Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-14 12:38:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 143
fleet/third_party/httpsig-go/accept.go

69 lines
1.8 KiB
Go
Raw Normal View History

Added a vendored version of httpsig-go. (#30820) For #30473 This change adds a vendored `httpsig-go` library to our repo. We cannot use the upstream library because it has not merged the change we need: https://github.com/remitly-oss/httpsig-go/pull/25 Thus, we need our own copy at this point. The instructions for keeping this library up to date (if needed) are in `UPDATE_INSTRUCTIONS`. None of the coderabbitai review comments are relevant to the code/features we are going to use for HTTP message signatures. We will use this library in subsequent PRs for the TPM-backed HTTP message signature feature. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Introduced a Go library for HTTP message signing and verification, supporting multiple cryptographic algorithms (RSA, ECDSA, Ed25519, HMAC). * Added utilities for key management, including JWK and PEM key handling. * Provided HTTP client and server helpers for automatic request signing and signature verification. * Implemented structured error handling and metadata extraction for signatures. * **Documentation** * Added comprehensive README, usage examples, and update instructions. * Included license and configuration files for third-party and testing tools. * **Tests** * Added extensive unit, integration, and fuzz tests covering signing, verification, and key handling. * Included official RFC test vectors and various test data files for robust validation. * **Chores** * Integrated continuous integration workflows and ignore files for code quality and security analysis. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-14 18:26:50 +00:00
package httpsig
import (
"fmt"
sfv "github.com/dunglas/httpsfv"
)
type AcceptSignature struct {
Profile SigningProfile
MetaNonce string // 'nonce'
MetaKeyID string // 'keyid'
MetaTag string // 'tag' - No default. A value must be provided if the parameter is in Metadata.
}
func ParseAcceptSignature(acceptHeader string) (AcceptSignature, error) {
as := AcceptSignature{}
acceptDict, err := sfv.UnmarshalDictionary([]string{acceptHeader})
if err != nil {
return as, newError(ErrInvalidAcceptSignature, "Unable to parse Accept-Signature value", err)
}
profiles := acceptDict.Names()
if len(profiles) == 0 {
return as, newError(ErrMissingAcceptSignature, "No Accept-Signature value")
}
label := profiles[0]
profileItems, _ := acceptDict.Get(label)
profileList, isList := profileItems.(sfv.InnerList)
if !isList {
return as, newError(ErrInvalidAcceptSignature, "Unable to parse Accept-Signature value. Accept-Signature must be a dictionary.")
}
fields := []string{}
for _, componentItem := range profileList.Items {
field, ok := componentItem.Value.(string)
if !ok {
return as, newError(ErrInvalidAcceptSignature, fmt.Sprintf("Invalid signature component '%v', Components must be strings", componentItem.Value))
}
fields = append(fields, field)
}
as.Profile = SigningProfile{
Fields: Fields(fields...),
Label: label,
Metadata: []Metadata{},
}
md := metadataProviderFromParams{profileList.Params}
for _, meta := range profileList.Params.Names() {
as.Profile.Metadata = append(as.Profile.Metadata, Metadata(meta))
switch Metadata(meta) {
case MetaNonce:
as.MetaNonce, _ = md.Nonce()
case MetaAlgorithm:
alg, _ := md.Alg()
as.Profile.Algorithm = Algorithm(alg)
case MetaKeyID:
as.MetaKeyID, _ = md.KeyID()
case MetaTag:
as.MetaTag, _ = md.Tag()
}
}
return as, nil
}
Reference in a new issue Copy permalink