Documentation ¶
Index ¶
- Constants
- Variables
- func Middleware() func(http.Handler) http.Handler
- func RequestMessage(did string, reqTs int) string
- func SignEcdsaRequestMessage(privKey *ecdsa.PrivateKey, did string, reqTs int) (string, error)
- func SignMessage(privKey *ecdsa.PrivateKey, message []byte) (string, error)
- func VerifyEcdsaRequestSignature(pubKey string, signature string, did string, reqTs int, gracePeriodSecs int) (bool, error)
- func VerifyEcdsaRequestSignatureWithDid(ds *did.Service, keyType linkeddata.SuiteType, signature string, ts int, ...) error
- func VerifyEcdsaRequestSignatureWithPks(pks []did.DocPublicKey, keyType linkeddata.SuiteType, signature string, ts int, ...) error
- type ForContextData
Constants ¶
const ( // DefaultRequestGracePeriodSecs is the default grace period in which to // allow requests to be valid after the timestamp of the signature. DefaultRequestGracePeriodSecs = 60 * 5 // 5 mins )
Variables ¶
var ( // DidCtxKey is the context key for the auth did DidCtxKey = &contextKey{"didkey"} // ReqTsCtxKey is the context key for the time stamp ReqTsCtxKey = &contextKey{"reqts"} // SignatureCtxKey is the key for the signature SignatureCtxKey = &contextKey{"signature"} // GracePeriodCtxKey is the key for the grace period GracePeriodCtxKey = &contextKey{"graceperiod"} )
Functions ¶
func Middleware ¶
Middleware for auth handles authorization based on public key and/or DID.
func RequestMessage ¶
RequestMessage returns the default message to be signed for API requests
func SignEcdsaRequestMessage ¶
SignEcdsaRequestMessage is a convenience function to sign a message used for API requests. Returns a signature with no 0x prefix.
func SignMessage ¶
func SignMessage(privKey *ecdsa.PrivateKey, message []byte) (string, error)
SignMessage signs a given message using the private key. Returns a signature with no 0x prefix.
func VerifyEcdsaRequestSignature ¶
func VerifyEcdsaRequestSignature(pubKey string, signature string, did string, reqTs int, gracePeriodSecs int) (bool, error)
VerifyEcdsaRequestSignature determines if a signature is valid given the ECDSA public key and a message derived from a message containing a did and the request timestamp. This function can also pass in the grace period for request validity. NOTE: The did is only validated for correctness, but has not validated to see if there is a corresponding did document. That should occur before this method is called. The message to be verified is "<did> request @ <timestamp>" Expects a signature with no 0x prefix.
func VerifyEcdsaRequestSignatureWithDid ¶
func VerifyEcdsaRequestSignatureWithDid(ds *did.Service, keyType linkeddata.SuiteType, signature string, ts int, didStr string, gracePeriod int) error
VerifyEcdsaRequestSignatureWithDid checks the did document for keys and verifies the signatures using the dids ECDSA public keys Expects a signature with no 0x prefix.
func VerifyEcdsaRequestSignatureWithPks ¶
func VerifyEcdsaRequestSignatureWithPks(pks []did.DocPublicKey, keyType linkeddata.SuiteType, signature string, ts int, didStr string, gracePeriod int) error
VerifyEcdsaRequestSignatureWithPks checks a slice of public keys and verifies the signature against keys of key suite type ECDSA. didStr only affects the signed request message value and can be omitted (look at RequestMessage for more details). Expects a signature with no 0x prefix.
Types ¶
type ForContextData ¶
type ForContextData struct {
Did string
}
ForContextData is returned by ForContext and contains data pulled from the context
func ForContext ¶
func ForContext(ctx context.Context, ds *did.Service, pks []did.DocPublicKey) ( *ForContextData, error)
ForContext checks signature based on the header data. If error returned, indicates an invalid signature or no auth passed. Returns auth context data for convenience. REQUIRES Middleware to have run.