httpsig

package module
v1.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 11, 2018 License: MIT Imports: 28 Imported by: 0

README

httpsig

GoDoc Circle CI Coverage Status Go Report Card

Documentation

Overview

Package httpsig implements HTTP Signatures according to draft-cavage-http-signatures-08 https://datatracker.ietf.org/doc/draft-cavage-http-signatures/

Index

Constants

View Source
const (
	DefaultDigestAlgo = digest.SHA256
	DefaultHeaderType = SignatureHeader
)

These are the default values for TransportOptions

Variables

This section is empty.

Functions

func Middleware added in v1.1.0

func Middleware(t HeaderType, getter KeyGetter, next http.Handler) http.Handler

Middleware is an HTTP middleware that will call next only if the request's HTTP signature is valid

func ValidKeyID

func ValidKeyID(keyID string) bool

ValidKeyID returns true if the keyID doesn't contain any quote (`"`) or comma (`,`) characters

Types

type Algorithm

type Algorithm int

Algorithm represents the type of HTTP signature to use

const (
	Unknown Algorithm = iota
	RSASHA1
	RSASHA256
	HMACSHA256
	ECDSASHA256
)

These are the available Algorithms to use

func ParseAlgorithm

func ParseAlgorithm(val string) Algorithm

ParseAlgorithm parses a string into an Algorithm

func (Algorithm) Sign

func (a Algorithm) Sign(key interface{}, data []byte) ([]byte, error)

Sign signs the data with the provided key. key is expected to be an rsa.PrivateKey, []byte for HMAC or ecdsa.PrivateKey

func (Algorithm) String

func (a Algorithm) String() string

func (Algorithm) Transport

func (a Algorithm) Transport(keyID string, key interface{}, opts ...TransportOption) http.RoundTripper

Transport returns an http.RoundTripper that sets HTTP signatures on outgoing requests

func (Algorithm) Verify

func (a Algorithm) Verify(key interface{}, data, sig []byte) error

Verify verifies that data was properly signed by key. sig is the already signed data. key is expected to be an rsa.PublicKey, []byte for HMAC or ecdsa.PublicKey. PrivateKeys may also be used.

type Header struct {
	KeyID     string
	Algorithm Algorithm
	Headers   []string
	Signature []byte
}

A Header represents the parts of the HTTP signature header

func (*Header) SignatureString

func (h *Header) SignatureString(req *http.Request, headers ...string) []byte

SignatureString returns the string that should be signed for the request. It also populates Header.Headers. If headers has values, only those will be used to produce the string. Otherwise, all headers except Host, User-Agent, Content-Length, Transfer-Encoding and Trailer will be used.

func (Header) String

func (h Header) String() string

func (Header) Verify

func (h Header) Verify(getter KeyGetter, req *http.Request) error

Verify ensures that the Header is valid

type HeaderType

type HeaderType string

HeaderType dictates which HTTP header to use and the format of the value for generating and verifying HTTP signatures

const (
	SignatureHeader     HeaderType = "Signature"
	AuthorizationHeader HeaderType = "Authorization"
)

These are the available HeaderTypes to use

func (HeaderType) Parse

func (t HeaderType) Parse(req *http.Request) (*Header, error)

Parse returns a Header populated with the fields extracted from the HTTP signature

func (HeaderType) Set

func (t HeaderType) Set(a Algorithm, keyID string, key interface{}, req *http.Request, digestAlgo digest.Algorithm) error

Set sets the appropriate HTTP header to make an HTTP signature on the request

func (HeaderType) String

func (t HeaderType) String() string

func (HeaderType) Verify

func (t HeaderType) Verify(getter KeyGetter, req *http.Request) error

Verify ensures that the HTTP signature on the request is valid

type KeyGetter

type KeyGetter interface {
	GetKey(keyID string) (key interface{}, err error)
}

A KeyGetter gets a key for HTTP signature verification based on the keyID

type KeyGetterFunc

type KeyGetterFunc func(keyID string) (key interface{}, err error)

The KeyGetterFunc type is an adapter to allow the use of ordinary functions as KeyGetters. If f is a function with the appropriate signature, KeyGetterFunc(f) is a KeyGetter that calls f.

func (KeyGetterFunc) GetKey

func (f KeyGetterFunc) GetKey(keyID string) (key interface{}, err error)

GetKey returns f(keyID)

type TransportOption

type TransportOption func(*transport)

A TransportOption is an option that can be used with Algorithm.Transport

func WithAuthorizationHeader

func WithAuthorizationHeader() TransportOption

WithAuthorizationHeader causes the Transport to use the Authorization header for HTTP signatures instead of the Signature header

func WithDigestAlgorithm

func WithDigestAlgorithm(val digest.Algorithm) TransportOption

WithDigestAlgorithm causes the Transport to use the digest algorithm val when generating HTTP Digest headers

func WithTracer

func WithTracer(tracer opentracing.Tracer) TransportOption

WithTracer sets the tracer to be used by the Transport

Directories

Path Synopsis
Package digest implements HTTP Digest support according to RFC 3230 https://tools.ietf.org/html/rfc3230
Package digest implements HTTP Digest support according to RFC 3230 https://tools.ietf.org/html/rfc3230

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL