Dictionary headers

yaronf · yaronf · commit 01a6d3e98bbc · 2022-01-29T19:42:03.000+02:00
diff --git a/fields.go b/fields.go
@@ -16,6 +16,9 @@ type field struct {
 }
 
 func (f *field) String() string {
+	if f.flagName == "" {
+		return f.name
+	}
 	return fmt.Sprintf("%s;%s=\"%s\"", f.name, f.flagName, f.flagValue)
 }
 
@@ -74,7 +77,13 @@ func (fs *Fields) AddQueryParam(qp string) *Fields {
 	return fs
 }
 
-// AddDictHeader indicates that a specific instance of a header is to be signed (TODO: unimplemented)
+func fromDictHeader(hdr, key string) *field {
+	h := strings.ToLower(hdr)
+	f := field{h, "key", key}
+	return &f
+}
+
+// AddDictHeader indicates that out of a header structured as a dictionary, a specific key value is signed/verified
 func (fs *Fields) AddDictHeader(hdr, key string) *Fields {
 	k := strings.ToLower(key)
 	return fs.addHeaderAndFlag(hdr, "key", k)
diff --git a/handler.go b/handler.go
@@ -10,6 +10,8 @@ import (
 // WrapHandler wraps a server's HTTP request handler so that the incoming request is verified
 // and the response is signed. Both operations are optional. If config is nil, the default
 // configuration is applied: requests are verified and responses are signed.
+// Note: unlike the standard net.http behavior, if you want the "Content-Type" header to be signed,
+// you should specify it explicitly.
 func WrapHandler(h http.Handler, config *HandlerConfig) http.Handler {
 	if config == nil {
 		config = NewHandlerConfig()
diff --git a/handler_test.go b/handler_test.go
@@ -27,7 +27,7 @@ func Test_WrapHandler(t *testing.T) {
 
 	simpleHandler := func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(200)
-		w.Header().Set("bar", "baz")
+		w.Header().Set("bar", "baz and baz again")
 		fmt.Fprintln(w, "Hello, client")
 		fmt.Fprintln(w, "Hello again")
 	}
diff --git a/handlerex_test.go b/handlerex_test.go
@@ -57,13 +57,14 @@ func ExampleWrapHandler_serverSigns() {
 	fetchSigner := func(res http.Response, r *http.Request) (string, *httpsign.Signer) {
 		sigName := "sig1"
 		signer, _ := httpsign.NewHMACSHA256Signer("key", bytes.Repeat([]byte{0}, 64), nil,
-			httpsign.HeaderList([]string{"@status", "bar", "date"}))
+			httpsign.HeaderList([]string{"@status", "bar", "date", "content-type"}))
 		return sigName, signer
 	}
 
 	simpleHandler := func(w http.ResponseWriter, r *http.Request) { // this handler gets wrapped
 		w.WriteHeader(200)
-		w.Header().Set("bar", "baz")
+		w.Header().Set("bar", "some text here") // note: a single word in the header value would be interpreted is a trivial dictionary!
+		w.Header().Set("Content-Type", "text/plain")
 		fmt.Fprintln(w, "Hello, client")
 	}
 
diff --git a/httpparse.go b/httpparse.go
@@ -2,6 +2,7 @@ package httpsign
 
 import (
 	"fmt"
+	"github.com/dunglas/httpsfv"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -40,7 +41,10 @@ func parseRequest(req *http.Request) (*parsedMessage, error) {
 	}
 	components := components{}
 	generateReqSpecialtyComponents(req, components)
-	generateHeaderComponents(req.Header, components)
+	err = generateHeaderComponents(req.Header, components)
+	if err != nil {
+		return nil, err
+	}
 	values, err := url.ParseQuery(req.URL.RawQuery)
 	if err != nil {
 		return nil, fmt.Errorf("cannot parse query: %s", req.URL.RawQuery)
@@ -63,7 +67,10 @@ func parseResponse(res *http.Response) (*parsedMessage, error) {
 	}
 	components := components{}
 	generateResSpecialtyComponents(res, components)
-	generateHeaderComponents(res.Header, components)
+	err = generateHeaderComponents(res.Header, components)
+	if err != nil {
+		return nil, err
+	}
 
 	return &parsedMessage{components}, nil
 }
@@ -78,12 +85,35 @@ func validateMessageHeaders(header http.Header) error {
 	return nil
 }
 
