#signature-verification #http #signatures #http-header #signature #digest #verify-signature

http-signature-normalization

An HTTP Signatures library that leaves the signing to you

15 releases

0.7.0 Dec 8, 2022
0.6.1 Nov 29, 2022
0.6.0 Jan 17, 2022
0.5.4 Sep 18, 2021
0.1.0 Sep 21, 2019

#840 in Cryptography

Download history 363/week @ 2024-08-09 195/week @ 2024-08-16 236/week @ 2024-08-23 230/week @ 2024-08-30 568/week @ 2024-09-06 979/week @ 2024-09-13 1165/week @ 2024-09-20 1150/week @ 2024-09-27 1051/week @ 2024-10-04 950/week @ 2024-10-11 1050/week @ 2024-10-18 1103/week @ 2024-10-25 636/week @ 2024-11-01 458/week @ 2024-11-08 445/week @ 2024-11-15 370/week @ 2024-11-22

2,109 downloads per month
Used in 23 crates (5 directly)

AGPL-3.0

35KB
742 lines

HTTP Signature Normaliztion

An HTTP Signatures library that leaves the signing to you

Http Signature Normalization is a minimal-dependency crate for producing HTTP Signatures with user-provided signing and verification. The API is simple; there's a series of steps for creation and verification with types that ensure reasonable usage.

use chrono::Duration;
use http_signature_normalization::Config;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = Config {
        expires_after: Duation::secs(5),
    };

    let headers = BTreeMap::new();

    let signature_header_value = config
        .begin_sign("GET", "/foo?bar=baz", headers)
        .sign("my-key-id".to_owned(), |signing_string| {
            // sign the string here
            Ok(signing_string.to_owned()) as Result<_, Box<dyn std::error::Error>>
        })?
        .signature_header();

    let mut headers = BTreeMap::new();
    headers.insert("Signature".to_owned(), signature_header_value);

    let verified = config
        .begin_verify("GET", "/foo?bar=baz", headers)?
        .verify(|sig, signing_string| {
            // Verify the signature here
            sig == signing_string
        });

    assert!(verified)
}

Contributing

Feel free to open issues for anything you find an issue with. Please note that any contributed code will be licensed under the AGPLv3.

License

Copyright © 2022 Riley Trautman

HTTP Signature Normalization is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

HTTP Signature Normalization is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. This file is part of HTTP Signature Normalization.

You should have received a copy of the GNU General Public License along with HTTP Signature Normalization. If not, see http://www.gnu.org/licenses/.

Dependencies