fedimovies/src/http_signatures/verify.rs

use std::collections::HashMap;

use actix_web::http::{header::HeaderMap, Method, Uri};
use chrono::{DateTime, Duration, TimeZone, Utc};
use regex::Regex;
use rsa::RsaPublicKey;

use fedimovies_utils::crypto_rsa::verify_rsa_sha256_signature;

const SIGNATURE_PARAMETER_RE: &str = r#"^(?P<key>[a-zA-Z]+)="(?P<value>.+)"$"#;

const SIGNATURE_EXPIRES_IN: i64 = 12; // 12 hours

#[derive(thiserror::Error, Debug)]
pub enum HttpSignatureVerificationError {
    #[error("missing signature header")]
    NoSignature,

    #[error("{0}")]
    HeaderError(&'static str),

    #[error("{0}")]
    ParseError(&'static str),

    #[error("invalid encoding")]
    InvalidEncoding(#[from] base64::DecodeError),

    #[error("invalid signature")]
    InvalidSignature,
}

type VerificationError = HttpSignatureVerificationError;

pub struct HttpSignatureData {
    pub key_id: String,
    pub message: String,   // reconstructed message
    pub signature: String, // base64-encoded signature
    pub expires_at: DateTime<Utc>,
}

pub fn parse_http_signature(
    request_method: &Method,
    request_uri: &Uri,
    request_headers: &HeaderMap,
) -> Result<HttpSignatureData, VerificationError> {
    let signature_header = request_headers
        .get("signature")
        .ok_or(VerificationError::NoSignature)?
        .to_str()
        .map_err(|_| VerificationError::HeaderError("invalid signature header"))?;

    let signature_parameter_re = Regex::new(SIGNATURE_PARAMETER_RE).unwrap();
    let mut signature_parameters = HashMap::new();
    for item in signature_header.split(',') {
        let caps = signature_parameter_re
            .captures(item)
            .ok_or(VerificationError::HeaderError("invalid signature header"))?;
        let key = caps["key"].to_string();
        let value = caps["value"].to_string();
        signature_parameters.insert(key, value);
    }

    let key_id = signature_parameters
        .get("keyId")
        .ok_or(VerificationError::ParseError("keyId parameter is missing"))?
        .to_owned();
    let headers_parameter = signature_parameters
        .get("headers")
        .ok_or(VerificationError::ParseError(
            "headers parameter is missing",
        ))?
        .to_owned();
    let signature = signature_parameters
        .get("signature")
        .ok_or(VerificationError::ParseError("signature is missing"))?
        .to_owned();
    let created_at = if let Some(created_at) = signature_parameters.get("created") {
        let create_at_timestamp = created_at
            .parse()
            .map_err(|_| VerificationError::ParseError("invalid timestamp"))?;
        Utc.timestamp_opt(create_at_timestamp, 0)
            .single()
            .ok_or(VerificationError::ParseError("invalid timestamp"))?
    } else {
        let date_str = request_headers
            .get("date")
            .ok_or(VerificationError::ParseError("missing date"))?
            .to_str()
            .map_err(|_| VerificationError::ParseError("invalid date header"))?;
        let date = DateTime::parse_from_rfc2822(date_str)
            .map_err(|_| VerificationError::ParseError("invalid date"))?;
        date.with_timezone(&Utc)
    };
    let expires_at = if let Some(expires_at) = signature_parameters.get("expires") {
        let expires_at_timestamp = expires_at
            .parse()
            .map_err(|_| VerificationError::ParseError("invalid timestamp"))?;
        Utc.timestamp_opt(expires_at_timestamp, 0)
            .single()
            .ok_or(VerificationError::ParseError("invalid timestamp"))?
    } else {
        created_at + Duration::hours(SIGNATURE_EXPIRES_IN)
    };

