Exemple #1
0
// ECSignRequest signs a http request using the private key specified
// Signature changes if:
// 	remote address changes
// 	request URI changes
// 	request header is deleted
// 	request header is added
// 	request header is modified
//
// Signature doesn't change if:
// 	request header ordering is changed
func ECSignRequest(req *http.Request, pattern *util.SignaturePattern, private_key_hex string) error {
	hash := util.HashRequest(req, pattern)
	signature_hex, err := Sign(hash, private_key_hex)
	if err != nil {
		return err
	}
	req.Header.Set(REQ_HEADER_SIGNATURE, signature_hex)
	return nil
}
Exemple #2
0
// ECVerifyRequest checks earlier signed http request signature using public key specified to ensure request was not altered
func ECVerifyRequest(req *http.Request, pattern *util.SignaturePattern, public_key_hex string) bool {
	hash := util.HashRequest(req, pattern)
	signature_hex := req.Header.Get(REQ_HEADER_SIGNATURE)
	if signature_hex == "" {
		return false
	}
	verify, err := Verify(hash, public_key_hex, signature_hex)
	if err != nil {
		return false
	}
	return verify
}