Skip to content

Commit 47c426a

Browse files
yaronfyaronf
committed
All tests are passing
1 parent 06e309a commit 47c426a

File tree

2 files changed

+57
-19
lines changed

2 files changed

+57
-19
lines changed

signatures.go

Lines changed: 23 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@ import (
1111
"encoding/base64"
1212
"fmt"
1313
"github.com/dunglas/httpsfv"
14-
"log"
1514
"net/http"
1615
"strings"
1716
"time"
@@ -63,14 +62,18 @@ func generateSignatureInput(message parsedMessage, fields Fields, params string)
6362
}
6463
}
6564
inp += fmt.Sprintf("\"%s\": %s", "@signature-params", params)
66-
log.Println("inp:", "\n"+inp) // TODO!
65+
// log.Println("inp:", "\n"+inp)
6766
return inp, nil
6867
}
6968

7069
func generateFieldValues(f field, message parsedMessage) ([]string, error) {
7170
if f.flagName == "" {
7271
if strings.HasPrefix(f.name, "@") { // derived component
73-
return []string{message.derived[f.name]}, nil
72+
vv, found := message.derived[f.name]
73+
if !found {
74+
return nil, fmt.Errorf("derived header %s not found", f.name)
75+
}
76+
return []string{vv}, nil
7477
}
7578
vv, found := message.headers[f.name] // normal header, cannot use "Values" on lowercased header name
7679
if !found {
@@ -183,23 +186,24 @@ func SignResponse(signatureName string, signer Signer, res *http.Response) (sign
183186
if err != nil {
184187
return "", "", err
185188
}
186-
// extendedFields := addPseudoHeaders(parsedMessage, signer.config.requestResponse, signer.fields)
187-
return signMessage(*signer.config, signatureName, signer, *parsedMessage, signer.fields)
189+
extendedFields := addPseudoHeaders(parsedMessage, signer.config.requestResponse, signer.fields)
190+
return signMessage(*signer.config, signatureName, signer, *parsedMessage, extendedFields)
188191
}
189192

190193
// Handle the special header-like @request-response
191-
//func addPseudoHeaders(message *parsedMessage, rr *requestResponse, fields Fields) Fields {
192-
// if rr != nil {
193-
// rrfield := field{
194-
// name: "@request-response",
195-
// flagName: "key",
196-
// flagValue: rr.name,
197-
// }
198-
// message.components[rrfield] = []string{rr.signature}
199-
// return append(fields, rrfield)
200-
// }
201-
// return fields
202-
//}
194+
func addPseudoHeaders(message *parsedMessage, rr *requestResponse, fields Fields) Fields {
195+
if rr != nil {
196+
rrfield := field{
197+
name: "@request-response",
198+
flagName: "key",
199+
flagValue: rr.name,
200+
}
201+
message.headers.Add("@request-response", rr.name+"="+rr.signature)
202+
203+
return append(fields, rrfield)
204+
}
205+
return fields
206+
}
203207

204208
//
205209
// VerifyRequest verifies a signed HTTP request. Returns an error if verification failed for any reason, otherwise nil.
@@ -324,8 +328,8 @@ func VerifyResponse(signatureName string, verifier Verifier, res *http.Response)
324328
if err != nil {
325329
return err
326330
}
327-
// extendedFields := addPseudoHeaders(parsedMessage, verifier.config.requestResponse, verifier.fields)
328-
return verifyMessage(*verifier.config, signatureName, verifier, *parsedMessage, verifier.fields)
331+
extendedFields := addPseudoHeaders(parsedMessage, verifier.config.requestResponse, verifier.fields)
332+
return verifyMessage(*verifier.config, signatureName, verifier, *parsedMessage, extendedFields)
329333
}
330334

331335
func verifyMessage(config VerifyConfig, name string, verifier Verifier, message parsedMessage, fields Fields) error {

signatures_test.go

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -371,6 +371,40 @@ func TestSignRequest(t *testing.T) {
371371
want1: "sig1=:fN3AMNGbx0V/cIEKkZOvLOoC3InI+lM2+gTv22x3ia8=:",
372372
wantErr: false,
373373
},
374+
{
375+
name: "missing derived field",
376+
args: args{
377+
signatureName: "sig1",
378+
signer: (func() Signer {
379+
config := NewSignConfig().SignAlg(false).setFakeCreated(1618884475)
380+
fields := HeaderList([]string{"@authorityxx", "date", "content-type"})
381+
key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
382+
signer, _ := NewHMACSHA256Signer("test-shared-secret", key, config, fields)
383+
return *signer
384+
})(),
385+
req: readRequest(httpreq1),
386+
},
387+
want: "",
388+
want1: "",
389+
wantErr: true,
390+
},
391+
{
392+
name: "missing header",
393+
args: args{
394+
signatureName: "sig1",
395+
signer: (func() Signer {
396+
config := NewSignConfig().SignAlg(false).setFakeCreated(1618884475)
397+
fields := HeaderList([]string{"@authority", "date-not-really", "content-type"})
398+
key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
399+
signer, _ := NewHMACSHA256Signer("test-shared-secret", key, config, fields)
400+
return *signer
401+
})(),
402+
req: readRequest(httpreq1),
403+
},
404+
want: "",
405+
want1: "",
406+
wantErr: true,
407+
},
374408
{
375409
name: "sign request: nil request",
376410
args: args{

0 commit comments

Comments
 (0)