-// TODO: dictionary headers
-func generateHeaderComponents(headers http.Header, components components) {
-	for key, val := range headers {
-		k := strings.ToLower(key)
-		components[*fromHeaderName(k)] = []string{foldFields(val)}
+func generateHeaderComponents(headers http.Header, components components) error {
+	for hdrName, val := range headers {
+		lower := strings.ToLower(hdrName)
+		dict, err := httpsfv.UnmarshalDictionary(val)
+		if err == nil { // dictionary
+			for _, name := range dict.Names() {
+				v, _ := dict.Get(name)
+				switch v.(type) {
+				case httpsfv.Item:
+					vv, err := httpsfv.Marshal(v.(httpsfv.Item))
+					if err != nil {
+						return fmt.Errorf("malformed dictionry member %s: %v", name, err)
+					}
+					components[*fromDictHeader(lower, name)] = []string{vv}
+				case httpsfv.InnerList:
+					vv, err := httpsfv.Marshal(v.(httpsfv.InnerList))
+					if err != nil {
+						return fmt.Errorf("malformed dictionry member %s: %v", name, err)
+					}
+					components[*fromDictHeader(lower, name)] = []string{vv}
+				default:
+					return fmt.Errorf("unexpected dictionary value")
+				}
+			}
+		} else {
+			components[*fromHeaderName(lower)] = []string{foldFields(val)}
+		}
 	}
+	return nil
 }
 
 func foldFields(fields []string) string {
diff --git a/signatures.go b/signatures.go
@@ -219,22 +219,28 @@ func GetRequestSignature(req *http.Request, signatureName string) (string, error
 	if err != nil {
 		return "", err
 	}
-	ws, found := parsedMessage.components[*fromHeaderName("signature")]
+	ws, found := parsedMessage.components[*fromDictHeader("signature", signatureName)]
 	if !found {
-		return "", fmt.Errorf("missing \"signature\" header")
+		return "", fmt.Errorf("missing \"signature\" header for \"%s\"", signatureName)
+	}
+	if len(ws) > 1 {
+		return "", fmt.Errorf("more than one \"signature\" value for \"%s\"", signatureName)
 	}
 	sigHeader := ws[0]
-	sigRaw, err := parseWantSignature(sigHeader, signatureName)
+	sigRaw, err := parseWantSignature(sigHeader)
 	if err != nil {
 		return "", err
 	}
 	return encodeBytes(sigRaw), nil
 }
 
 func messageKeyID(signatureName string, parsedMessage parsedMessage) (keyID, alg string, err error) {
-	si, found := parsedMessage.components[*fromHeaderName("signature-input")]
+	si, found := parsedMessage.components[*fromDictHeader("signature-input", signatureName)]
 	if !found {
-		return "", "", fmt.Errorf("missing \"signature-input\" header")
+		return "", "", fmt.Errorf("missing \"signature-input\" header, or cannot find \"%s\"", signatureName)
+	}
+	if len(si) > 1 {
+		return "", "", fmt.Errorf("more than one \"signature-input\" for %s", signatureName)
 	}
 	signatureInput := si[0]
 	psi, err := parseSignatureInput(signatureInput, signatureName)
@@ -278,23 +284,29 @@ func VerifyResponse(signatureName string, verifier Verifier, res *http.Response)
 }
 
 func verifyMessage(config VerifyConfig, name string, verifier Verifier, message parsedMessage, fields Fields) error {
-	wsi, found := message.components[*fromHeaderName("signature-input")]
+	wsi, found := message.components[*fromDictHeader("signature-input", name)]
 	if !found {
-		return fmt.Errorf("missing \"signature-input\" header")
+		return fmt.Errorf("missing \"signature-input\" header, or cannot find signature \"%s\"", name)
+	}
+	if len(wsi) > 1 {
+		return fmt.Errorf("multiple \"signature-header\" values for %s", name)
 	}
 	wantSignatureInput := wsi[0]
-	ws, found := message.components[*fromHeaderName("signature")]
+	ws, found := message.components[*fromDictHeader("signature", name)]
 	if !found {
 		return fmt.Errorf("missing \"signature\" header")
 	}
+	if len(ws) > 1 {
+		return fmt.Errorf("multiple \"signature\" values for %s", name)
+	}
 	wantSignature := ws[0]
-	delete(message.components, *fromHeaderName("signature-input"))
-	delete(message.components, *fromHeaderName("signature"))
+	delete(message.components, *fromDictHeader("signature-input", name))
+	delete(message.components, *fromDictHeader("signature", name))
 	err := validateFields(fields)
 	if err != nil {
 		return err
 	}
-	wantSigRaw, err := parseWantSignature(wantSignature, name)
+	wantSigRaw, err := parseWantSignature(wantSignature)
 	if err != nil {
 		return err
 	}
@@ -386,83 +398,59 @@ type psiSignature struct {
 	params        map[string]interface{}
 }
 
-type parsedSignatureInput struct {
-	signatures []psiSignature
-}
-
-func parseSignatureInput(input string, name string) (*psiSignature, error) {
-	psi := parsedSignatureInput{}
-	sigs, err := httpsfv.UnmarshalDictionary([]string{input})
+func parseSignatureInput(input string, sigName string) (*psiSignature, error) {
+	sigs, err := httpsfv.UnmarshalDictionary([]string{sigName + "=" + input}) // yes this is a hack, there is no UnmarshalInnerList
 	if err != nil {
-		return nil, fmt.Errorf("could not parse Signature-Input as list: %w", err)
+		return nil, fmt.Errorf("could not parse Signature-Input as dictionary: %w", err)
 	}
-	for _, name := range sigs.Names() {
-		memberForName, ok := sigs.Get(name)
-		if !ok {
-			return nil, fmt.Errorf("could not parse Signature-Input for signature %s", name)
-		}
-		fieldsList, ok := memberForName.(httpsfv.InnerList)
-		osp, err := httpsfv.Marshal(fieldsList) // undocumented functionality
-		if err != nil {
-			return nil, fmt.Errorf("could not marshal inner list: %w", err)
-		}
+	memberForName, _ := sigs.Get(sigName)
+	fieldsList, ok := memberForName.(httpsfv.InnerList)
+	osp, err := httpsfv.Marshal(fieldsList) // undocumented functionality
+	if err != nil {
+		return nil, fmt.Errorf("could not marshal inner list: %w", err)
+	}
+	if !ok {
+		return nil, fmt.Errorf("Signature-Input: signature %s does not have an inner list", sigName)
+	}
+	var f Fields
+	for _, ff := range fieldsList.Items {
+		fname, ok := ff.Value.(string)
 		if !ok {
-			return nil, fmt.Errorf("Signature-Input: signature %s does not have an inner list", name)
-		}
-		var f Fields
-		for _, ff := range fieldsList.Items {
-			fname, ok := ff.Value.(string)
-			if !ok {
-				return nil, fmt.Errorf("Signature-Input: value is not a string")
-			}
-			if ff.Params == nil || len(ff.Params.Names()) == 0 {
-				f = append(f, *fromHeaderName(fname))
-			} else {
-				if len(ff.Params.Names()) > 1 {
-					return nil, fmt.Errorf("more than one param for \"%s\"", fname)
-				}
-				flagNames := ff.Params.Names()
-				flagName := flagNames[0]
-				flagValue, _ := ff.Params.Get(flagName)
-				fv := flagValue.(string)
-				f = append(f, field{
-					name:      fname,
-					flagName:  flagName,
-					flagValue: fv,
-				})
-			}
+			return nil, fmt.Errorf("Signature-Input: value is not a string")
 		}
-		params := map[string]interface{}{}
-		ps := fieldsList.Params
-		for _, p := range (*ps).Names() {
-			pp, ok := ps.Get(p)
-			if !ok {
-				return nil, fmt.Errorf("could not read param \"%s\"", p)
+		if ff.Params == nil || len(ff.Params.Names()) == 0 {
+			f = append(f, *fromHeaderName(fname))
+		} else {
+			if len(ff.Params.Names()) > 1 {
+				return nil, fmt.Errorf("more than one param for \"%s\"", fname)
 			}
-			params[p] = pp
+			flagNames := ff.Params.Names()
+			flagName := flagNames[0]
+			flagValue, _ := ff.Params.Get(flagName)
+			fv := flagValue.(string)
+			f = append(f, field{
+				name:      fname,
+				flagName:  flagName,
+				flagValue: fv,
+			})
 		}
-		psi.signatures = append(psi.signatures, psiSignature{name, osp, f, params})
 	}
-	for _, s := range psi.signatures {
-		if s.signatureName == name {
-			return &s, nil
+	params := map[string]interface{}{}
+	ps := fieldsList.Params
+	for _, p := range (*ps).Names() {
+		pp, ok := ps.Get(p)
+		if !ok {
+			return nil, fmt.Errorf("could not read param \"%s\"", p)
 		}
+		params[p] = pp
 	}
-	return nil, fmt.Errorf("couldn't find signature input for \"%s\"", name)
+	return &psiSignature{sigName, osp, f, params}, nil
 }
 
