeyInfo contains an X509 certificate
type X509IssuerSerial ¶
type X509IssuerSerial struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# X509IssuerSerial"`
IssuerName string `xml:"X509IssuerName,omitempty"`
SerialNumber *big.Int `xml:"X509SerialNumber,omitempty"`
}
X509IssuerSerial element within X509Data contains the issername and the serialnumber
Source Files