-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
411140c
commit 5e931f4
Showing
6 changed files
with
147 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
use http::Request; | ||
use http_body_util::Full; | ||
use httpsig_hyper::{prelude::*, *}; | ||
|
||
const EDDSA_SECRET_KEY: &str = r##"-----BEGIN PRIVATE KEY----- | ||
MC4CAQAwBQYDK2VwBCIEIDSHAE++q1BP7T8tk+mJtS+hLf81B0o6CFyWgucDFN/C | ||
-----END PRIVATE KEY----- | ||
"##; | ||
const EDDSA_PUBLIC_KEY: &str = r##"-----BEGIN PUBLIC KEY----- | ||
MCowBQYDK2VwAyEA1ixMQcxO46PLlgQfYS46ivFd+n0CcDHSKUnuhm3i1O0= | ||
-----END PUBLIC KEY----- | ||
"##; | ||
|
||
const COVERED_COMPONENTS: &[&str] = &["@method", "date", "content-type", "content-digest"]; | ||
|
||
async fn build_request() -> anyhow::Result<Request<Full<bytes::Bytes>>> { | ||
let body = Full::new(&b"{\"hello\": \"world\"}"[..]); | ||
let req = Request::builder() | ||
.method("GET") | ||
.uri("https://example.com/parameters?var=this%20is%20a%20big%0Amultiline%20value&bar=with+plus+whitespace&fa%C3%A7ade%22%3A%20=something") | ||
.header("date", "Sun, 09 May 2021 18:30:00 GMT") | ||
.header("content-type", "application/json") | ||
.header("content-type", "application/json-patch+json") | ||
.body(body) | ||
.unwrap(); | ||
req.set_content_digest(&ContentDigestType::Sha256).await | ||
} | ||
|
||
/// Sender function that generates a request with a signature | ||
async fn sender() -> Request<Full<bytes::Bytes>> { | ||
// build signature params that indicates objects to be signed | ||
let covered_components = COVERED_COMPONENTS | ||
.iter() | ||
.map(|v| message_component::HttpMessageComponentId::try_from(*v)) | ||
.collect::<Result<Vec<_>, _>>() | ||
.unwrap(); | ||
let mut signature_params = HttpSignatureParams::try_new(&covered_components).unwrap(); | ||
|
||
// set signing/verifying key information, alg and keyid | ||
let secret_key = SecretKey::from_pem(EDDSA_SECRET_KEY).unwrap(); | ||
signature_params.set_key_info(&secret_key); | ||
|
||
// set signature with custom signature name | ||
let mut req = build_request().await.unwrap(); | ||
req | ||
.set_message_signature(&signature_params, &secret_key, Some("custom_sig_name")) | ||
.await | ||
.unwrap(); | ||
|
||
req | ||
} | ||
|
||
/// Receiver function that verifies a request with a signature | ||
async fn receiver(req: Request<Full<bytes::Bytes>>) -> bool { | ||
let public_key = PublicKey::from_pem(EDDSA_PUBLIC_KEY).unwrap(); | ||
let key_id = public_key.key_id(); | ||
|
||
// verify signature with checking key_id | ||
req.verify_message_signature(&public_key, Some(&key_id)).await.unwrap() | ||
} | ||
|
||
#[tokio::main] | ||
async fn main() { | ||
// sender generates a request with a signature | ||
let request_from_sender = sender().await; | ||
|
||
let signature_input = request_from_sender | ||
.headers() | ||
.get("signature-input") | ||
.unwrap() | ||
.to_str() | ||
.unwrap(); | ||
let signature = request_from_sender.headers().get("signature").unwrap().to_str().unwrap(); | ||
assert!(signature_input.starts_with(r##"custom_sig_name=("##)); | ||
assert!(signature.starts_with(r##"custom_sig_name=:"##)); | ||
|
||
// receiver verifies the request with a signature | ||
let verification_res = receiver(request_from_sender).await; | ||
assert!(verification_res); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters