signer

package module
v0.0.0-...-6163f98 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2017 License: MIT Imports: 32 Imported by: 0

README

Build Status

中文版本

signer

A high-performance Go(golang) signature algorithm package. Used to sign HTTP requests.

X509 RSA Signature Server

This is a signature server using RSA private key and x509 certifacate

How to use ?

  • BEFORE ALL : Initialize S3 Options
    signer.InitS3Options(APIKEY, APUSECRET, REGION)
  • Step 1 : Parse your root private key and certificate
    root, err := Parsex509RSACert(**root certificate bytes (asn1)**, **root private key bytes (asn1)**)
  • Step 2 : Create a store instance as private key storage ** The Store Should Be Singleton, IT'S THREAD SAFE **
factory := NewRSAStoreFactory(** Tag (eg. dev) **, ** AWS S3 Bucket **, **Root cert from Step 1**, **x509 Subject (*signer.x509Subject)**)
store, err := factory.Create(x509RSAStore_OneToMany) //x509RSAStore_OneToMany: One private key to many client certificate
  • Step 3 : Create RSA Server and Client
server := Newx509RSAServer(**RSA Store from Step 2**)
client, err := server.CreateClient(**Client Identity SHOULD BE UNIQUEU**)
  • Step 4 : Sign
signature, key, err := client.Sign([]byte("testing"))
//signature: the bytes value client should use x509 certificate to verfy
//key: key of x509 certificate uploaded to AWS S3 Service

  • new Sign string array data as default encoding signature, key, err := client.ASN1Sign("Type Lable","section1","section2","section3","section4") //Arguments[0]: separator //Arguments[...]: strings need sign later, client will encode them to default(utf8) encoding.

  • new Sign string array data as ASN.1 encoding

signature, key, err := client.StringsSign("\r\n","section1","section2","section3","section4")
//Arguments[0]: Type of ASN.1 Declaration, eg. 'SAMPLE MESSAGE'
//Arguments[...]: strings need sign later, client will encode them to ASN.1 encoding.

How to verfy ?

We are using openssl signature, almost supported by any program launguage.

  • Here is the parameters you may need :

  • Root RSA Keysize : 2048

  • Root RSA Key Encoding : ASN.1

  • Root Certificate Format : x.509

  • Root Certificate Encoding : ASN.1

  • RSA Keysize : 2048

  • RSA Key Encoding : ASN.1

  • Client Certificate Format : x.509

  • Client Certificate Encoding : ASN.1

  • Here is the parameters of ASN1Sign :

  • Separator: \r\n

  • ASN.1 Declaration Type Auto Turn Upper : enabled

  • Single line max length : 64 letters

How to get root certificates ?

  • Run in bash
openssl genrsa -out rsakey.pem 2048 && \
openssl rsa -in rsakey.pem -pubout -out rsakey.pub && \
openssl req -x509 -new -days 365 -key rsakey.pem -out rootcert.crt

Documentation

Index

Constants

View Source 
const (
	HMACV1Scheme = "FNBUS1-HMAC-SHA256"
)

Variables

This section is empty.

Functions

func InitS3Options 

func InitS3Options(id string, secret string, region string)

func ParseRsaPrivateKey 

func ParseRsaPrivateKey(bytes []byte) (*rsa.PrivateKey, error)

func ParseX509Certificate 

func ParseX509Certificate(bytes []byte) (*x509.Certificate, error)

Types

type HMACSigner 

type HMACSigner interface {
	Sign(r *Request, exp time.Duration) *HMACSigningResult
}

A HMACSigner is the interface for any component which will provide HMAC signature algorithm.

type HMACSignerV1 

type HMACSignerV1 struct {
	Key                    string
	Identifier             string
	Logger                 *log.Logger
	DisableHeaderHoisting  bool
	DisableURIPathEscaping bool
	// contains filtered or unexported fields
}

func NewHMACSignerV1 

func NewHMACSignerV1(id, key string, options ...func(*HMACSignerV1)) *HMACSignerV1

NewHMACSignerV1 returns a HMACSignerV1 pointer

func (*HMACSignerV1) Sign 

func (v1 *HMACSignerV1) Sign(r *Request, exp time.Duration) *HMACSigningResult

type HMACSigningResult 

type HMACSigningResult struct {
	Signature string
	Header    http.Header
}

SigningResult is a signing result strcuture

type HMACValidator 

type HMACValidator interface {
	Verify(r *Request) bool
}

A HMACValidator is the interface for any component which will provide HMAC signature validate.

type HMACValidatorV1 

type HMACValidatorV1 struct {
	Logger                 *log.Logger
	DisableHeaderHoisting  bool
	DisableURIPathEscaping bool
	// contains filtered or unexported fields
}

func NewHMACValidatorV1 

func NewHMACValidatorV1(h func(string) (string, error), options ...func(*HMACValidatorV1)) *HMACValidatorV1

NewHMACValidatorV1 returns a HMACValidatorV1 pointer

func (*HMACValidatorV1) Verify 

func (v1 *HMACValidatorV1) Verify(r *Request) bool

type RSACert 

type RSACert interface {
	GetSerialNumber() *big.Int
	GetCertificate() *x509.Certificate
	GetPrivateKey() *rsa.PrivateKey

