refactor:

- merge xmldsig and xmlenc into a single package - implement thread-safe error capture - implement encryption using libxmlsec, discarding the go implementation
2015-12-23 10:46:11 -05:00
parent 004226098f
commit 45f8aa9eeb
12 changed files with 868 additions and 539 deletions
--- a/signature.go
+++ b/signature.go
@@ -0,0 +1,68 @@
+package xmlsec
+
+import (
+	"encoding/base64"
+	"encoding/pem"
+	"encoding/xml"
+)
+
+// Method is part of Signature.
+type Method struct {
+	Algorithm string `xml:",attr"`
+}
+
+// Signature is a model for the Signature object specified by XMLDSIG. This is
+// convenience object when constructing XML that you'd like to sign. For example:
+//
+//    type Foo struct {
+//       Stuff string
+//       Signature Signature
+//    }
+//
+//    f := Foo{Suff: "hello"}
+//    f.Signature = DefaultSignature()
+//    buf, _ := xml.Marshal(f)
+//    buf, _ = Sign(key, buf)
+//
+type Signature struct {
+	XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Signature"`
+
+	CanonicalizationMethod Method             `xml:"SignedInfo>CanonicalizationMethod"`
+	SignatureMethod        Method             `xml:"SignedInfo>SignatureMethod"`
+	ReferenceTransforms    []Method           `xml:"SignedInfo>Reference>Transforms>Transform"`
+	DigestMethod           Method             `xml:"SignedInfo>Reference>DigestMethod"`
+	DigestValue            string             `xml:"SignedInfo>Reference>DigestValue"`
+	SignatureValue         string             `xml:"SignatureValue"`
+	KeyName                string             `xml:"KeyInfo>KeyName,omitempty"`
+	X509Certificate        *SignatureX509Data `xml:"KeyInfo>X509Data,omitempty"`
+}
+
+type SignatureX509Data struct {
+	X509Certificate string `xml:"X509Certificate,omitempty"`
+}
+
+// DefaultSignature populates a default Signature that uses c14n and SHA1.
+func DefaultSignature(pemEncodedPublicKey []byte) Signature {
+	// xmlsec wants the key to be base64-encoded but *not* wrapped with the
+	// PEM flags
+	pemBlock, _ := pem.Decode(pemEncodedPublicKey)
+	certStr := base64.StdEncoding.EncodeToString(pemBlock.Bytes)
+
+	return Signature{
+		CanonicalizationMethod: Method{
+			Algorithm: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
+		},
+		SignatureMethod: Method{
+			Algorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
+		},
+		ReferenceTransforms: []Method{
+			Method{Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"},
+		},
+		DigestMethod: Method{
+			Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1",
+		},
+		X509Certificate: &SignatureX509Data{
+			X509Certificate: certStr,
+		},
+	}
+}