HTTP Signature library where you bring the crypto
Find a file
2023-11-25 19:47:04 -06:00
actix Fix sha3 2023-11-25 19:47:04 -06:00
actix-extractor Vendor openssl for actix-extractor example 2023-08-17 12:35:21 -05:00
http Update expires error types, licensing to AGPL, bump versions 2022-12-08 15:08:18 -06:00
reqwest Use ring for reqwest example 2023-08-17 12:34:51 -05:00
src Update expires error types, licensing to AGPL, bump versions 2022-12-08 15:08:18 -06:00
warp Update expires error types, licensing to AGPL, bump versions 2022-12-08 15:08:18 -06:00
.gitignore Add flake 2023-07-06 11:50:09 -05:00
Cargo.toml Update expires error types, licensing to AGPL, bump versions 2022-12-08 15:08:18 -06:00
flake.lock Update flake 2023-11-25 19:44:28 -06:00
flake.nix Add cargo-expand to flake 2023-07-06 12:12:36 -05:00
LICENSE Update expires error types, licensing to AGPL, bump versions 2022-12-08 15:08:18 -06:00
README.md Update expires error types, licensing to AGPL, bump versions 2022-12-08 15:08:18 -06:00

HTTP Signature Normaliztion

An HTTP Signatures library that leaves the signing to you

Http Signature Normalization is a minimal-dependency crate for producing HTTP Signatures with user-provided signing and verification. The API is simple; there's a series of steps for creation and verification with types that ensure reasonable usage.

use chrono::Duration;
use http_signature_normalization::Config;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = Config {
        expires_after: Duation::secs(5),
    };

    let headers = BTreeMap::new();

    let signature_header_value = config
        .begin_sign("GET", "/foo?bar=baz", headers)
        .sign("my-key-id".to_owned(), |signing_string| {
            // sign the string here
            Ok(signing_string.to_owned()) as Result<_, Box<dyn std::error::Error>>
        })?
        .signature_header();

    let mut headers = BTreeMap::new();
    headers.insert("Signature".to_owned(), signature_header_value);

    let verified = config
        .begin_verify("GET", "/foo?bar=baz", headers)?
        .verify(|sig, signing_string| {
            // Verify the signature here
            sig == signing_string
        });

    assert!(verified)
}

Contributing

Feel free to open issues for anything you find an issue with. Please note that any contributed code will be licensed under the AGPLv3.

License

Copyright © 2022 Riley Trautman

HTTP Signature Normalization is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

HTTP Signature Normalization is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. This file is part of HTTP Signature Normalization.

You should have received a copy of the GNU General Public License along with HTTP Signature Normalization. If not, see http://www.gnu.org/licenses/.