Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-10 02:30:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 94
fleet/third_party/httpsig-go/keyman/keyman.go
Victor Lyuboslavsky c25fed2492
Added a vendored version of httpsig-go. (#30820) 
For #30473

This change adds a vendored `httpsig-go` library to our repo. We cannot
use the upstream library because it has not merged the change we need:
https://github.com/remitly-oss/httpsig-go/pull/25

Thus, we need our own copy at this point.

The instructions for keeping this library up to date (if needed) are in
`UPDATE_INSTRUCTIONS`.

None of the coderabbitai review comments are relevant to the
code/features we are going to use for HTTP message signatures.

We will use this library in subsequent PRs for the TPM-backed HTTP
message signature feature.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Introduced a Go library for HTTP message signing and verification,
supporting multiple cryptographic algorithms (RSA, ECDSA, Ed25519,
HMAC).
* Added utilities for key management, including JWK and PEM key
handling.
* Provided HTTP client and server helpers for automatic request signing
and signature verification.
* Implemented structured error handling and metadata extraction for
signatures.

* **Documentation**
  * Added comprehensive README, usage examples, and update instructions.
* Included license and configuration files for third-party and testing
tools.

* **Tests**
* Added extensive unit, integration, and fuzz tests covering signing,
verification, and key handling.
* Included official RFC test vectors and various test data files for
robust validation.

* **Chores**
* Integrated continuous integration workflows and ignore files for code
quality and security analysis.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-14 20:26:50 +02:00

34 lines
908 B
Go
Raw Blame History

// keyman provides key management functionality
package keyman
import (
"context"
"fmt"
"net/http"
"github.com/remitly-oss/httpsig-go"
)
// KeyFetchInMemory implements KeyFetcher for public keys stored in memory.
type KeyFetchInMemory struct {
pubkeys map[string]httpsig.KeySpec
}
func NewKeyFetchInMemory(pubkeys map[string]httpsig.KeySpec) *KeyFetchInMemory {
if pubkeys == nil {
pubkeys = map[string]httpsig.KeySpec{}
}
return &KeyFetchInMemory{pubkeys}
}
func (kf *KeyFetchInMemory) FetchByKeyID(ctx context.Context, rh http.Header, keyID string) (httpsig.KeySpecer, error) {
ks, found := kf.pubkeys[keyID]
if !found {
return nil, fmt.Errorf("Key for keyid '%s' not found", keyID)
}
return ks, nil
}
func (kf *KeyFetchInMemory) Fetch(context.Context, http.Header, httpsig.MetadataProvider) (httpsig.KeySpecer, error) {
return nil, fmt.Errorf("Fetch without keyid not supported")
}
Reference in a new issue View git blame Copy permalink