HTTP Signature library where you bring the crypto
Find a file
asonix aaf8e16db4 Add basic digest logging
handle differing digest name cases
2020-03-17 14:28:04 -05:00
http-signature-normalization-actix Add basic digest logging 2020-03-17 14:28:04 -05:00
http-signature-normalization-http Bump http-signature-normalization version, update actix to 3.0 2020-03-15 19:29:47 -05:00
http-signature-normalization-reqwest Bump http-signature-normalization version, update actix to 3.0 2020-03-15 19:29:47 -05:00
http-signature-normalization-warp Remove unneeded clone 2020-02-17 16:57:07 -06:00
src Bump http-signature-normalization version, update actix to 3.0 2020-03-15 19:29:47 -05:00
.gitignore Add support for actix-web and http 2019-09-11 17:07:58 -05:00
Cargo.toml Bump http-signature-normalization version, update actix to 3.0 2020-03-15 19:29:47 -05:00
LICENSE Initial commit 2019-09-11 00:17:30 -05:00
README.md Bump http-signature-normalization version, update actix to 3.0 2020-03-15 19:29:47 -05:00

HTTP Signature Normaliztion

An HTTP Signatures library that leaves the signing to you

Http Signature Normalization is a minimal-dependency crate for producing HTTP Signatures with user-provided signing and verification. The API is simple; there's a series of steps for creation and verification with types that ensure reasonable usage.

use chrono::Duration;
use http_signature_normalization::Config;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = Config {
        expires_after: Duation::secs(5),
    };

    let headers = BTreeMap::new();

    let signature_header_value = config
        .begin_sign("GET", "/foo?bar=baz", headers)
        .sign("my-key-id".to_owned(), |signing_string| {
            // sign the string here
            Ok(signing_string.to_owned()) as Result<_, Box<dyn std::error::Error>>
        })?
        .signature_header();

    let mut headers = BTreeMap::new();
    headers.insert("Signature".to_owned(), signature_header_value);

    let verified = config
        .begin_verify("GET", "/foo?bar=baz", headers)?
        .verify(|sig, signing_string| {
            // Verify the signature here
            sig == signing_string
        });

    assert!(verified)
}

Contributing

Unless otherwise stated, all contributions to this project will be licensed under the CSL with the exceptions listed in the License section of this file.

License

This work is licensed under the Cooperative Software License. This is not a Free Software License, but may be considered a "source-available License." For most hobbyists, self-employed developers, worker-owned companies, and cooperatives, this software can be used in most projects so long as this software is distributed under the terms of the CSL. For more information, see the provided LICENSE file. If none exists, the license can be found online here. If you are a free software project and wish to use this software under the terms of the GNU Affero General Public License, please contact me at asonix@asonix.dog and we can sort that out. If you wish to use this project under any other license, especially in proprietary software, the answer is likely no.