diff --git a/client/client.go b/client/client.go index f8ea870..aecc191 100644 --- a/client/client.go +++ b/client/client.go @@ -2,6 +2,7 @@ package client import ( "bytes" + "context" "crypto" "crypto/ecdsa" "crypto/ed25519" @@ -16,7 +17,6 @@ import ( "github.com/common-fate/httpsig/alg_ed25519" "github.com/common-fate/httpsig/alg_rsa" "github.com/common-fate/httpsig/signer" - "github.com/opencontainers/go-digest" ) func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte) (*http.Response, error) { @@ -26,19 +26,14 @@ func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte) (* return nil, err } - id := digest.FromBytes(data) - - authUrl := baseUrl.JoinPath("auth") - var req *http.Request - req, err = http.NewRequest("POST", authUrl.String(), bytes.NewBuffer(data)) + req, err = http.NewRequest("POST", baseUrl.String(), bytes.NewBuffer(data)) if err != nil { return nil, err } - req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded()) req.Header.Add("Content-Type", "application/json") resp, err := client.Do(req) @@ -60,10 +55,17 @@ func getSigningClient(key crypto.PrivateKey, keyId string) (*http.Client, error) return nil, fmt.Errorf("type is unknown: %s", reflect.TypeOf(key)) } + coveredComponents := []string{"@method", "@target-uri", "content-type", "content-length"} + client := httpsig.NewClient(httpsig.ClientOpts{ - Tag: "auth", - KeyID: keyId, - Alg: alg, + Tag: "auth", + KeyID: keyId, + Alg: alg, + CoveredComponents: coveredComponents, + + OnDeriveSigningString: func(ctx context.Context, stringToSign string) { + fmt.Printf("string to sign:\n%s\n", stringToSign) + }, }) return client, nil diff --git a/go.mod b/go.mod index d7a74ce..770572c 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,6 @@ require ( github.com/common-fate/httpsig v0.2.1 github.com/google/uuid v1.6.0 github.com/mattn/go-sqlite3 v1.14.24 - github.com/opencontainers/go-digest v1.0.0 golang.org/x/crypto v0.33.0 ) diff --git a/go.sum b/go.sum index 360ff9f..5c77fd1 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,6 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM= github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= -github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= -github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= diff --git a/server/server.go b/server/server.go index c46a064..144411f 100644 --- a/server/server.go +++ b/server/server.go @@ -16,12 +16,16 @@ import ( func Start(keyDir keydirectory.RegistrationDirectory) error { mux := http.NewServeMux() + validationOptions := httpsig.DefaultValidationOpts() + delete(validationOptions.RequiredCoveredComponents, "content-digest") + verifier := httpsig.Middleware(httpsig.MiddlewareOpts{ NonceStorage: inmemory.NewNonceStorage(), KeyDirectory: keyDir, Tag: "auth", Scheme: "http", - Authority: "localhost:8080", + Authority: "localhost:8001", + Validation: &validationOptions, OnValidationError: func(ctx context.Context, err error) { fmt.Printf("validation error: %s\n", err) @@ -34,9 +38,7 @@ func Start(keyDir keydirectory.RegistrationDirectory) error { verifyHandler := verifier(getDefaultHandler()) - var handler http.Handler - - handler = rewriteHeaders(verifyHandler) + handler := rewriteHeaders(verifyHandler) mux.Handle("/auth", handler) mux.Handle("/register", getRegistrationHandler(keyDir))