herolib_crypt/httpsig/

verifier.rs

//! HTTP request verification implementation.

use crate::httpsig::components::{extract_authority, extract_method, extract_path};
use crate::httpsig::digest::verify_content_digest;
use crate::httpsig::error::HttpSigError;
use crate::httpsig::parser::{parse_signature, parse_signature_input};
use crate::httpsig::signature_base::build_signature_base;
use crate::keys::{Ed25519PublicKey, Signature};
use std::time::{SystemTime, UNIX_EPOCH};

/// Result of successful signature verification.
#[derive(Debug, Clone)]
pub struct VerificationResult {
    /// The key ID that was used for verification
    pub key_id: String,
    /// The signature algorithm
    pub algorithm: String,
    /// The signature creation timestamp
    pub created: u64,
    /// The components that were signed
    pub signed_components: Vec<String>,
}

/// Function type for dynamic key lookup (internal use only).
#[cfg(not(feature = "rhai"))]
pub(crate) type KeyGetter =
    Box<dyn Fn(&str) -> Result<Ed25519PublicKey, HttpSigError> + Send + Sync>;

/// HTTP request signature verifier.
///
/// # Example
///
/// ```
/// use herolib_crypt::httpsig::HttpVerifier;
/// use herolib_crypt::keys::Ed25519Keypair;
///
/// # fn example() -> Result<(), Box<dyn std::error::Error>> {
/// let keypair = Ed25519Keypair::generate()?;
/// let public_key = keypair.public_key();
///
/// let verifier = HttpVerifier::new()
///     .with_key(public_key);
///
/// // Verify would be called with actual request data
/// # Ok(())
/// # }
/// ```
#[cfg_attr(feature = "rhai", derive(Clone))]
pub struct HttpVerifier {
    #[cfg(not(feature = "rhai"))]
    key_getter: Option<KeyGetter>,
    default_key: Option<Ed25519PublicKey>,
    tolerance_secs: u64,
    required_components: Vec<String>,
}

impl HttpVerifier {
    /// Create a new verifier.
    ///
    /// You must configure either a default key with `with_key()` or
    /// a key getter function with `with_key_getter()`.
    pub fn new() -> Self {
        Self {
            #[cfg(not(feature = "rhai"))]
            key_getter: None,
            default_key: None,
            tolerance_secs: 60, // 1 minute default (tight security, handles clock skew)
            required_components: vec![
                "@method".to_string(),
                "@path".to_string(),
                "@authority".to_string(),
                "content-digest".to_string(),
            ],
        }
    }

    /// Set a default public key for single-key scenarios.
    pub fn with_key(mut self, public_key: Ed25519PublicKey) -> Self {
        self.default_key = Some(public_key);
        self
    }

    /// Set a dynamic key lookup function.
    ///
    /// The function receives the key ID from the signature and should
    /// return the corresponding public key.
    ///
    /// Note: This method is not available when the `rhai` feature is enabled,
    /// as function pointers are not cloneable. Use `with_key()` instead.
    ///
    /// # Example
    ///
    /// ```
    /// # use herolib_crypt::httpsig::HttpVerifier;
    /// # use herolib_crypt::keys::Ed25519PublicKey;
    /// let verifier = HttpVerifier::new()
    ///     .with_key_getter(Box::new(|key_id| {
    ///         // Look up key from database, cache, etc.
    ///         // For this example, just return an error
    ///         Err(herolib_crypt::httpsig::HttpSigError::KeyNotFound(key_id.to_string()))
    ///     }));
    /// ```
    #[cfg(not(feature = "rhai"))]
    pub fn with_key_getter(mut self, getter: KeyGetter) -> Self {
        self.key_getter = Some(getter);
        self
    }

    /// Set the timestamp tolerance in seconds (default: 60).
    ///
    /// Signatures with timestamps outside the window of
    /// `now - tolerance` to `now + tolerance` will be rejected.
    pub fn with_tolerance(mut self, seconds: u64) -> Self {
        self.tolerance_secs = seconds;
        self
    }

