Crate http_sig

Expand description

Implementation of the IETF draft ‘Signing HTTP Messages’ https://tools.ietf.org/id/draft-cavage-http-signatures-12.html

§Features

This crate is intended to be used with multiple different HTTP clients and/or servers. As such, client/server-specific implementations are gated by correspondingly named features.

§Supported crates:

Crate / Feature name	Client/Server	Notes
reqwest	Client	Supports blocking and non-blocking requests.¹
rouille	Server

Due to limitations of the reqwest API, digests can only be calculated automatically for non-blocking non-streaming requests. For blocking or streaming requests, the user must add the digest manually before signing the request, or else the Digest header will not be included in the signature.

§Supported signature algorithms:

Algorithm registry: https://tools.ietf.org/id/draft-cavage-http-signatures-12.html#hsa-registry

hmac-sha256

§Supported digest algorithms:

Digest registry: https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml

SHA-256
SHA-512

§Example usage (reqwest)

use http_sig::*;

const SECRET_KEY: &[u8] = b"secret";

let config = SigningConfig::new_default("My Key", SECRET_KEY);

let client = reqwest::blocking::Client::new();

let req = client
    .get("http://localhost:8080/")
    .build()
    .unwrap()
    .signed(&config)
    .unwrap();

let result = client.execute(req).unwrap();

Modules§

mock_request: Module containg a mock request type which implements both ClientRequestLike and ServerRequestLike for testing.

Structs§

CanonicalizeConfig: Configuration for computing the canonical “signature string” of a request.
DefaultDigestProvider: Supports the SHA-256 and SHA-512 digest algorithms.
HmacSha256: Implementation of the ’ hmac-sha256 ’ HTTP signature scheme.
HmacSha512: Implementation of the ’ hmac-sha512 ’ HTTP signature scheme.
RouilleBody: In order to verify the signature on a rouille request, the request body must be consumed by the verification process. This type is used to return the request body contents on completion of a successful signature verification.
RsaSha256Sign: Implementation of the signing half of the ’ rsa-sha256 ’ HTTP signature scheme.
RsaSha256Verify: Implementation of the verification half of the ’ rsa-sha256 ’ HTTP signature scheme.
RsaSha512Sign: Implementation of the signing half of the ’ rsa-sha512 ’ HTTP signature scheme.
RsaSha512Verify: Implementation of the verification half of the ’ rsa-sha512 ’ HTTP signature scheme.
SignatureString: Opaque struct storing a computed signature string.
SigningConfig: The configuration used for signing HTTP requests.
SimpleKeyProvider: Implementation of a simple key store.
VerificationDetails: Contains information about a successfully validated request.
VerifyingConfig: The configuration used for verifying HTTP requests.
VerifyingError: This error indicates that we failed to verify the request. As a result the request should be ignored.

Enums§

CanonicalizeError: The types of error which may occur whilst computing the canonical “signature string” for a request.
Header: A header which can be incorporated into a HTTP signature.
PseudoHeader: Pseudo-headers are used to incorporate additional information into a HTTP signature for which there is no corresponding HTTP header.
SigningError: The types of error which may occur whilst signing.

Traits§

CanonicalizeExt: Extension method for computing the canonical “signature string” of a request.
ClientRequestLike: This trait is to be implemented for types representing an outgoing HTTP request. The HTTP signing extension methods are available on any type implementing this trait.
DigestProvider: The verification process will use this trait to find the appropriate digest algorithm to use when verifying the body of a request.
HttpDigest: Implementations of this trait correspond to digest algorithms listed here: https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml
HttpSignatureSign: Implements the signing half of an HTTP signature algorithm. For symmetric algorithms the same type implements both signing and verification.
HttpSignatureVerify: Implements the verification half of an HTTP signature algorithm. For symmetric algorithms the same type implements both signing and verification.
KeyProvider: The verification process will use this trait to find the appropriate key and algorithm to use for verifying a request.
RequestLike: Base trait for all request types
ServerRequestLike: This trait is to be implemented for types representing an incoming HTTP request. The HTTP verification extension methods are available on any type implementing this trait.
SigningExt: Import this trait to get access to access the signed and sign methods on all types implementing ClientRequestLike.
VerifyingExt: Import this trait to get access to access the verify method on all types implementing ServerRequestLike.

Crate http_sigCopy item path