[][src]Crate http_sig

Implementation of the IETF draft 'Signing HTTP Messages' https://tools.ietf.org/id/draft-cavage-http-signatures-12.html

Features

This crate is intended to be used with multiple different HTTP clients and/or servers. As such, client/server-specific implementations are gated by correspondingly named features.

Supported crates:

Crate / Feature nameClient/ServerNotes
reqwestClientSupports blocking and non-blocking requests.1
rouilleServer
  1. Due to limitations of the reqwest API, digests can only be calculated automatically for non-blocking non-streaming requests. For blocking or streaming requests, the user must add the digest manually before signing the request, or else the Digest header will not be included in the signature.

Supported signature algorithms:

Algorithm registry: https://tools.ietf.org/id/draft-cavage-http-signatures-12.html#hsa-registry

  • hmac-sha256

Supported digest algorithms:

Digest registry: https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml

  • SHA-256
  • SHA-512

Example usage (reqwest)

use http_sig::*;

const SECRET_KEY: &[u8] = b"secret";

let config = SigningConfig::new_default("My Key", SECRET_KEY);

let client = reqwest::blocking::Client::new();

let req = client
    .get("http://localhost:8080/")
    .build()
    .unwrap()
    .signed(&config)
    .unwrap();

let result = client.execute(req).unwrap();

Structs

DefaultDigestProvider

Supports the SHA-256 and SHA-512 digest algorithms.

RouilleBody

In order to verify the signature on a rouille request, the request body must be consumed by the verification process. This type is used to return the request body contents on completion of a successful signature verification.

SigningConfig

The configuration used for signing HTTP requests.

SimpleKeyProvider

Implementation of a simple key store.

VerifyingConfig

The configuration used for verifying HTTP requests.

VerifyingError

This error indicates that we failed to verify the request. As a result the request should be ignored.

Enums

Header

A header which can be incorporated into a HTTP signature.

PseudoHeader

Pseudo-headers are used to incorporate additional information into a HTTP signature for which there is no corresponding HTTP header.

SigningError

The types of error which may occur whilst signing.

Traits

ClientRequestLike

This trait is to be implemented for types representing an outgoing HTTP request. The HTTP signing extension methods are available on any type implementing this trait.

DigestProvider

The verification process will use this trait to find the appropriate digest algorithm to use when verifying the body of a request.

HttpDigest

Implementations of this trait correspond to digest algorithms listed here: https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml

HttpSignature

Implementations of this trait correspond to signature algorithms listed here: https://tools.ietf.org/id/draft-cavage-http-signatures-12.html#hsa-registry

KeyProvider

The verification process will use this trait to find the appropriate key and algorithm to use for verifying a request.

ServerRequestLike

This trait is to be implemented for types representing an incoming HTTP request. The HTTP verification extension methods are available on any type implementing this trait.

SigningExt

Import this trait to get access to access the signed and sign methods on all types implementing ClientRequestLike.

VerifyingExt

Import this trait to get access to access the verify method on all types implementing ServerRequestLike.