2020-08-12 14:03:11 +00:00
|
|
|
package signature
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
|
|
|
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
)
|
|
|
|
|
|
|
|
type SignedRequest interface {
|
2020-08-12 15:20:04 +00:00
|
|
|
RequestBody() DataSource
|
|
|
|
RequestMetaHeader() DataSource
|
2020-08-12 14:03:11 +00:00
|
|
|
OriginVerificationHeader() DataSource
|
|
|
|
|
|
|
|
SetBodySignatureWithKey(key, sig []byte)
|
|
|
|
BodySignatureWithKey() (key, sig []byte)
|
|
|
|
|
|
|
|
SetMetaSignatureWithKey(key, sig []byte)
|
|
|
|
MetaSignatureWithKey() (key, sig []byte)
|
|
|
|
|
|
|
|
SetOriginSignatureWithKey(key, sig []byte)
|
|
|
|
OriginSignatureWithKey() (key, sig []byte)
|
|
|
|
}
|
|
|
|
|
|
|
|
func SignRequest(key *ecdsa.PrivateKey, src SignedRequest) error {
|
|
|
|
if src == nil {
|
|
|
|
return errors.New("nil source")
|
|
|
|
}
|
|
|
|
|
|
|
|
// sign body
|
2020-08-12 15:20:04 +00:00
|
|
|
if err := SignDataWithHandler(key, src.RequestBody(), src.SetBodySignatureWithKey); err != nil {
|
2020-08-12 14:03:11 +00:00
|
|
|
return errors.Wrap(err, "could not sign body")
|
|
|
|
}
|
|
|
|
|
|
|
|
// sign meta
|
2020-08-12 15:20:04 +00:00
|
|
|
if err := SignDataWithHandler(key, src.RequestMetaHeader(), src.SetMetaSignatureWithKey); err != nil {
|
2020-08-12 14:03:11 +00:00
|
|
|
return errors.Wrap(err, "could not sign meta header")
|
|
|
|
}
|
|
|
|
|
|
|
|
// sign verify origin
|
|
|
|
if err := SignDataWithHandler(key, src.OriginVerificationHeader(), src.SetOriginSignatureWithKey); err != nil {
|
|
|
|
return errors.Wrap(err, "could not sign verification header origin")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func VerifyRequest(src SignedRequest) error {
|
|
|
|
// verify body signature
|
2020-08-12 15:20:04 +00:00
|
|
|
if err := VerifyDataWithSource(src.RequestBody(), src.BodySignatureWithKey); err != nil {
|
2020-08-12 14:03:11 +00:00
|
|
|
return errors.Wrap(err, "could not verify body")
|
|
|
|
}
|
|
|
|
|
|
|
|
// verify meta header
|
2020-08-12 15:20:04 +00:00
|
|
|
if err := VerifyDataWithSource(src.RequestMetaHeader(), src.MetaSignatureWithKey); err != nil {
|
2020-08-12 14:03:11 +00:00
|
|
|
return errors.Wrap(err, "could not verify meta header")
|
|
|
|
}
|
|
|
|
|
|
|
|
// verify verification header origin
|
|
|
|
if err := VerifyDataWithSource(src.OriginVerificationHeader(), src.OriginSignatureWithKey); err != nil {
|
|
|
|
return errors.Wrap(err, "could not verify verification header origin")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|