grafana/vendor/github.com/russellhaering/goxmldsig
gotjosh e6b8a1529b
SAML: Configuration defaults, examples and dependencies (#17954)
* Add SAML configuration options

* Add crewjam/saml as a depdency

Needed as part of the enterprise SAML integration.

* Vendor github.com/stretchr/testify/require

The package require implements the same assertions as the `assert` package but stops test execution when a test fails.
2019-07-05 11:27:14 +01:00
..
etreeutils SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
types SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
.gitignore SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
canonicalize.go SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
clock.go SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
keystore.go SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
LICENSE SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
README.md SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
run_test.sh SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
sign.go SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
tls_keystore.go SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
validate.go SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00
xml_constants.go SAML: Configuration defaults, examples and dependencies (#17954) 2019-07-05 11:27:14 +01:00

goxmldsig

Build Status GoDoc

XML Digital Signatures implemented in pure Go.

Installation

Install goxmldsig into your $GOPATH using go get:

$ go get github.com/russellhaering/goxmldsig

Usage

Signing

package main

import (
    "github.com/beevik/etree"
    "github.com/russellhaering/goxmldsig"
)

func main() {
    // Generate a key and self-signed certificate for signing
    randomKeyStore := dsig.RandomKeyStoreForTest()
    ctx := dsig.NewDefaultSigningContext(randomKeyStore)
    elementToSign := &etree.Element{
        Tag: "ExampleElement",
    }
    elementToSign.CreateAttr("ID", "id1234")

    // Sign the element
    signedElement, err := ctx.SignEnveloped(elementToSign)
    if err != nil {
        panic(err)
    }

    // Serialize the signed element. It is important not to modify the element
    // after it has been signed - even pretty-printing the XML will invalidate
    // the signature.
    doc := etree.NewDocument()
    doc.SetRoot(signedElement)
    str, err := doc.WriteToString()
    if err != nil {
        panic(err)
    }

    println(str)
}

Signature Validation

// Validate an element against a root certificate
func validate(root *x509.Certificate, el *etree.Element) {
    // Construct a signing context with one or more roots of trust.
    ctx := dsig.NewDefaultValidationContext(&dsig.MemoryX509CertificateStore{
        Roots: []*x509.Certificate{root},
    })

    // It is important to only use the returned validated element.
    // See: https://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed
    validated, err := ctx.Validate(el)
    if err != nil {
        panic(err)
    }

    doc := etree.NewDocument()
    doc.SetRoot(validated)
    str, err := doc.WriteToString()
    if err != nil {
        panic(err)
    }

    println(str)
}

Limitations

This library was created in order to implement SAML 2.0 without needing to execute a command line tool to create and validate signatures. It currently only implements the subset of relevant standards needed to support that implementation, but I hope to make it more complete over time. Contributions are welcome.