-
Notifications
You must be signed in to change notification settings - Fork 0
/
verifierOption.go
67 lines (59 loc) · 2.07 KB
/
verifierOption.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package sigs
import "crypto"
// VerifierOption is a function that modifies a Verifier
type VerifierOption func(*Verifier)
// VerifierFields sets the list of http.Request fields that
// MUST ALL be present in the "Signature" header from a
// remote server for a signature to be accepted. Extra
// fields are allowed in the Signature, and will still
// be verified.
func VerifierFields(fields ...string) VerifierOption {
return func(verifier *Verifier) {
verifier.Fields = fields
}
}
// VerifierDigests sets the list of algorithms that we will
// accept from remote servers when they create a "Digest"
// http header. ALL recognized digests must be valid to
// pass, and AT LEAST ONE of the algorithms must be from
// this list.
func VerifierBodyDigests(digests ...crypto.Hash) VerifierOption {
return func(verifier *Verifier) {
verifier.BodyDigests = digests
}
}
// VerifierSignatureHashes sets the hashing algorithms to use
// when validating the "Signature" header. Hashes are tried
// in order, and the FIRST successful match returns success.
// If ALL hash attempts fail, then validation fails.
func VerifierSignatureHashes(hashes ...crypto.Hash) VerifierOption {
return func(verifier *Verifier) {
verifier.SignatureHashes = hashes
}
}
// VerifierTimeout sets the maximum age of a request and
// signature (in seconds). Messages received after this
// time duration will be rejected.
// Default is 43200 seconds (12 hours).
func VerifierTimeout(seconds int) VerifierOption {
return func(verifier *Verifier) {
verifier.Timeout = seconds
}
}
// VerifierIgnoreTimeout sets the verifier to ignore
// message and signature time stamps. This is useful
// for testing signatures, but should not be used in
// production.
func VerifierIgnoreTimeout() VerifierOption {
return func(verifier *Verifier) {
verifier.Timeout = 0
}
}
// VerifierIgnoreBodyDigest sets the verifier to ignore
// the "Digest" header. This is useful for testing
// but should not be used in production.
func VerifierIgnoreBodyDigest() VerifierOption {
return func(verifier *Verifier) {
verifier.CheckDigest = false
}
}