From 9f502930ea3c8949f64f78ead081512253f596ae Mon Sep 17 00:00:00 2001
From: Vikrant Balyan <vvb@users.noreply.github.com>
Date: Mon, 16 Jan 2023 20:51:53 +0530
Subject: [PATCH] [Go] Adds a sha256 configuration option to hs2019 (#14467)

* enables configuration of sha256 with hs2019

* committing generated examples

Co-authored-by: Aanisha Mishra <aanisha.mishra05@gmail.com>
Co-authored-by: Sebastien Rosset <serosset@cisco.com>
---
 .../src/main/resources/go/signing.mustache     | 18 +++++++++++++++++-
 .../client/petstore/go/go-petstore/signing.go  | 18 +++++++++++++++++-
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/modules/openapi-generator/src/main/resources/go/signing.mustache b/modules/openapi-generator/src/main/resources/go/signing.mustache
index 6400d0265ea4..d11d1cb7d93d 100644
--- a/modules/openapi-generator/src/main/resources/go/signing.mustache
+++ b/modules/openapi-generator/src/main/resources/go/signing.mustache
@@ -67,6 +67,12 @@ const (
 	// Calculate the message signature using probabilistic signature scheme RSASSA-PSS.
 	// PSS is randomized and will produce a different signature value each time.
 	HttpSigningAlgorithmRsaPSS string = "RSASSA-PSS"
+
+	// HashAlgorithm Sha256 for generating hash
+	HttpHashAlgorithmSha256 string = "sha256"
+
+	// HashAlgorithm Sha512 for generating hash
+	HttpHashAlgorithmSha512 string = "sha512"
 )
 
 var supportedSigningSchemes = map[string]bool{
@@ -107,6 +113,7 @@ type HttpSignatureAuth struct {
 	// The signature algorithm, when signing HTTP requests.
 	// Supported values are RSASSA-PKCS1-v1_5, RSASSA-PSS.
 	SigningAlgorithm  string
+	HashAlgorithm string                // supported values are sha256 and sha512. This also allows using sha256 with hs2019, which defaults to sha512.
 	SignedHeaders     []string          // A list of HTTP headers included when generating the signature for the message.
 	// SignatureMaxValidity specifies the maximum duration of the signature validity.
 	// The value is used to set the '(expires)' signature parameter in the HTTP request.
@@ -270,13 +277,22 @@ func SignRequest(
 	}
 	// Determine the cryptographic hash to be used for the signature and the body digest.
 	switch auth.SigningScheme {
-	case HttpSigningSchemeRsaSha512, HttpSigningSchemeHs2019:
+	case HttpSigningSchemeRsaSha512:
 		h = crypto.SHA512
 		prefix = "SHA-512="
 	case HttpSigningSchemeRsaSha256:
 		// This is deprecated and should no longer be used.
 		h = crypto.SHA256
 		prefix = "SHA-256="
+	case HttpSigningSchemeHs2019:
+		if auth.HashAlgorithm == HttpHashAlgorithmSha256 {
+			h = crypto.SHA256
+			prefix = "SHA-256="
+		} else {
+			h = crypto.SHA512
+			prefix = "SHA-512="
+		}
+
 	default:
 		return fmt.Errorf("unsupported signature scheme: %v", auth.SigningScheme)
 	}
diff --git a/samples/openapi3/client/petstore/go/go-petstore/signing.go b/samples/openapi3/client/petstore/go/go-petstore/signing.go
index 6a6a756ff147..ead08f149de9 100644
--- a/samples/openapi3/client/petstore/go/go-petstore/signing.go
+++ b/samples/openapi3/client/petstore/go/go-petstore/signing.go
@@ -76,6 +76,12 @@ const (
 	// Calculate the message signature using probabilistic signature scheme RSASSA-PSS.
 	// PSS is randomized and will produce a different signature value each time.
 	HttpSigningAlgorithmRsaPSS string = "RSASSA-PSS"
+
+	// HashAlgorithm Sha256 for generating hash
+	HttpHashAlgorithmSha256 string = "sha256"
+
+	// HashAlgorithm Sha512 for generating hash
+	HttpHashAlgorithmSha512 string = "sha512"
 )
 
 var supportedSigningSchemes = map[string]bool{
@@ -116,6 +122,7 @@ type HttpSignatureAuth struct {
 	// The signature algorithm, when signing HTTP requests.
 	// Supported values are RSASSA-PKCS1-v1_5, RSASSA-PSS.
 	SigningAlgorithm  string
+	HashAlgorithm string                // supported values are sha256 and sha512. This also allows using sha256 with hs2019, which defaults to sha512.
 	SignedHeaders     []string          // A list of HTTP headers included when generating the signature for the message.
 	// SignatureMaxValidity specifies the maximum duration of the signature validity.
 	// The value is used to set the '(expires)' signature parameter in the HTTP request.
@@ -279,13 +286,22 @@ func SignRequest(
 	}
 	// Determine the cryptographic hash to be used for the signature and the body digest.
 	switch auth.SigningScheme {
-	case HttpSigningSchemeRsaSha512, HttpSigningSchemeHs2019:
+	case HttpSigningSchemeRsaSha512:
 		h = crypto.SHA512
 		prefix = "SHA-512="
 	case HttpSigningSchemeRsaSha256:
 		// This is deprecated and should no longer be used.
 		h = crypto.SHA256
 		prefix = "SHA-256="
+	case HttpSigningSchemeHs2019:
+		if auth.HashAlgorithm == HttpHashAlgorithmSha256 {
+			h = crypto.SHA256
+			prefix = "SHA-256="
+		} else {
+			h = crypto.SHA512
+			prefix = "SHA-512="
+		}
+
 	default:
 		return fmt.Errorf("unsupported signature scheme: %v", auth.SigningScheme)
 	}