gosign

package module

v0.0.0-...-ec53163 Latest Latest Go to latest Published: Nov 3, 2019 License: MIT Imports: 10 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/qaisjp/gosign

Links

Open Source Insights

README ¶

gosign: CoSign library for Go

gosign is an experimental library that provides an interface to a CoSign daemon. It works well, but the API might change in the future.

CoSign is a "secure single sign-on web authentication system".

This only maintains a living connection and can handle the CHECK command (this project was created for a "CoSign filter"). There are no plans to support further protocol commands. This library is only built to support CoSign protocol version 2 (in use as of Cosign v2.x). Contributions are welcome.

Example

Creating a CoSign client

client, err := gosign.Dial(&gosign.Config{
  Address: "www.ease.ed.ac.uk:6663",
  Service: "betterinformatics.com",
  TLSConfig: &tls.Config{
    ServerName:         "www.ease.ed.ac.uk",
    Certificates:       []tls.Certificate{cert},
    RootCAs:            pool,
  },
})

Address is the address of your CoSign daemon. It is usually the same address of your university's login portal.
Service is the name of your service, assigned to you by the daemon operators (this is the domain name of your service).
TLSConfig uses the stdlib tls.Config:
- ServerName is the name of the domain, required if you want the client to verify the server's certificate chain and host name (default)
- Certificates should contain the service certificate given to you by the daemon operators
- RootCA is required as CoSign certificates don't use regular website root CAs
- (see the Certificates section below for more info)

Certificates

You can get cert for Certificates by doing the following:

cert, err := tls.LoadX509KeyPair("service.crt", "service.key")
if err != nil {
  panic("could not read certfile+keyfile")
}

You can get pool for RootCAs by doing the following:

// Read CAFile containing multiple certs
certs, err := ioutil.ReadFile("cosign.CA.crt")
if err != nil {
  panic("could not read CAFile")
}

// Build a cert pool based from the CAFile
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(certs)

Checking CoSign cookies

Once you have retrieved a cosign-service.com (e.g cosign-betterinformatics.com) cookie from a (web) client, you can then verify the logged in state of the cookie and retrieve information about that user.

response, err := client.Check(cookie, false)

// The only gosign related error is ErrLoggedOut.
if err == gosign.ErrLoggedOut {
  panic("not logged in due to various reasons")
}

// There could be some other error, like a network issue.
if err != nil {
  panic(err.Error())
}

// Success! Print out the response.
fmt.Println(response)

The response printed out in this example code is just this CheckResponse struct.

Projects using gosign

cosign-webapi is a web service that exposes the CHECK command over a REST API to save you from reimplementing CoSign in other languages. It is designed for firewalled access and also authenticates based on defined API keys.

Documentation ¶

Index ¶

Variables
type CheckResponse
type Client
- func Dial(conf *Config) (*Client, error)
type Config

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrLoggedOut = errors.New("User is already logged out")

ErrLoggedOut is the error for all errors related to being logged out.

Functions ¶

This section is empty.

Types ¶

type CheckResponse ¶

type CheckResponse struct {
	IP        string
	Principal string // user name
	Factors   []string
	Realm     string // first factor
}

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

A Client represents a client connection to a collection of CoSign daemons.

func Dial ¶

func Dial(conf *Config) (*Client, error)

Dial returns a new Client connected to all daemons at addr. The addr must include a port, as in "weblogin.inf.ed.ac.uk:6663"

func (*Client) Check ¶

func (f *Client) Check(cookie string, serviceCookie bool) (resp CheckResponse, err error)

Check allows clients to retrieve information about a user based on the cookie presented to the daemon.

This is typically used by both the CGI and the filter (service).

func (*Client) Close ¶

func (f *Client) Close() (err error)

Close closes the connection to the CoSign daemon.

func (*Client) Quit ¶

func (f *Client) Quit() (err error)

Quit sends the QUIT command to all servers and closes the connections. If all connections are already closed, this returns nil.

type Config ¶

type Config struct {
	Host      string
	Port      string
	Service   string
	TLSConfig *tls.Config
}

A Config structure is used to configure a CoSign client. After one has been passed to a gosign function it must not be modified. A Config may be reused; the gosign package will also not modify it.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
cosign-webapi

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL