//! The `hawk` crate provides support for [Hawk](https://github.com/hueniverse/hawk)
//! authentictation. It is a low-level crate, used by higher-level crates to integrate with various
//! Rust HTTP libraries.  For example `hyper-hawk` integrates Hawk with Hyper.
//!
//! # Examples
//!
//! ## Hawk Client
//!
//! A client can attach a Hawk Authorization header to requests by providing credentials to a
//! Request instance, which will generate the header.
//!
//! ```
//! use hawk::{RequestBuilder, Credentials, Key, SHA256, PayloadHasher};
//! use std::time::{Duration, UNIX_EPOCH};
//!
//! // provide the Hawk id and key
//! let credentials = Credentials {
//!     id: "test-client".to_string(),
//!     key: Key::new(vec![99u8; 32], SHA256).unwrap(),
//! };
//!
//! let payload_hash = PayloadHasher::hash("text/plain", SHA256, "request-body").unwrap();
//!
//! // provide the details of the request to be authorized
//!  let request = RequestBuilder::new("POST", "example.com", 80, "/v1/users")
//!     .hash(&payload_hash[..])
//!     .request();
//!
//! // Get the resulting header, including the calculated MAC; this involves a random
//! // nonce, so the MAC will be different on every request.
//! let header = request.make_header(&credentials).unwrap();
//!
//! // the header would the be attached to the request
//! assert_eq!(header.id.unwrap(), "test-client");
//! assert_eq!(header.mac.unwrap().len(), 32);
//! assert_eq!(header.hash.unwrap().len(), 32);
//! ```
//!
//! A client that wishes to use a bewit (URL parameter) can do so as follows:
//!
//! ```
//! use hawk::{RequestBuilder, Credentials, Key, SHA256, Bewit};
//! use std::time::Duration;
//! use std::borrow::Cow;
//!
//! let credentials = Credentials {
//!     id: "me".to_string(),
//!     key: Key::new("tok", SHA256).unwrap(),
//! };
//!
//! let client_req = RequestBuilder::new("GET", "mysite.com", 443, "/resource").request();
//! let client_bewit = client_req
//!     .make_bewit_with_ttl(&credentials, Duration::from_secs(10))
//!     .unwrap();
//! let request_path = format!("/resource?bewit={}", client_bewit.to_str());
//! // .. make the request
//! ```
//!
//! ## Hawk Server
//!
//! To act as a server, parse the Hawk Authorization header from the request, generate a new
//! Request instance, and use the request to validate the header.
//!
//! ```
//! use hawk::{RequestBuilder, Header, Key, SHA256};
//! use hawk::mac::Mac;
//! use std::time::{Duration, UNIX_EPOCH};
//!
//! let mac = Mac::from(vec![7, 22, 226, 240, 84, 78, 49, 75, 115, 144, 70,
//!                          106, 102, 134, 144, 128, 225, 239, 95, 132, 202,
//!                          154, 213, 118, 19, 63, 183, 108, 215, 134, 118, 115]);
//! // get the header (usually from the received request; constructed directly here)
//! let hdr = Header::new(Some("dh37fgj492je"),
//!                       Some(UNIX_EPOCH + Duration::new(1353832234, 0)),
//!                       Some("j4h3g2"),
//!                       Some(mac),
//!                       Some("my-ext-value"),
//!                       Some(vec![1, 2, 3, 4]),
//!                       Some("my-app"),
//!                       Some("my-dlg")).unwrap();
//!
//! // build a request object based on what we know
//! let hash = vec![1, 2, 3, 4];
//! let request = RequestBuilder::new("GET", "localhost", 443, "/resource")
//!     .hash(&hash[..])
//!     .request();
//!
//! let key = Key::new(vec![99u8; 32], SHA256).unwrap();
//! let one_week_in_secs = 7 * 24 * 60 * 60;
//! if !request.validate_header(&hdr, &key, Duration::from_secs(5200 * one_week_in_secs)) {
//!     panic!("header validation failed. Is it 2117 already?");
//! }
//! ```
//!
//! A server which validates bewits looks like this:
//!
//! ```
//! use hawk::{RequestBuilder, Credentials, Key, SHA256, Bewit};
//! use std::time::Duration;
//! use std::borrow::Cow;
//!
//! let credentials = Credentials {
//!     id: "me".to_string(),
//!     key: Key::new("tok", SHA256).unwrap(),
//! };
//!
//! // simulate the client generation of a bewit
//! let client_req = RequestBuilder::new("GET", "mysite.com", 443, "/resource").request();
//! let client_bewit = client_req
//!     .make_bewit_with_ttl(&credentials, Duration::from_secs(10))
//!     .unwrap();
//! let request_path = format!("/resource?bewit={}", client_bewit.to_str());
//!
//! let mut maybe_bewit = None;
//! let server_req = RequestBuilder::new("GET", "mysite.com", 443, &request_path)
//!     .extract_bewit(&mut maybe_bewit).unwrap()
//!     .request();
//! let bewit = maybe_bewit.unwrap();
//! assert_eq!(bewit.id(), "me");
//! assert!(server_req.validate_bewit(&bewit, &credentials.key));
//! ```
//!
//! ## Features
//!
//! By default, the `use_ring` feature is enabled, which means that this crate will
//! use `ring` for all cryptographic operations.
//!
//! Alternatively, one can configure the crate with the `use_openssl`
//! feature to use the `openssl` crate.
//!
//! If no features are enabled, you must provide a custom implementation of the
//! [`hawk::crypto::Cryptographer`] trait to the `set_cryptographer` function, or
//! the cryptographic operations will panic.
//!
//! Attempting to configure both the `use_ring` and `use_openssl` features will
//! result in a build error.

#[cfg(test)]
#[macro_use]
extern crate pretty_assertions;

mod header;
pub use crate::header::Header;

mod credentials;
pub use crate::credentials::{Credentials, DigestAlgorithm, Key};

mod request;
pub use crate::request::{Request, RequestBuilder};

mod response;
pub use crate::response::{Response, ResponseBuilder};

mod error;
pub use crate::error::*;

mod payload;
pub use crate::payload::PayloadHasher;

mod bewit;
pub use crate::bewit::Bewit;

mod b64;

pub mod mac;

pub mod crypto;

pub const SHA256: DigestAlgorithm = DigestAlgorithm::Sha256;
pub const SHA384: DigestAlgorithm = DigestAlgorithm::Sha384;
pub const SHA512: DigestAlgorithm = DigestAlgorithm::Sha512;