Documentation
¶
Index ¶
- Constants
- func BuildSignatureString(r *Request, headers []string) (string, error)
- func GetRequestDigest(body []byte, alg string) (string, int, error)
- func GetRequestLine(r *Request) string
- type Request
- type SignatureAuth
- func (s *SignatureAuth) BuildRequestAuthBody() map[string]interface{}
- func (s *SignatureAuth) CheckParsedRequestSignature(sigString string, sigAuthHeader *SignatureAuthHeader, key *keys.PubKey) error
- func (s *SignatureAuth) CheckRequestServiceSignature(r *Request, requiredServiceIDs []string) (string, error)
- func (s *SignatureAuth) CheckRequestSignature(r *Request, key *keys.PubKey) error
- func (s *SignatureAuth) CheckServiceSignature(serviceID string, message []byte, signature string) error
- func (s *SignatureAuth) CheckSignature(pubKey *keys.PubKey, message []byte, signature string) error
- func (s *SignatureAuth) LegacyCheckSignature(pubKey *keys.PubKey, message []byte, signature string) error
- func (s *SignatureAuth) ModifyRequest(req *http.Request) error
- func (s *SignatureAuth) ParseRequestSignature(r *Request) (string, *SignatureAuthHeader, error)
- func (s *SignatureAuth) Sign(message []byte) (string, error)
- func (s *SignatureAuth) SignRequest(r *http.Request) error
- type SignatureAuthHeader
Constants ¶
const ( // SHA256 represents a SHA256 hash SHA256 string = "SHA256" // SHA256Legacy represents a legacy SHA256 hash SHA256Legacy string = "SHA-256" // TODO: Remove once all dependents have been upgraded )
Variables ¶
This section is empty.
Functions ¶
func BuildSignatureString ¶
BuildSignatureString builds the string to be signed for the provided request
"headers" specify which headers to include in the signature string
func GetRequestDigest ¶
GetRequestDigest returns the digest and length of the provided request body using the specified algorithm
func GetRequestLine ¶
GetRequestLine returns the request line for the provided request
Types ¶
type Request ¶
type Request struct {
Headers map[string][]string
Body []byte
Host string
Method string
Path string
Protocol string
}
Request defines the components of a signed request required for signature authentication
func ParseHTTPRequest ¶
ParseHTTPRequest parses a http.Request into a Request
type SignatureAuth ¶
type SignatureAuth struct {
// contains filtered or unexported fields
}
SignatureAuth contains configurations and helper functions required to validate signatures
func NewSignatureAuth ¶
func NewSignatureAuth(serviceKey *keys.PrivKey, serviceRegManager *authservice.ServiceRegManager, serviceRegKey bool, supportLegacy bool) (*SignatureAuth, error)
NewSignatureAuth creates and configures a new SignatureAuth instance
func (*SignatureAuth) BuildRequestAuthBody ¶
func (s *SignatureAuth) BuildRequestAuthBody() map[string]interface{}
BuildRequestAuthBody returns a map containing the auth fields for static token auth request bodies
func (*SignatureAuth) CheckParsedRequestSignature ¶
func (s *SignatureAuth) CheckParsedRequestSignature(sigString string, sigAuthHeader *SignatureAuthHeader, key *keys.PubKey) error
CheckParsedRequestSignature validates the signature on the provided parsed elements of a signed request
The request must be signed by the private key paired with the provided public key
func (*SignatureAuth) CheckRequestServiceSignature ¶
func (s *SignatureAuth) CheckRequestServiceSignature(r *Request, requiredServiceIDs []string) (string, error)
CheckRequestServiceSignature validates the signature on the provided request
The request must be signed by one of the services in requiredServiceIDs. If nil, any valid signature from a subscribed service will be accepted Returns the service ID of the signing service
func (*SignatureAuth) CheckRequestSignature ¶
func (s *SignatureAuth) CheckRequestSignature(r *Request, key *keys.PubKey) error
CheckRequestSignature validates the signature on the provided request
The request must be signed by the private key paired with the provided public key
func (*SignatureAuth) CheckServiceSignature ¶
func (s *SignatureAuth) CheckServiceSignature(serviceID string, message []byte, signature string) error
CheckServiceSignature validates the provided message signature from the given service
func (*SignatureAuth) CheckSignature ¶
CheckSignature validates the provided message signature from the given public key
func (*SignatureAuth) LegacyCheckSignature ¶
func (s *SignatureAuth) LegacyCheckSignature(pubKey *keys.PubKey, message []byte, signature string) error
LegacyCheckSignature validates the provided message signature from the given public key
func (*SignatureAuth) ModifyRequest ¶
func (s *SignatureAuth) ModifyRequest(req *http.Request) error
ModifyRequest signs the passed request to perform signature auth
func (*SignatureAuth) ParseRequestSignature ¶
func (s *SignatureAuth) ParseRequestSignature(r *Request) (string, *SignatureAuthHeader, error)
ParseRequestSignature checks the request's digest and returns its signature string and parsed header
func (*SignatureAuth) Sign ¶
func (s *SignatureAuth) Sign(message []byte) (string, error)
Sign generates and returns a signature for the provided message
func (*SignatureAuth) SignRequest ¶
func (s *SignatureAuth) SignRequest(r *http.Request) error
SignRequest signs and modifies the provided request with the necessary signature parameters
type SignatureAuthHeader ¶
type SignatureAuthHeader struct {
KeyID string `json:"keyId" validate:"required"`
Algorithm string `json:"algorithm" validate:"required"`
Headers []string `json:"headers,omitempty"`
Extensions string `json:"extensions,omitempty"`
Signature string `json:"signature" validate:"required"`
}
SignatureAuthHeader defines the structure of the Authorization header for signature authentication
func ParseSignatureAuthHeader ¶
func ParseSignatureAuthHeader(header string) (*SignatureAuthHeader, error)
ParseSignatureAuthHeader parses a signature Authorization header string
func (*SignatureAuthHeader) Build ¶
func (s *SignatureAuthHeader) Build() (string, error)
Build builds the signature Authorization header string
Source Files