    /// Require additional signed components beyond the defaults.
    pub fn with_required_components(mut self, components: Vec<String>) -> Self {
        self.required_components.extend(components);
        self
    }

    /// Verify an HTTP request.
    ///
    /// This method works with any HTTP library that uses `http::Request`.
    ///
    /// # Arguments
    ///
    /// * `request` - Reference to the HTTP request
    /// * `body` - Request body bytes
    pub fn verify_request<B>(
        &self,
        request: &http::Request<B>,
        body: &[u8],
    ) -> Result<VerificationResult, HttpSigError> {
        // Extract components from request
        let method = request.method().as_str();
        let uri = request.uri();
        let path = uri.path();
        let authority = uri
            .authority()
            .ok_or(HttpSigError::MissingAuthority)?
            .as_str();

        // Extract headers
        let headers: Vec<(String, String)> = request
            .headers()
            .iter()
            .map(|(k, v)| {
                (
                    k.as_str().to_string(),
                    v.to_str().unwrap_or("").to_string(),
                )
            })
            .collect();

        // Verify
        self.verify_components(method, path, authority, &headers, body)
    }

    /// Verify an HTTP response.
    ///
    /// This method works with any HTTP library that uses `http::Response`.
    ///
    /// # Arguments
    ///
    /// * `response` - Reference to the HTTP response
    /// * `body` - Response body bytes
    pub fn verify_response<B>(
        &self,
        response: &http::Response<B>,
        body: &[u8],
    ) -> Result<VerificationResult, HttpSigError> {
        // For responses, we use fixed method and path
        let method = "POST";
        let path = "/";
        let authority = "response.local";

        // Extract headers
        let headers: Vec<(String, String)> = response
            .headers()
            .iter()
            .map(|(k, v)| {
                (
                    k.as_str().to_string(),
                    v.to_str().unwrap_or("").to_string(),
                )
            })
            .collect();

        // Verify
        self.verify_components(method, path, authority, &headers, body)
    }

    /// Verify HTTP message components (internal helper).
    ///
    /// This is the low-level verification method used internally.
    /// For most use cases, use `verify_request` or `verify_response` instead.
    pub(crate) fn verify_components(
        &self,
        method: &str,
        path: &str,
        authority: &str,
        headers: &[(String, String)],
        body: &[u8],
    ) -> Result<VerificationResult, HttpSigError> {
        // Extract signature headers
        let signature_input = self.find_header(headers, "signature-input")?;
        let signature_header = self.find_header(headers, "signature")?;
        let content_digest = self.find_header(headers, "content-digest")?;

        // Parse Signature-Input
        let params = parse_signature_input(signature_input)?;

        // Verify algorithm
        if params.alg != "ed25519" {
            return Err(HttpSigError::UnsupportedAlgorithm(params.alg.clone()));
        }

        // Verify required components are present
        for required in &self.required_components {
            if !params.components.contains(required) {
                return Err(HttpSigError::MissingComponent(required.clone()));
            }
        }

        // Verify timestamp tolerance
        self.verify_timestamp(params.created)?;

        // Verify content digest
        verify_content_digest(body, content_digest)?;

        // Get public key
        let public_key = self.get_public_key(&params.keyid)?;

        // Normalize components
        let method = extract_method(method);
        let path = extract_path(path)?;
        let authority = extract_authority(authority);

        // Filter extra headers that were signed
        let extra_headers: Vec<(String, String)> = params
            .components
            .iter()
            .filter(|c| !c.starts_with('@') && *c != "content-digest")
            .filter_map(|name| {
                headers
                    .iter()
                    .find(|(h, _)| h.eq_ignore_ascii_case(name))
                    .map(|(_, v)| (name.clone(), v.clone()))
            })
            .collect();

        // Rebuild signature base
        let sig_base = build_signature_base(
            &method,
            &path,
            &authority,
            content_digest,
            &extra_headers,
            &params.keyid,
            params.created,
        )?;