    let mut message_parts = vec![];
    for header in headers_parameter.split(' ') {
        let message_part = if header == "(request-target)" {
            format!(
                "(request-target): {} {}",
                request_method.as_str().to_lowercase(),
                request_uri.path(),
            )
        } else if header == "(created)" {
            let created =
                signature_parameters
                    .get("created")
                    .ok_or(VerificationError::ParseError(
                        "created parameter is missing",
                    ))?;
            format!("(created): {}", created)
        } else if header == "(expires)" {
            let expires =
                signature_parameters
                    .get("expires")
                    .ok_or(VerificationError::ParseError(
                        "expires parameter is missing",
                    ))?;
            format!("(expires): {}", expires)
        } else {
            let header_value = request_headers
                .get(header)
                .ok_or(VerificationError::HeaderError("missing header"))?
                .to_str()
                .map_err(|_| VerificationError::HeaderError("invalid header value"))?;
            format!("{}: {}", header, header_value)
        };
        message_parts.push(message_part);
    }
    let message = message_parts.join("\n");

    let signature_data = HttpSignatureData {
        key_id,
        message,
        signature,
        expires_at,
    };
    Ok(signature_data)
}

pub fn verify_http_signature(
    signature_data: &HttpSignatureData,
    signer_key: &RsaPublicKey,
) -> Result<(), VerificationError> {
    if signature_data.expires_at < Utc::now() {
        log::warn!("signature has expired");
    };
    let signature = base64::decode(&signature_data.signature)?;
    let is_valid_signature =
        verify_rsa_sha256_signature(signer_key, &signature_data.message, &signature);
    if !is_valid_signature {
        return Err(VerificationError::InvalidSignature);
    };
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::http_signatures::create::create_http_signature;
    use actix_web::http::{
        header,
        header::{HeaderMap, HeaderName, HeaderValue},
        Uri,
    };
    use fedimovies_utils::crypto_rsa::generate_weak_rsa_key;

    #[test]
    fn test_parse_signature() {
        let request_method = Method::POST;
        let request_uri = "/user/123/inbox".parse::<Uri>().unwrap();
        let date = "20 Oct 2022 20:00:00 GMT";
        let mut request_headers = HeaderMap::new();
        request_headers.insert(header::HOST, HeaderValue::from_static("example.com"));
        request_headers.insert(
            HeaderName::from_static("date"),
            HeaderValue::from_str(date).unwrap(),
        );
        let signature_header = concat!(
            r#"keyId="https://myserver.org/actor#main-key","#,
            r#"headers="(request-target) host date","#,
            r#"signature="test""#,
        );
        request_headers.insert(
            HeaderName::from_static("signature"),
            HeaderValue::from_static(signature_header),
        );

        let signature_data =
            parse_http_signature(&request_method, &request_uri, &request_headers).unwrap();
        assert_eq!(signature_data.key_id, "https://myserver.org/actor#main-key");
        assert_eq!(
            signature_data.message,
            "(request-target): post /user/123/inbox\nhost: example.com\ndate: 20 Oct 2022 20:00:00 GMT",
        );
        assert_eq!(signature_data.signature, "test");
        assert!(signature_data.expires_at < Utc::now());
    }

    #[test]
    fn test_create_and_verify_signature() {
        let request_method = Method::POST;
        let request_url = "https://example.org/inbox";
        let request_body = "{}";
        let signer_key = generate_weak_rsa_key().unwrap();
        let signer_key_id = "https://myserver.org/actor#main-key";
        let signed_headers = create_http_signature(
            request_method.clone(),
            request_url,
            request_body,
            &signer_key,
            signer_key_id,
        )
        .unwrap();

        let request_url = request_url.parse::<Uri>().unwrap();
        let mut request_headers = HeaderMap::new();
        request_headers.append(
            HeaderName::from_static("host"),
            HeaderValue::from_str(&signed_headers.host).unwrap(),
        );
        request_headers.append(
            HeaderName::from_static("signature"),
            HeaderValue::from_str(&signed_headers.signature).unwrap(),
        );
        request_headers.append(
            HeaderName::from_static("date"),
            HeaderValue::from_str(&signed_headers.date).unwrap(),
        );
        request_headers.append(
            HeaderName::from_static("digest"),
            HeaderValue::from_str(&signed_headers.digest.unwrap()).unwrap(),
        );
        let signature_data =
            parse_http_signature(&request_method, &request_url, &request_headers).unwrap();

        let signer_public_key = RsaPublicKey::from(signer_key);
        let result = verify_http_signature(&signature_data, &signer_public_key);
        assert!(result.is_ok());
    }
}
Add "algorithm" parameter to HTTP signature 2021-12-27 15:28:05 +00:00			`use std::collections::HashMap;`