-func parseWantSignature(wantSignature string, name string) ([]byte, error) {
-	parsedSignature, err := httpsfv.UnmarshalDictionary([]string{wantSignature})
+func parseWantSignature(wantSignature string) ([]byte, error) {
+	wantSigItem, err := httpsfv.UnmarshalItem([]string{wantSignature})
 	if err != nil {
-		return nil, fmt.Errorf("could not parse signature field: %w", err)
-	}
-	wantSigValue, found := parsedSignature.Get(name)
-	if !found {
-		return nil, fmt.Errorf("could not find signature \"%s\"", name)
-	}
-	wantSigItem, ok := wantSigValue.(httpsfv.Item)
-	if !ok {
-		return nil, fmt.Errorf("unexpected value in signature field")
+		return nil, fmt.Errorf("unexpected value in signature field: %s", err)
 	}
 	wantSigRaw, ok := wantSigItem.Value.([]byte)
 	if !ok {
diff --git a/signatures_test.go b/signatures_test.go
@@ -998,3 +998,32 @@ func TestRequestResponse(t *testing.T) {
 		t.Errorf("Could not verify response: %v", err)
 	}
 }
+
+func TestDictionary(t *testing.T) {
+	priv, pub, err := genP256KeyPair()
+	res := readResponse(httpres2)
+	res.Header.Set("X-Dictionary", "a=1, b=2;x=1;y=2, c=(a b c)")
+	signer2, err := NewP256Signer("key10", priv, NewSignConfig(),
+		*NewFields().AddHeader("@status").AddDictHeader("x-dictionary", "a"))
+	if err != nil {
+		t.Errorf("Could not create signer")
+	}
+	sigInput2, sig2, err := SignResponse("sig2", *signer2, res)
+	if err != nil {
+		t.Errorf("Could not sign response: %v", err)
+	}
+	res.Header.Add("Signature-Input", sigInput2)
+	res.Header.Add("Signature", sig2)
+
+	// Client verifies response
+	verifier2, err := NewP256Verifier("key10", pub, NewVerifyConfig().SetVerifyCreated(false),
+		*NewFields().AddHeader("@status").AddDictHeader("x-dictionary", "a"))
+	if err != nil {
+		t.Errorf("Could not create verifier: %v", err)
+	}
+	err = VerifyResponse("sig2", *verifier2, res)
+	if err != nil {
+		t.Errorf("Could not verify response: %v", err)
+	}
+
+}

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ func Test_WrapHandler(t *testing.T) {`
`27`	`27`
`28`	`28`	`simpleHandler := func(w http.ResponseWriter, r *http.Request) {`
`29`	`29`	`w.WriteHeader(200)`
`30`		`- w.Header().Set("bar", "baz")`
	`30`	`+ w.Header().Set("bar", "baz and baz again")`
`31`	`31`	`fmt.Fprintln(w, "Hello, client")`
`32`	`32`	`fmt.Fprintln(w, "Hello again")`
`33`	`33`	`}`