        // Get canonical string
        let canonical = sig_base.to_canonical_string();

        // Parse signature bytes
        let sig_bytes = parse_signature(signature_header, &params.label)?;
        let signature = Signature::from_bytes(&sig_bytes)?;

        // Verify signature
        let valid = public_key.verify(canonical.as_bytes(), &signature)?;

        if !valid {
            return Err(HttpSigError::VerificationFailed);
        }

        Ok(VerificationResult {
            key_id: params.keyid,
            algorithm: params.alg,
            created: params.created,
            signed_components: params.components,
        })
    }

    fn find_header<'a>(
        &self,
        headers: &'a [(String, String)],
        name: &str,
    ) -> Result<&'a str, HttpSigError> {
        headers
            .iter()
            .find(|(k, _)| k.eq_ignore_ascii_case(name))
            .map(|(_, v)| v.as_str())
            .ok_or_else(|| HttpSigError::MissingHeader(name.to_string()))
    }

    fn verify_timestamp(&self, created: u64) -> Result<(), HttpSigError> {
        let now = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .map_err(|_| HttpSigError::ParseError("System time error".to_string()))?
            .as_secs();

        let diff = if now > created {
            now - created
        } else {
            created - now
        };

        if diff > self.tolerance_secs {
            return Err(HttpSigError::TimestampOutOfBounds {
                created,
                now,
                tolerance: self.tolerance_secs,
            });
        }

        Ok(())
    }

    fn get_public_key(&self, _key_id: &str) -> Result<Ed25519PublicKey, HttpSigError> {
        #[cfg(not(feature = "rhai"))]
        if let Some(getter) = &self.key_getter {
            return getter(_key_id);
        }

        if let Some(key) = &self.default_key {
            return Ok(key.clone());
        }

        Err(HttpSigError::NoKeyConfigured)
    }
}

impl Default for HttpVerifier {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::httpsig::signer::HttpSigner;
    use crate::keys::Ed25519Keypair;
    use http::Request;

    #[test]
    fn test_sign_and_verify_roundtrip() {
        let keypair = Ed25519Keypair::generate().unwrap();
        let public_key = keypair.public_key();

        let signer = HttpSigner::new(keypair, "test-key");
        let verifier = HttpVerifier::new().with_key(public_key).with_tolerance(60);

        let body = b"test body";
        let mut request = Request::post("https://example.com/api/test")
            .body(body.to_vec())
            .unwrap();

        signer.sign_request(&mut request, body).unwrap();

        let result = verifier.verify_request(&request, body).unwrap();

        assert_eq!(result.key_id, "test-key");
        assert_eq!(result.algorithm, "ed25519");
    }

    #[test]
    fn test_verify_wrong_body() {
        let keypair = Ed25519Keypair::generate().unwrap();
        let public_key = keypair.public_key();

        let signer = HttpSigner::new(keypair, "test-key");
        let verifier = HttpVerifier::new().with_key(public_key);

        let original_body = b"original";
        let mut request = Request::post("https://example.com/api/test")
            .body(original_body.to_vec())
            .unwrap();

        signer.sign_request(&mut request, original_body).unwrap();

        // Try to verify with tampered body
        let result = verifier.verify_request(&request, b"tampered");

        assert!(matches!(result, Err(HttpSigError::DigestMismatch)));
    }

    #[test]
    fn test_verify_wrong_signature() {
        let keypair1 = Ed25519Keypair::generate().unwrap();
        let keypair2 = Ed25519Keypair::generate().unwrap();
        let wrong_key = keypair2.public_key();

        let signer = HttpSigner::new(keypair1, "test-key");
        let verifier = HttpVerifier::new().with_key(wrong_key);

        let body = b"test";
        let mut request = Request::post("https://example.com/api/test")
            .body(body.to_vec())
            .unwrap();

        signer.sign_request(&mut request, body).unwrap();

        // Verify with wrong key
        let result = verifier.verify_request(&request, body);

        assert!(matches!(result, Err(HttpSigError::VerificationFailed)));
    }
}