Remove digest from covered components

2025-02-21 20:09:23 -05:00 · 2025-02-21 20:09:23 -05:00 · c5b7f7c3e2
commit c5b7f7c3e2
parent 3a838b4f21
4 changed files with 18 additions and 17 deletions
--- a/client/client.go
+++ b/client/client.go
@ -2,6 +2,7 @@ package client

 import (
 	"bytes"
+	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
@ -16,7 +17,6 @@ import (
 	"github.com/common-fate/httpsig/alg_ed25519"
 	"github.com/common-fate/httpsig/alg_rsa"
 	"github.com/common-fate/httpsig/signer"
-	"github.com/opencontainers/go-digest"
 )

 func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte) (*http.Response, error) {
@ -26,19 +26,14 @@ func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte) (*
 		return nil, err
 	}

-	id := digest.FromBytes(data)
-
-	authUrl := baseUrl.JoinPath("auth")
-
 	var req *http.Request

-	req, err = http.NewRequest("POST", authUrl.String(), bytes.NewBuffer(data))
+	req, err = http.NewRequest("POST", baseUrl.String(), bytes.NewBuffer(data))

 	if err != nil {
 		return nil, err
 	}

-	req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
 	req.Header.Add("Content-Type", "application/json")

 	resp, err := client.Do(req)
@ -60,10 +55,17 @@ func getSigningClient(key crypto.PrivateKey, keyId string) (*http.Client, error)
 		return nil, fmt.Errorf("type is unknown: %s", reflect.TypeOf(key))
 	}

+	coveredComponents := []string{"@method", "@target-uri", "content-type", "content-length"}
+
 	client := httpsig.NewClient(httpsig.ClientOpts{
-		Tag:   "auth",
-		KeyID: keyId,
-		Alg:   alg,
+		Tag:               "auth",
+		KeyID:             keyId,
+		Alg:               alg,
+		CoveredComponents: coveredComponents,
+
+		OnDeriveSigningString: func(ctx context.Context, stringToSign string) {
+			fmt.Printf("string to sign:\n%s\n", stringToSign)
+		},
 	})

 	return client, nil