Apply cargo fmt 2023-04-24 15:35:32 +00:00			`use actix_web::http::{header::HeaderMap, Method, Uri};`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`use chrono::{DateTime, Duration, TimeZone, Utc};`
Initial commit 2021-04-09 00:22:17 +00:00			`use regex::Regex;`
Refactor http_signatures module 2022-10-23 16:04:02 +00:00			`use rsa::RsaPublicKey;`
Initial commit 2021-04-09 00:22:17 +00:00
Rename to Fedimovies 2023-04-25 13:49:35 +00:00			`use fedimovies_utils::crypto_rsa::verify_rsa_sha256_signature;`
Initial commit 2021-04-09 00:22:17 +00:00
Read HTTP signature expiration date from (expires) pseudo-header 2022-11-29 17:33:57 +00:00			`const SIGNATURE_PARAMETER_RE: &str = r#"^(?P<key>[a-zA-Z]+)="(?P<value>.+)"$"#;`

			`const SIGNATURE_EXPIRES_IN: i64 = 12; // 12 hours`

Initial commit 2021-04-09 00:22:17 +00:00			`#[derive(thiserror::Error, Debug)]`
Add error type for AP authentication errors 2022-10-27 18:23:48 +00:00			`pub enum HttpSignatureVerificationError {`
Never ignore invalid HTTP signatures 2022-12-07 22:10:58 +00:00			`#[error("missing signature header")]`
			`NoSignature,`

Initial commit 2021-04-09 00:22:17 +00:00			`#[error("{0}")]`
			`HeaderError(&'static str),`

			`#[error("{0}")]`
			`ParseError(&'static str),`

Add decoding error type to VerificationError enum 2022-02-11 13:26:25 +00:00			`#[error("invalid encoding")]`
			`InvalidEncoding(#[from] base64::DecodeError),`

Initial commit 2021-04-09 00:22:17 +00:00			`#[error("invalid signature")]`
			`InvalidSignature,`
			`}`

Add error type for AP authentication errors 2022-10-27 18:23:48 +00:00			`type VerificationError = HttpSignatureVerificationError;`

Move verify_signed_request function to activitypub::authentication module 2022-10-23 19:13:05 +00:00			`pub struct HttpSignatureData {`
Make HTTP signature verification compatible with GoToSocial 2022-05-02 23:29:04 +00:00			`pub key_id: String,`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`pub message: String, // reconstructed message`
Initial commit 2021-04-09 00:22:17 +00:00			`pub signature: String, // base64-encoded signature`
Read HTTP signature expiration date from (expires) pseudo-header 2022-11-29 17:33:57 +00:00			`pub expires_at: DateTime<Utc>,`
Initial commit 2021-04-09 00:22:17 +00:00			`}`

