Crate http_sig[−][src]

Expand description

Implementation of the IETF draft ‘Signing HTTP Messages’ https://tools.ietf.org/id/draft-cavage-http-signatures-12.html

Features

This crate is intended to be used with multiple different HTTP clients and/or servers. As such, client/server-specific implementations are gated by correspondingly named features.

Supported crates:

Crate / Feature name	Client/Server	Notes
reqwest	Client	Supports blocking and non-blocking requests.¹
rouille	Server

Due to limitations of the reqwest API, digests can only be calculated automatically for non-blocking non-streaming requests. For blocking or streaming requests, the user must add the digest manually before signing the request, or else the Digest header will not be included in the signature.

Supported signature algorithms:

Algorithm registry: https://tools.ietf.org/id/draft-cavage-http-signatures-12.html#hsa-registry

hmac-sha256

Supported digest algorithms:

Digest registry: https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml

SHA-256
SHA-512

Example usage (reqwest)

use http_sig::*;

const SECRET_KEY: &[u8] = b"secret";

let config = SigningConfig::new_default("My Key", SECRET_KEY);

let client = reqwest::blocking::Client::new();

let req = client
    .get("http://localhost:8080/")
    .build()
    .unwrap()
    .signed(&config)
    .unwrap();

let result = client.execute(req).unwrap();

Modules

mock_request

Module containg a mock request type which implements both ClientRequestLike and ServerRequestLike for testing.

Structs

CanonicalizeConfig

Configuration for computing the canonical “signature string” of a request.

DefaultDigestProvider

Supports the SHA-256 and SHA-512 digest algorithms.

HmacSha256

Implementation of the ’ hmac-sha256 ’ HTTP signature scheme.

HmacSha512

Implementation of the ’ hmac-sha512 ’ HTTP signature scheme.

RouilleBody

In order to verify the signature on a rouille request, the request body must be consumed by the verification process. This type is used to return the request body contents on completion of a successful signature verification.

RsaSha256Sign

Implementation of the signing half of the ’ rsa-sha256 ’ HTTP signature scheme.

RsaSha256Verify

Implementation of the verification half of the ’ rsa-sha256 ’ HTTP signature scheme.

RsaSha512Sign

Implementation of the signing half of the ’ rsa-sha512 ’ HTTP signature scheme.

RsaSha512Verify

Implementation of the verification half of the ’ rsa-sha512 ’ HTTP signature scheme.

SignatureString

Opaque struct storing a computed signature string.

SigningConfig

The configuration used for signing HTTP requests.

SimpleKeyProvider

Implementation of a simple key store.

VerificationDetails

Contains information about a successfully validated request.

VerifyingConfig

The configuration used for verifying HTTP requests.

VerifyingError

This error indicates that we failed to verify the request. As a result the request should be ignored.

Enums

CanonicalizeError

The types of error which may occur whilst computing the canonical “signature string” for a request.

Header

A header which can be incorporated into a HTTP signature.

PseudoHeader

Pseudo-headers are used to incorporate additional information into a HTTP signature for which there is no corresponding HTTP header.

SigningError

The types of error which may occur whilst signing.

Traits

CanonicalizeExt

Extension method for computing the canonical “signature string” of a request.

ClientRequestLike

This trait is to be implemented for types representing an outgoing HTTP request. The HTTP signing extension methods are available on any type implementing this trait.

DigestProvider

The verification process will use this trait to find the appropriate digest algorithm to use when verifying the body of a request.

HttpDigest

Implementations of this trait correspond to digest algorithms listed here: https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml

HttpSignatureSign

Implements the signing half of an HTTP signature algorithm. For symmetric algorithms the same type implements both signing and verification.

HttpSignatureVerify

Implements the verification half of an HTTP signature algorithm. For symmetric algorithms the same type implements both signing and verification.

KeyProvider

The verification process will use this trait to find the appropriate key and algorithm to use for verifying a request.

RequestLike

Base trait for all request types

ServerRequestLike

This trait is to be implemented for types representing an incoming HTTP request. The HTTP verification extension methods are available on any type implementing this trait.

SigningExt

Import this trait to get access to access the signed and sign methods on all types implementing ClientRequestLike.

VerifyingExt

Import this trait to get access to access the verify method on all types implementing ServerRequestLike.