Remove digest from covered components

2025-02-21 20:09:23 -05:00 · 2025-02-21 20:09:23 -05:00 · c5b7f7c3e2
commit c5b7f7c3e2
parent 3a838b4f21
4 changed files with 18 additions and 17 deletions
--- a/client/client.go
+++ b/client/client.go
@ -2,6 +2,7 @@ package client

 import (
 	"bytes"
+	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
@ -16,7 +17,6 @@ import (
 	"github.com/common-fate/httpsig/alg_ed25519"
 	"github.com/common-fate/httpsig/alg_rsa"
 	"github.com/common-fate/httpsig/signer"
-	"github.com/opencontainers/go-digest"
 )

 func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte) (*http.Response, error) {
@ -26,19 +26,14 @@ func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte) (*
 		return nil, err
 	}

-	id := digest.FromBytes(data)
-
-	authUrl := baseUrl.JoinPath("auth")
-
 	var req *http.Request

-	req, err = http.NewRequest("POST", authUrl.String(), bytes.NewBuffer(data))
+	req, err = http.NewRequest("POST", baseUrl.String(), bytes.NewBuffer(data))

 	if err != nil {
 		return nil, err
 	}

-	req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
 	req.Header.Add("Content-Type", "application/json")

 	resp, err := client.Do(req)
@ -60,10 +55,17 @@ func getSigningClient(key crypto.PrivateKey, keyId string) (*http.Client, error)
 		return nil, fmt.Errorf("type is unknown: %s", reflect.TypeOf(key))
 	}

+	coveredComponents := []string{"@method", "@target-uri", "content-type", "content-length"}
+
 	client := httpsig.NewClient(httpsig.ClientOpts{
 		Tag:               "auth",
 		KeyID:             keyId,
 		Alg:               alg,
+		CoveredComponents: coveredComponents,
+
+		OnDeriveSigningString: func(ctx context.Context, stringToSign string) {
+			fmt.Printf("string to sign:\n%s\n", stringToSign)
+		},
 	})

 	return client, nil
--- a/go.mod
+++ b/go.mod
@ -6,7 +6,6 @@ require (
 	github.com/common-fate/httpsig v0.2.1
 	github.com/google/uuid v1.6.0
 	github.com/mattn/go-sqlite3 v1.14.24
-	github.com/opencontainers/go-digest v1.0.0
 	golang.org/x/crypto v0.33.0
 )

--- a/go.sum
+++ b/go.sum
@ -8,8 +8,6 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
 github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
 golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
--- a/server/server.go
+++ b/server/server.go
@ -16,12 +16,16 @@ import (
 func Start(keyDir keydirectory.RegistrationDirectory) error {
 	mux := http.NewServeMux()

+	validationOptions := httpsig.DefaultValidationOpts()
+	delete(validationOptions.RequiredCoveredComponents, "content-digest")
+
 	verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
 		NonceStorage: inmemory.NewNonceStorage(),
 		KeyDirectory: keyDir,
 		Tag:          "auth",
 		Scheme:       "http",
-		Authority:    "localhost:8080",
+		Authority:    "localhost:8001",
+		Validation:   &validationOptions,

 		OnValidationError: func(ctx context.Context, err error) {
 			fmt.Printf("validation error: %s\n", err)
@ -34,9 +38,7 @@ func Start(keyDir keydirectory.RegistrationDirectory) error {

 	verifyHandler := verifier(getDefaultHandler())

-	var handler http.Handler
-
-	handler = rewriteHeaders(verifyHandler)
+	handler := rewriteHeaders(verifyHandler)

 	mux.Handle("/auth", handler)
 	mux.Handle("/register", getRegistrationHandler(keyDir))