[][src]Crate http_signature_normalization

HTTP Signature Normaliztion

An HTTP Signatures library that leaves the signing to you

Http Signature Normalization is a minimal-dependency crate for producing HTTP Signatures with user-provided signing and verification. The API is simple; there's a series of steps for creation and verification with types that ensure reasonable usage.

use chrono::Duration;
use http_signature_normalization::Config;
use std::collections::BTreeMap;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = Config {
        expires_after: Duration::seconds(5),
    };

    let headers = BTreeMap::new();

    let signature_header_value = config
        .begin_sign("GET", "/foo?bar=baz", headers)
        .sign("my-key-id".to_owned(), |signing_string| {
            // sign the string here
            Ok(signing_string.to_owned()) as Result<_, Box<dyn std::error::Error>>
        })?
        .signature_header();

    let mut headers = BTreeMap::new();
    headers.insert("Signature".to_owned(), signature_header_value);

    let verified = config
        .begin_verify("GET", "/foo?bar=baz", headers)?
        .verify(|sig, signing_string| {
            // Verify the signature here
            sig == signing_string
        });

    assert!(verified);
    Ok(())
}

Modules

create

Types and logic for creating signature and authorization headers

verify

Types and methods to verify a signature or authorization header

Structs

Config

Configuration for signing and verifying signatures

Enums

PrepareVerifyError

Error preparing a header for validation