Documentation
¶
Overview ¶
Package signer creates a signature over a HTTP request.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Algorithm ¶
type Algorithm interface {
Type() string
Sign(ctx context.Context, base string) ([]byte, error)
// ContentDigest specifies the HTTP body digest algorithm
// to use when covering the 'content-digest' component
// on an HTTP request.
ContentDigest() contentdigest.Digester
}
Algorithm is an interface for signing HTTP requests. The Type must be a valid entry in the HTTP Signature Algorithms registry https://www.rfc-editor.org/rfc/rfc9421.html#name-initial-contents
type Labeler ¶
Labeler generate a label to be used for a HTTP signature.
An HTTP message signature is identified by a label within an HTTP message. This label MUST be unique within a given HTTP message and MUST be used in both the Signature-Input field and the Signature field. The label is chosen by the signer, except where a specific label is dictated by protocol negotiations such as those described in Section 5.
type Transport ¶
type Transport struct {
// KeyID is the identifier for the key to use for signing requests.
KeyID string
// Tag is an application-specific tag for the signature as a String value.
// This value is used by applications to help identify signatures relevant for specific applications or protocols.
// See: https://www.rfc-editor.org/rfc/rfc9421.html#section-2.3-4.12
Tag string
// Alg is the signing algorithm to use.
Alg Algorithm
// CoveredComponents specify the components of the request
// to be covered with the signature.
//
// An ordered set of HTTP message component identifiers for fields (Section 2.1)
// and derived components (Section 2.2) that indicates the set of message components
// covered by the signature, never including the @signature-params identifier itself.
// The order of this set is preserved and communicated between the signer and verifier
// to facilitate reconstruction of the signature base.
//
// See: https://www.rfc-editor.org/rfc/rfc9421.html#section-1.1-7.18.1
CoveredComponents []string
// GetNonce can optionally be provided to override the built-in
// nonce generation function. If the provided Nonce function
// returns an empty string, a nonce will not be included
// in the signed request.
//
// If Nonce is not provided, a random 32 byte string
// will be used as the nonce.
//
// Including a nonce is recommended. We do not recommend
// overriding the default behaviour here.
//
// See: https://www.rfc-editor.org/rfc/rfc9421.html#section-2.3-4.6
GetNonce func() (string, error)
// BaseTransport is the underlying HTTP transport to use
// for sending requests after they have been signed.
//
// If nil, http.DefaultTransport is used.
BaseTransport http.RoundTripper
// OnDeriveSigningString is a hook which can be used to log
// the string to sign.
//
// This can be useful for debugging signature errors,
// as you can compare the base signing string between the client
// and server.
OnDeriveSigningString func(ctx context.Context, stringToSign string)
}
Transport is a HTTP RoundTripper which authenticates outgoing requests using HTTP Message Signatures.
The signature schema adheres to RFC9421. See: https://www.rfc-editor.org/rfc/rfc9421.html
func (*Transport) RoundTrip ¶
RoundTrip implements the http.RoundTripper interface.
This method will update the 'Signature-Input' and 'Signature' headers with a signature derived from the signing algorithm specified with the 'Alg' field.
func (*Transport) Sign ¶
Sign a HTTP request following the process described in https://www.rfc-editor.org/rfc/rfc9421.html#section-3.1.
This method will update the 'Signature-Input' and 'Signature' headers with a signature derived from the signing algorithm specified with the 'Alg' field.
Source Files