Move verify_signed_request function to activitypub::authentication module 2022-10-23 19:13:05 +00:00			`pub fn parse_http_signature(`
Initial commit 2021-04-09 00:22:17 +00:00			`request_method: &Method,`
			`request_uri: &Uri,`
			`request_headers: &HeaderMap,`
Refactor http_signatures module 2022-10-23 16:04:02 +00:00			`) -> Result<HttpSignatureData, VerificationError> {`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let signature_header = request_headers`
			`.get("signature")`
Never ignore invalid HTTP signatures 2022-12-07 22:10:58 +00:00			`.ok_or(VerificationError::NoSignature)?`
Initial commit 2021-04-09 00:22:17 +00:00			`.to_str()`
			`.map_err(\|_\| VerificationError::HeaderError("invalid signature header"))?;`
Add "algorithm" parameter to HTTP signature 2021-12-27 15:28:05 +00:00
			`let signature_parameter_re = Regex::new(SIGNATURE_PARAMETER_RE).unwrap();`
			`let mut signature_parameters = HashMap::new();`
Use profile importer in verify_http_signature function 2021-12-28 18:34:13 +00:00			`for item in signature_header.split(',') {`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let caps = signature_parameter_re`
			`.captures(item)`
Add "algorithm" parameter to HTTP signature 2021-12-27 15:28:05 +00:00			`.ok_or(VerificationError::HeaderError("invalid signature header"))?;`
			`let key = caps["key"].to_string();`
			`let value = caps["value"].to_string();`
			`signature_parameters.insert(key, value);`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`}`
Add "algorithm" parameter to HTTP signature 2021-12-27 15:28:05 +00:00
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let key_id = signature_parameters`
			`.get("keyId")`
Initial commit 2021-04-09 00:22:17 +00:00			`.ok_or(VerificationError::ParseError("keyId parameter is missing"))?`
			`.to_owned();`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let headers_parameter = signature_parameters`
			`.get("headers")`
			`.ok_or(VerificationError::ParseError(`
			`"headers parameter is missing",`
			`))?`
Initial commit 2021-04-09 00:22:17 +00:00			`.to_owned();`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let signature = signature_parameters`
			`.get("signature")`
Initial commit 2021-04-09 00:22:17 +00:00			`.ok_or(VerificationError::ParseError("signature is missing"))?`
			`.to_owned();`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`let created_at = if let Some(created_at) = signature_parameters.get("created") {`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let create_at_timestamp = created_at`
			`.parse()`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`.map_err(\|_\| VerificationError::ParseError("invalid timestamp"))?;`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`Utc.timestamp_opt(create_at_timestamp, 0)`
			`.single()`
Update chrono and remove time v0.1.44 from dependencies 2022-12-03 19:32:36 +00:00			`.ok_or(VerificationError::ParseError("invalid timestamp"))?`
Write warning to log when signature creation date is not known 2022-09-12 21:02:33 +00:00			`} else {`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let date_str = request_headers`
			`.get("date")`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`.ok_or(VerificationError::ParseError("missing date"))?`
			`.to_str()`
			`.map_err(\|_\| VerificationError::ParseError("invalid date header"))?;`
			`let date = DateTime::parse_from_rfc2822(date_str)`
			`.map_err(\|_\| VerificationError::ParseError("invalid date"))?;`
			`date.with_timezone(&Utc)`
Write warning to log when signature creation date is not known 2022-09-12 21:02:33 +00:00			`};`
Read HTTP signature expiration date from (expires) pseudo-header 2022-11-29 17:33:57 +00:00			`let expires_at = if let Some(expires_at) = signature_parameters.get("expires") {`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let expires_at_timestamp = expires_at`
			`.parse()`
Read HTTP signature expiration date from (expires) pseudo-header 2022-11-29 17:33:57 +00:00			`.map_err(\|_\| VerificationError::ParseError("invalid timestamp"))?;`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`Utc.timestamp_opt(expires_at_timestamp, 0)`
			`.single()`
Update chrono and remove time v0.1.44 from dependencies 2022-12-03 19:32:36 +00:00			`.ok_or(VerificationError::ParseError("invalid timestamp"))?`
Read HTTP signature expiration date from (expires) pseudo-header 2022-11-29 17:33:57 +00:00			`} else {`
			`created_at + Duration::hours(SIGNATURE_EXPIRES_IN)`
			`};`
Initial commit 2021-04-09 00:22:17 +00:00
Support (created) and (expires) pseudoheaders in HTTP signatures 2022-09-12 20:08:13 +00:00			`let mut message_parts = vec![];`
Configure linter and fix its warnings 2021-11-13 17:37:31 +00:00			`for header in headers_parameter.split(' ') {`
Support (created) and (expires) pseudoheaders in HTTP signatures 2022-09-12 20:08:13 +00:00			`let message_part = if header == "(request-target)" {`
			`format!(`
			`"(request-target): {} {}",`
			`request_method.as_str().to_lowercase(),`
Add test for HTTP signature verification 2022-10-24 19:47:00 +00:00			`request_uri.path(),`
Support (created) and (expires) pseudoheaders in HTTP signatures 2022-09-12 20:08:13 +00:00			`)`
			`} else if header == "(created)" {`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let created =`
			`signature_parameters`
			`.get("created")`
			`.ok_or(VerificationError::ParseError(`
			`"created parameter is missing",`
			`))?;`
Support (created) and (expires) pseudoheaders in HTTP signatures 2022-09-12 20:08:13 +00:00			`format!("(created): {}", created)`
			`} else if header == "(expires)" {`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let expires =`
			`signature_parameters`
			`.get("expires")`
			`.ok_or(VerificationError::ParseError(`
			`"expires parameter is missing",`
			`))?;`
Support (created) and (expires) pseudoheaders in HTTP signatures 2022-09-12 20:08:13 +00:00			`format!("(expires): {}", expires)`
			`} else {`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let header_value = request_headers`
			`.get(header)`
Support (created) and (expires) pseudoheaders in HTTP signatures 2022-09-12 20:08:13 +00:00			`.ok_or(VerificationError::HeaderError("missing header"))?`
			`.to_str()`
			`.map_err(\|_\| VerificationError::HeaderError("invalid header value"))?;`
			`format!("{}: {}", header, header_value)`
			`};`
			`message_parts.push(message_part);`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`}`
Support (created) and (expires) pseudoheaders in HTTP signatures 2022-09-12 20:08:13 +00:00			`let message = message_parts.join("\n");`
Initial commit 2021-04-09 00:22:17 +00:00
Refactor http_signatures module 2022-10-23 16:04:02 +00:00			`let signature_data = HttpSignatureData {`
Make HTTP signature verification compatible with GoToSocial 2022-05-02 23:29:04 +00:00			`key_id,`
Initial commit 2021-04-09 00:22:17 +00:00			`message,`
			`signature,`
Read HTTP signature expiration date from (expires) pseudo-header 2022-11-29 17:33:57 +00:00			`expires_at,`
Initial commit 2021-04-09 00:22:17 +00:00			`};`
			`Ok(signature_data)`
			`}`

