Skip to main content

HttpVerifier

herolib_crypt::httpsig

Struct HttpVerifier

pub struct HttpVerifier { /* private fields */ }

Expand description

HTTP request signature verifier.

§Example

use herolib_crypt::httpsig::HttpVerifier;
use herolib_crypt::keys::Ed25519Keypair;

let keypair = Ed25519Keypair::generate()?;
let public_key = keypair.public_key();

let verifier = HttpVerifier::new()
    .with_key(public_key);

// Verify would be called with actual request data

Implementations§

impl HttpVerifier

pub fn new() -> Self

Create a new verifier.

You must configure either a default key with with_key() or a key getter function with with_key_getter().

pub fn with_key(self, public_key: Ed25519PublicKey) -> Self

Set a default public key for single-key scenarios.

pub fn with_key_getter( self, getter: Box<dyn Fn(&str) -> Result<Ed25519PublicKey, HttpSigError> + Send + Sync>, ) -> Self

Set a dynamic key lookup function.

The function receives the key ID from the signature and should return the corresponding public key.

Note: This method is not available when the rhai feature is enabled, as function pointers are not cloneable. Use with_key() instead.

§Example

let verifier = HttpVerifier::new()
    .with_key_getter(Box::new(|key_id| {
        // Look up key from database, cache, etc.
        // For this example, just return an error
        Err(herolib_crypt::httpsig::HttpSigError::KeyNotFound(key_id.to_string()))
    }));

pub fn with_tolerance(self, seconds: u64) -> Self

Set the timestamp tolerance in seconds (default: 60).

Signatures with timestamps outside the window of now - tolerance to now + tolerance will be rejected.

pub fn with_required_components(self, components: Vec<String>) -> Self

Require additional signed components beyond the defaults.

pub fn verify_request<B>( &self, request: &Request<B>, body: &[u8], ) -> Result<VerificationResult, HttpSigError>

Verify an HTTP request.

This method works with any HTTP library that uses http::Request.

§Arguments

request - Reference to the HTTP request
body - Request body bytes

pub fn verify_response<B>( &self, response: &Response<B>, body: &[u8], ) -> Result<VerificationResult, HttpSigError>

Verify an HTTP response.

This method works with any HTTP library that uses http::Response.

§Arguments

response - Reference to the HTTP response
body - Response body bytes

Trait Implementations§

impl Default for HttpVerifier

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

impl Freeze for HttpVerifier

impl !RefUnwindSafe for HttpVerifier

impl Send for HttpVerifier

impl Sync for HttpVerifier

impl Unpin for HttpVerifier

impl !UnwindSafe for HttpVerifier

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V