suwako / httpsig

Go (100.00%)

LICENSE.txt

BSD→ISC

2024-04-10T14:14:18+09:00

README.md

Add badge for Matrix chat room

2020-12-23T12:23:13+01:00

algorithms.go

Merge pull request #21 from 42wim/addrsa Add RSA support to ssh key signing

2020-07-02T19:07:48+02:00

algorithms_test.go

Have test temporarily pass due to SHA1 inclusion

2020-12-21T22:20:30+01:00

digest.go

Fix hashing sum bug for digests

2019-09-24T19:10:22+02:00

digest_test.go

Fix hashing sum bug for digests

2019-09-24T19:10:22+02:00

go.mod

フォーク

2024-04-02T11:04:00+09:00

go.sum

フォーク

2024-04-02T11:04:00+09:00

httpsig.go

Propagate error when crypto algorithm is not supported

2020-12-21T22:19:56+01:00

httpsig_test.go

Merge pull request #17 from 42wim/add-ed25519 Add ed25519 signing support

2020-06-17T07:47:30+02:00

signing.go

Merge pull request #18 from 42wim/add-sshsigner Add initial support for using ssh keys for signing

2020-06-29T08:46:42+02:00

verifying.go

Propagate error message for verifier when crypto algo not supported

2020-12-21T22:26:26+01:00

httpsig

HTTP Signatures made simple

Build Status Go Reference
Go Report Card License
Chat OpenCollective

go get github.com/go-fed/httpsig

Implementation of HTTP Signatures.

Supports many different combinations of MAC, HMAC signing of hash, or RSA
signing of hash schemes. Its goals are:

  • Have a very simple interface for signing and validating
  • Support a variety of signing algorithms and combinations
  • Support setting either headers (Authorization or Signature)
  • Remaining flexible with headers included in the signing string
  • Support both HTTP requests and responses
  • Explicitly not support known-cryptographically weak algorithms
  • Support automatic signing and validating Digest headers

How to use

import "github.com/go-fed/httpsig"

Signing

Signing a request or response requires creating a new Signer and using it:

func sign(privateKey crypto.PrivateKey, pubKeyId string, r *http.Request) error {
	prefs := []httpsig.Algorithm{httpsig.RSA_SHA512, httpsig.RSA_SHA256}
	digestAlgorithm := DigestSha256
	// The "Date" and "Digest" headers must already be set on r, as well as r.URL.
	headersToSign := []string{httpsig.RequestTarget, "date", "digest"}
	signer, chosenAlgo, err := httpsig.NewSigner(prefs, digestAlgorithm, headersToSign, httpsig.Signature)
	if err != nil {
		return err
	}
	// To sign the digest, we need to give the signer a copy of the body...
	// ...but it is optional, no digest will be signed if given "nil"
	body := ...
	// If r were a http.ResponseWriter, call SignResponse instead.
	return signer.SignRequest(privateKey, pubKeyId, r, body)
}

Signers are not safe for concurrent use by goroutines, so be sure to guard
access:

type server struct {
	signer httpsig.Signer
	mu *sync.Mutex
}

func (s *server) handlerFunc(w http.ResponseWriter, r *http.Request) {
	privateKey := ...
	pubKeyId := ...
	// Set headers and such on w
	s.mu.Lock()
	defer s.mu.Unlock()
	// To sign the digest, we need to give the signer a copy of the response body...
	// ...but it is optional, no digest will be signed if given "nil"
	body := ...
	err := s.signer.SignResponse(privateKey, pubKeyId, w, body)
	if err != nil {
		...
	}
	...
}

The pubKeyId will be used at verification time.

Verifying

Verifying requires an application to use the pubKeyId to both retrieve the key
needed for verification as well as determine the algorithm to use. Use a
Verifier:

func verify(r *http.Request) error {
	verifier, err := httpsig.NewVerifier(r)
	if err != nil {
		return err
	}
	pubKeyId := verifier.KeyId()
	var algo httpsig.Algorithm = ...
	var pubKey crypto.PublicKey = ...
	// The verifier will verify the Digest in addition to the HTTP signature
	return verifier.Verify(pubKey, algo)
}

Verifiers are not safe for concurrent use by goroutines, but since they are
constructed on a per-request or per-response basis it should not be a common
restriction.

Copyright © 2004-2011 by Internet Systems Consortium, Inc. ("ISC")
Copyright © 2018-2024 by 076.moe

Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD
TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.

Clone


About this repository

https://github.com/go-fed/httpsig のフォーク

0

1

0


Last commit

BSD→ISC
2024-04-10T14:14:18+09:00

Relise

作成中・・・

Donate

作成中・・・