	GetCertificateBytes() []byte
	GetPrivateKeyBytes() []byte
}

func Parsex509RSACert 

func Parsex509RSACert(certificateBytes []byte, privateKeyBytes []byte) (RSACert, error)

type RSACertAccessor 

type RSACertAccessor interface {
	Upload(body []byte) (string, error)
	Download() ([]byte, error)
}

func ParseS3URI 

func ParseS3URI(uri string) (RSACertAccessor, error)

ParseS3URI sample : s3://default/sampleBucket/?key=sampleKey&profile=Profile1 .

func ParseURI 

func ParseURI(urlStr string) (RSACertAccessor, error)

func ResolveFileURI 

func ResolveFileURI(uri string) (RSACertAccessor, error)

type RSACertFileAccessor 

type RSACertFileAccessor struct {
	// contains filtered or unexported fields
}

func (*RSACertFileAccessor) Download 

func (u *RSACertFileAccessor) Download() ([]byte, error)

func (*RSACertFileAccessor) Upload 

func (u *RSACertFileAccessor) Upload(body []byte) (string, error)

type RSACertIssuor 

type RSACertIssuor interface {
	GetRootCert() RSACert
	Issue(subject *X509Subject) (RSACert, error)
}

func Newx509RSACertIssuor 

func Newx509RSACertIssuor(root RSACert, priKey *rsa.PrivateKey) RSACertIssuor

type RSACertS3Accessor 

type RSACertS3Accessor struct {
	Region  string
	Bucket  string
	Key     string
	Profile string
}

func (*RSACertS3Accessor) Download 

func (u *RSACertS3Accessor) Download() ([]byte, error)

func (*RSACertS3Accessor) Session 

func (u *RSACertS3Accessor) Session() *session.Session

func (*RSACertS3Accessor) Upload 

func (u *RSACertS3Accessor) Upload(body []byte) (string, error)

type RSAClient 

type RSAClient interface {
	Sign(input []byte) ([]byte, string, error)
	ASN1Sign(typ string, payloads ...string) ([]byte, string, error)
	StringsSign(separator string, payloads ...string) ([]byte, string, error)
}

type RSADescriptor 

type RSADescriptor interface {
	PrivateKey() *rsa.PrivateKey
	Certificate() string
	ClientID() string
}

func Newx509RSADescriptor 

func Newx509RSADescriptor(clientID string,
	certificate string,
	privateKey *rsa.PrivateKey) RSADescriptor

type RSADescriptorCollection 

type RSADescriptorCollection struct {
	// contains filtered or unexported fields
}

func NewRSADescriptorCollection 

func NewRSADescriptorCollection() *RSADescriptorCollection

func (*RSADescriptorCollection) AddOrReplace 

func (c *RSADescriptorCollection) AddOrReplace(item RSADescriptor)

func (*RSADescriptorCollection) AnyClientID 

func (c *RSADescriptorCollection) AnyClientID(clientID string) bool

func (*RSADescriptorCollection) FirstClientID 

func (c *RSADescriptorCollection) FirstClientID(clientID string) RSADescriptor

func (*RSADescriptorCollection) RemoveClientID 

func (c *RSADescriptorCollection) RemoveClientID(clientID string)

type RSAServer 

type RSAServer interface {
	CreateClient(clientID string) (RSAClient, error)
}

func Newx509RSAServer 

func Newx509RSAServer(store RSAStore) RSAServer

type RSASigner 

type RSASigner interface {
	Sign(bytes []byte, key *rsa.PrivateKey) ([]byte, error)
}

func Newx509RSASigner 

func Newx509RSASigner() RSASigner

type RSAStore 

type RSAStore interface {
	SetTag(tag string)
	Tag() string

	Certificate(clientID string) (RSADescriptor, error)
}

type RSAStoreFactory 

type RSAStoreFactory struct {
	// contains filtered or unexported fields
}

func NewRSAStoreFactory 

func NewRSAStoreFactory(tag string, bucket string, rootCert RSACert, subject *X509Subject) *RSAStoreFactory

func NewRSAStoreFactoryFrom 

func NewRSAStoreFactoryFrom(tag string, bucket string, rootPriKeyUrl string, rootCertUrl string, subject *X509Subject) (*RSAStoreFactory, error)

func (*RSAStoreFactory) Create 

func (factory *RSAStoreFactory) Create(mode X509RSAStoreMode) (RSAStore, error)

type Request 

type Request struct {
	Body   io.ReadSeeker
	URL    *url.URL
	Header http.Header
	Method string
}

A Request is an abstract representation of a http request.

type S3Options 

type S3Options struct {
	// contains filtered or unexported fields
}

func GetS3Options 

func GetS3Options() *S3Options

func (*S3Options) GetAppId 

func (s *S3Options) GetAppId() string

func (*S3Options) GetAppSecret 

func (s *S3Options) GetAppSecret() string

func (*S3Options) GetRegion 

func (s *S3Options) GetRegion() string

type X509RSAStoreMode 

type X509RSAStoreMode int
const (
	X509RSAStore_OneToMany X509RSAStoreMode
	X509RSAStore_Test
)

type X509Subject 

type X509Subject struct {
	Country            []string
	Orianization       []string
	OrianizationalUnit []string
	Province           []string
	CommonName         string
	Locality           []string
	NotBefore          time.Time
	NotAfter           time.Time
	ExtKeyUsage        []x509.ExtKeyUsage
	KeyUsage           x509.KeyUsage
	IsRoot             bool
}

func GetDefaultSubject 

func GetDefaultSubject() *X509Subject

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.