Move verify_signed_request function to activitypub::authentication module 2022-10-23 19:13:05 +00:00			`pub fn verify_http_signature(`
Refactor http_signatures module 2022-10-23 16:04:02 +00:00			`signature_data: &HttpSignatureData,`
			`signer_key: &RsaPublicKey,`
			`) -> Result<(), VerificationError> {`
Read HTTP signature expiration date from (expires) pseudo-header 2022-11-29 17:33:57 +00:00			`if signature_data.expires_at < Utc::now() {`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`log::warn!("signature has expired");`
Refactor http_signatures module 2022-10-23 16:04:02 +00:00			`};`
Move base64 encoding/decoding out of RSA signing functions 2022-11-18 23:22:24 +00:00			`let signature = base64::decode(&signature_data.signature)?;`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let is_valid_signature =`
			`verify_rsa_sha256_signature(signer_key, &signature_data.message, &signature);`
Refactor http_signatures module 2022-10-23 16:04:02 +00:00			`if !is_valid_signature {`
			`return Err(VerificationError::InvalidSignature);`
			`};`
			`Ok(())`
			`}`

Initial commit 2021-04-09 00:22:17 +00:00			`#[cfg(test)]`
			`mod tests {`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`use super::*;`
			`use crate::http_signatures::create::create_http_signature;`
Migrate to actix 4.0 and tokio 1 2022-04-08 18:52:13 +00:00			`use actix_web::http::{`
			`header,`
			`header::{HeaderMap, HeaderName, HeaderValue},`
			`Uri,`
			`};`
Rename to Fedimovies 2023-04-25 13:49:35 +00:00			`use fedimovies_utils::crypto_rsa::generate_weak_rsa_key;`
Initial commit 2021-04-09 00:22:17 +00:00
			`#[test]`
			`fn test_parse_signature() {`
Enable creation of HTTP signatures for all types of requests 2021-11-17 21:35:17 +00:00			`let request_method = Method::POST;`
Initial commit 2021-04-09 00:22:17 +00:00			`let request_uri = "/user/123/inbox".parse::<Uri>().unwrap();`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`let date = "20 Oct 2022 20:00:00 GMT";`
Initial commit 2021-04-09 00:22:17 +00:00			`let mut request_headers = HeaderMap::new();`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`request_headers.insert(header::HOST, HeaderValue::from_static("example.com"));`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`request_headers.insert(`
			`HeaderName::from_static("date"),`
Apply clippy suggestions 2023-04-27 22:01:24 +00:00			`HeaderValue::from_str(date).unwrap(),`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`);`
Initial commit 2021-04-09 00:22:17 +00:00			`let signature_header = concat!(`
			`r#"keyId="https://myserver.org/actor#main-key","#,`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`r#"headers="(request-target) host date","#,`
Initial commit 2021-04-09 00:22:17 +00:00			`r#"signature="test""#,`
			`);`
			`request_headers.insert(`
			`HeaderName::from_static("signature"),`
			`HeaderValue::from_static(signature_header),`
			`);`

Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let signature_data =`
			`parse_http_signature(&request_method, &request_uri, &request_headers).unwrap();`
Make HTTP signature verification compatible with GoToSocial 2022-05-02 23:29:04 +00:00			`assert_eq!(signature_data.key_id, "https://myserver.org/actor#main-key");`
Initial commit 2021-04-09 00:22:17 +00:00			`assert_eq!(`
			`signature_data.message,`
Require HTTP signatures to have creation date 2022-10-28 12:37:10 +00:00			`"(request-target): post /user/123/inbox\nhost: example.com\ndate: 20 Oct 2022 20:00:00 GMT",`
Initial commit 2021-04-09 00:22:17 +00:00			`);`
			`assert_eq!(signature_data.signature, "test");`
Read HTTP signature expiration date from (expires) pseudo-header 2022-11-29 17:33:57 +00:00			`assert!(signature_data.expires_at < Utc::now());`
Initial commit 2021-04-09 00:22:17 +00:00			`}`
Add test for HTTP signature verification 2022-10-24 19:47:00 +00:00
			`#[test]`
			`fn test_create_and_verify_signature() {`
			`let request_method = Method::POST;`
			`let request_url = "https://example.org/inbox";`
			`let request_body = "{}";`
Rename utils::crypto module to crypto_rsa 2022-11-13 18:43:57 +00:00			`let signer_key = generate_weak_rsa_key().unwrap();`
Add test for HTTP signature verification 2022-10-24 19:47:00 +00:00			`let signer_key_id = "https://myserver.org/actor#main-key";`
			`let signed_headers = create_http_signature(`
			`request_method.clone(),`
			`request_url,`
			`request_body,`
			`&signer_key,`
			`signer_key_id,`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`)`
			`.unwrap();`
Add test for HTTP signature verification 2022-10-24 19:47:00 +00:00
			`let request_url = request_url.parse::<Uri>().unwrap();`
			`let mut request_headers = HeaderMap::new();`
			`request_headers.append(`
			`HeaderName::from_static("host"),`
			`HeaderValue::from_str(&signed_headers.host).unwrap(),`
			`);`
			`request_headers.append(`
			`HeaderName::from_static("signature"),`
			`HeaderValue::from_str(&signed_headers.signature).unwrap(),`
			`);`
			`request_headers.append(`
			`HeaderName::from_static("date"),`
			`HeaderValue::from_str(&signed_headers.date).unwrap(),`
			`);`
			`request_headers.append(`
			`HeaderName::from_static("digest"),`
			`HeaderValue::from_str(&signed_headers.digest.unwrap()).unwrap(),`
			`);`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let signature_data =`
			`parse_http_signature(&request_method, &request_url, &request_headers).unwrap();`
Add test for HTTP signature verification 2022-10-24 19:47:00 +00:00
			`let signer_public_key = RsaPublicKey::from(signer_key);`
Apply cargo fmt 2023-04-24 15:35:32 +00:00			`let result = verify_http_signature(&signature_data, &signer_public_key);`
Apply clippy suggestions 2023-04-27 22:01:24 +00:00			`assert!(result.is_ok());`
Add test for HTTP signature verification 2022-10-24 19:47:00 +00:00			`}`
Initial commit 2021-04-09 00:22:17 +00:00			`}`