Skip to content

Breaking change: keyid is optional, now in SignConfig/VerifyConfig #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yaronf merged 1 commit into from
Jun 11, 2024
Merged

Breaking change: keyid is optional, now in SignConfig/VerifyConfig #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ func TestClient_Get(t *testing.T) {
fields: fields{
sigName: "sig1",
signer: func() *Signer {
signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
signer, _ := NewHMACSHA256Signer(bytes.Repeat([]byte{1}, 64), NewSignConfig().SetKeyID("key1"), Headers("@method"))
return signer
}(),
verifier: nil,
Expand All @@ -54,7 +54,7 @@ func TestClient_Get(t *testing.T) {
fields: fields{
sigName: "sig1",
signer: func() *Signer {
signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
signer, _ := NewHMACSHA256Signer(bytes.Repeat([]byte{1}, 64), NewSignConfig().SetKeyID("key1"), Headers("@method"))
return signer
}(),
verifier: nil,
Expand All @@ -72,7 +72,7 @@ func TestClient_Get(t *testing.T) {
fields: fields{
sigName: "",
signer: func() *Signer {
signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
signer, _ := NewHMACSHA256Signer(bytes.Repeat([]byte{1}, 64), NewSignConfig().SetKeyID("key1"), Headers("@method"))
return signer
}(),
verifier: nil,
Expand All @@ -90,7 +90,7 @@ func TestClient_Get(t *testing.T) {
fields: fields{
sigName: "sig1",
signer: func() *Signer {
signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
signer, _ := NewHMACSHA256Signer(bytes.Repeat([]byte{1}, 64), NewSignConfig().SetKeyID("key1"), Headers("@method"))
return signer
}(),
verifier: nil,
Expand All @@ -110,12 +110,12 @@ func TestClient_Get(t *testing.T) {
fields: fields{
sigName: "sig1",
signer: func() *Signer {
signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
signer, _ := NewHMACSHA256Signer(bytes.Repeat([]byte{1}, 64), NewSignConfig().SetKeyID("key1"), Headers("@method"))
return signer
}(),
verifier: nil,
fetchVerifier: func(res *http.Response, req *http.Request) (sigName string, verifier *Verifier) {
verifier, _ = NewHMACSHA256Verifier("key1", bytes.Repeat([]byte{2}, 64), NewVerifyConfig(), Headers("@method"))
verifier, _ = NewHMACSHA256Verifier(bytes.Repeat([]byte{2}, 64), NewVerifyConfig(), Headers("@method"))
return "name", verifier
},
Client: *http.DefaultClient,
Expand Down Expand Up @@ -196,7 +196,7 @@ func TestClient_Head(t *testing.T) {
fields: fields{
sigName: "sig1",
signer: func() *Signer {
signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(),
signer, _ := NewHMACSHA256Signer(bytes.Repeat([]byte{1}, 64), NewSignConfig().SetKeyID("key1"),
Headers("@method"))
return signer
}(),
Expand Down
8 changes: 4 additions & 4 deletions clientex_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ func ExampleClient_Get() {
// Client code starts here
// Create a signer and a wrapped HTTP client (we set SignCreated to false to make the response deterministic,
// don't do that in production.)
signer, _ := httpsign.NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64),
httpsign.NewSignConfig().SignCreated(false), httpsign.Headers("@method"))
signer, _ := httpsign.NewHMACSHA256Signer(bytes.Repeat([]byte{1}, 64),
httpsign.NewSignConfig().SignCreated(false).SetKeyID("key1"), httpsign.Headers("@method"))
client := httpsign.NewDefaultClient(httpsign.NewClientConfig().SetSignatureName("sig22").SetSigner(signer)) // sign, don't verify

// Send an HTTP GET, get response -- signing and verification happen behind the scenes
Expand Down Expand Up @@ -107,8 +107,8 @@ func TestClientUsage(t *testing.T) {

// Client code starts here
// Create a signer and a wrapped HTTP client
signer, _ := httpsign.NewRSAPSSSigner("key1", *prvKey,
httpsign.NewSignConfig(),
signer, _ := httpsign.NewRSAPSSSigner(*prvKey,
httpsign.NewSignConfig().SetKeyID("key1"),
httpsign.Headers("@request-target", "content-digest")) // The Content-Digest header will be auto-generated
client := httpsign.NewDefaultClient(httpsign.NewClientConfig().SetSignatureName("sig1").SetSigner(signer)) // sign requests, don't verify responses

Expand Down
22 changes: 15 additions & 7 deletions config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ type SignConfig struct {
expires int64
nonce string
tag string
keyID *string
}

// NewSignConfig generates a default configuration.
Expand All @@ -27,6 +28,7 @@ func NewSignConfig() *SignConfig {
expires: 0,
nonce: "",
tag: "", // we disallow an empty tag
keyID: nil,
}
}

Expand Down Expand Up @@ -70,14 +72,20 @@ func (c *SignConfig) SetTag(tag string) *SignConfig {
return c
}

// SetKeyID configures a keyid value that will be included as a signature parameter.
func (c *SignConfig) SetKeyID(keyID string) *SignConfig {
c.keyID = &keyID
return c
}

// VerifyConfig contains additional configuration for the verifier.
type VerifyConfig struct {
verifyCreated bool
notNewerThan time.Duration
notOlderThan time.Duration
allowedAlgs []string
rejectExpired bool
verifyKeyID bool
keyID *string
dateWithin time.Duration
allowedTags []string
}
Expand Down Expand Up @@ -118,11 +126,11 @@ func (v *VerifyConfig) SetAllowedAlgs(allowedAlgs []string) *VerifyConfig {
return v
}

// SetVerifyKeyID defines how to verify the keyid parameter, if one exists. If this value is set,
// the signature verifies only if the value is the same as was specified in the Verifier structure.
// Default: true.
func (v *VerifyConfig) SetVerifyKeyID(verify bool) *VerifyConfig {
v.verifyKeyID = verify
// SetKeyID defines how to verify the keyid parameter, if one exists. If this value is a non-nil string,
// the signature verifies only if the value is the same as was specified here.
// Default: nil.
func (v *VerifyConfig) SetKeyID(keyID string) *VerifyConfig {
v.keyID = &keyID
return v
}

Expand Down Expand Up @@ -150,7 +158,7 @@ func NewVerifyConfig() *VerifyConfig {
notOlderThan: 10 * time.Second,
rejectExpired: true,
allowedAlgs: []string{},
verifyKeyID: true,
keyID: nil,
dateWithin: 0, // meaning no constraint
allowedTags: nil, // no constraint
}
Expand Down
Loading