Merge 1f91033 into 3bdce76

apidef/api_definitions.go

@@ -498,10 +498,12 @@ type BundleManifest struct {
 }
 
 type RequestSigningMeta struct {
-	IsEnabled bool   `bson:"is_enabled" json:"is_enabled"`
-	Secret    string `bson:"secret" json:"secret"`
-	KeyId     string `bson:"key_id" json:"key_id"`
-	Algorithm string `bson:"algorithm" json:"algorithm"`
+	IsEnabled     bool     `bson:"is_enabled" json:"is_enabled"`
+	Secret        string   `bson:"secret" json:"secret"`
+	KeyId         string   `bson:"key_id" json:"key_id"`
+	Algorithm     string   `bson:"algorithm" json:"algorithm"`
+	HeaderList    []string `bson:"header_list" json:"header_list"`
+	CertificateId string   `bson:"certificate_id" json:"certificate_id"`
 }
 
 // Clean will URL encode map[string]struct variables for saving

certs/manager.go

@@ -331,6 +331,42 @@ func (c *CertificateManager) ListPublicKeys(keyIDs []string) (out []string) {
 	return out
 }
 
+// Returns list of fingerprints
+func (c *CertificateManager) ListRawPublicKey(keyID string) (out interface{}) {
+	var rawKey []byte
+	var err error
+
+	if isSHA256(keyID) {
+		var val string
+		val, err = c.storage.GetKey("raw-" + keyID)
+		if err != nil {
+			c.logger.Warn("Can't retrieve public key from Redis:", keyID, err)
+			return nil
+		}
+		rawKey = []byte(val)
+	} else {
+		rawKey, err = ioutil.ReadFile(keyID)
+		if err != nil {
+			c.logger.Error("Error while reading public key from file:", keyID, err)
+			return nil
+		}
+	}
+
+	block, _ := pem.Decode(rawKey)
+	if block == nil {
+		c.logger.Error("Can't parse public key:", keyID)
+		return nil
+	}
+
+	out, err = x509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		c.logger.Error("Error while parsing public key:", keyID, err)
+		return nil
+	}
+
+	return out
+}
+
 func (c *CertificateManager) ListAllIds(prefix string) (out []string) {
 	keys := c.storage.GetKeys("raw-" + prefix + "*")
 

gateway/api_loader.go

@@ -316,7 +316,7 @@ func processSpec(spec *APISpec, apisByListen map[string]int,
 			logger.Info("Checking security policy: Basic")
 		}
 
-		if mwAppendEnabled(&authArray, &HMACMiddleware{BaseMiddleware: baseMid}) {
+		if mwAppendEnabled(&authArray, &HTTPSignatureValidationMiddleware{BaseMiddleware: baseMid}) {
 			logger.Info("Checking security policy: HMAC")
 		}
 

gateway/middleware.go

@@ -418,6 +418,7 @@ func (t BaseMiddleware) ApplyPolicies(session *user.SessionState) error {
 					rights[k] = v
 				}
 				session.HMACEnabled = policy.HMACEnabled
+				session.EnableHTTPSignatureValidation = policy.EnableHTTPSignatureValidation
 			}
 		} else {
 			if len(policies) > 1 {
@@ -443,6 +444,7 @@ func (t BaseMiddleware) ApplyPolicies(session *user.SessionState) error {
 			// ACL
 			rights = policy.AccessRights
 			session.HMACEnabled = policy.HMACEnabled
+			session.EnableHTTPSignatureValidation = policy.EnableHTTPSignatureValidation
 		}
 
 		// Required for all