Expand description
HTTP Signature Normaliztion
An HTTP Signatures library that leaves the signing to you
Http Signature Normalization is a minimal-dependency crate for producing HTTP Signatures with user-provided signing and verification. The API is simple; there’s a series of steps for creation and verification with types that ensure reasonable usage.
use http_signature_normalization::Config;
use std::{collections::BTreeMap, time::Duration};
fn main() -> Result<(), Box<dyn std::error::Error>> {
let config = Config::default().set_expiration(Duration::from_secs(5));
let headers = BTreeMap::new();
let signature_header_value = config
.begin_sign("GET", "/foo?bar=baz", headers)?
.sign("my-key-id".to_owned(), |signing_string| {
// sign the string here
Ok(signing_string.to_owned()) as Result<_, Box<dyn std::error::Error>>
})?
.signature_header();
let mut headers = BTreeMap::new();
headers.insert("Signature".to_owned(), signature_header_value);
let verified = config
.begin_verify("GET", "/foo?bar=baz", headers)?
.verify(|sig, signing_string| {
// Verify the signature here
sig == signing_string
});
assert!(verified);
Ok(())
}
Modules
Types and logic for creating signature and authorization headers
Types and methods to verify a signature or authorization header
Structs
Configuration for signing and verifying signatures
Failed to build a signing string due to missing required headers
Enums
Error preparing a header for validation