- commit
- c5b7f7c
- parent
- 3a838b4
- author
- cheddar
- date
- 2025-02-22 02:09:23 +0100 CET
Remove digest from covered components
4 files changed,
+18,
-17
+12,
-10
1@@ -2,6 +2,7 @@ package client
2
3 import (
4 "bytes"
5+ "context"
6 "crypto"
7 "crypto/ecdsa"
8 "crypto/ed25519"
9@@ -16,7 +17,6 @@ import (
10 "github.com/common-fate/httpsig/alg_ed25519"
11 "github.com/common-fate/httpsig/alg_rsa"
12 "github.com/common-fate/httpsig/signer"
13- "github.com/opencontainers/go-digest"
14 )
15
16 func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte) (*http.Response, error) {
17@@ -26,19 +26,14 @@ func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte) (*
18 return nil, err
19 }
20
21- id := digest.FromBytes(data)
22-
23- authUrl := baseUrl.JoinPath("auth")
24-
25 var req *http.Request
26
27- req, err = http.NewRequest("POST", authUrl.String(), bytes.NewBuffer(data))
28+ req, err = http.NewRequest("POST", baseUrl.String(), bytes.NewBuffer(data))
29
30 if err != nil {
31 return nil, err
32 }
33
34- req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
35 req.Header.Add("Content-Type", "application/json")
36
37 resp, err := client.Do(req)
38@@ -60,10 +55,17 @@ func getSigningClient(key crypto.PrivateKey, keyId string) (*http.Client, error)
39 return nil, fmt.Errorf("type is unknown: %s", reflect.TypeOf(key))
40 }
41
42+ coveredComponents := []string{"@method", "@target-uri", "content-type", "content-length"}
43+
44 client := httpsig.NewClient(httpsig.ClientOpts{
45- Tag: "auth",
46- KeyID: keyId,
47- Alg: alg,
48+ Tag: "auth",
49+ KeyID: keyId,
50+ Alg: alg,
51+ CoveredComponents: coveredComponents,
52+
53+ OnDeriveSigningString: func(ctx context.Context, stringToSign string) {
54+ fmt.Printf("string to sign:\n%s\n", stringToSign)
55+ },
56 })
57
58 return client, nil
M
go.mod
+0,
-1
1@@ -6,7 +6,6 @@ require (
2 github.com/common-fate/httpsig v0.2.1
3 github.com/google/uuid v1.6.0
4 github.com/mattn/go-sqlite3 v1.14.24
5- github.com/opencontainers/go-digest v1.0.0
6 golang.org/x/crypto v0.33.0
7 )
8
M
go.sum
+0,
-2
1@@ -8,8 +8,6 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
2 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
3 github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
4 github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
5-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
6-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
7 golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
8 golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
9 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+6,
-4
1@@ -16,12 +16,16 @@ import (
2 func Start(keyDir keydirectory.RegistrationDirectory) error {
3 mux := http.NewServeMux()
4
5+ validationOptions := httpsig.DefaultValidationOpts()
6+ delete(validationOptions.RequiredCoveredComponents, "content-digest")
7+
8 verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
9 NonceStorage: inmemory.NewNonceStorage(),
10 KeyDirectory: keyDir,
11 Tag: "auth",
12 Scheme: "http",
13- Authority: "localhost:8080",
14+ Authority: "localhost:8001",
15+ Validation: &validationOptions,
16
17 OnValidationError: func(ctx context.Context, err error) {
18 fmt.Printf("validation error: %s\n", err)
19@@ -34,9 +38,7 @@ func Start(keyDir keydirectory.RegistrationDirectory) error {
20
21 verifyHandler := verifier(getDefaultHandler())
22
23- var handler http.Handler
24-
25- handler = rewriteHeaders(verifyHandler)
26+ handler := rewriteHeaders(verifyHandler)
27
28 mux.Handle("/auth", handler)
29 mux.Handle("/register", getRegistrationHandler(keyDir))