Cleaned up field specification code

Author: yaronf

client_test.go

@@ -33,7 +33,7 @@ func TestClient_Get(t *testing.T) {
 			fields: fields{
 				sigName: "sig1",
 				signer: func() *Signer {
-					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
 					return signer
 				}(),
 				verifier:      nil,
@@ -51,7 +51,7 @@ func TestClient_Get(t *testing.T) {
 			fields: fields{
 				sigName: "sig1",
 				signer: func() *Signer {
-					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
 					return signer
 				}(),
 				verifier:      nil,
@@ -69,7 +69,7 @@ func TestClient_Get(t *testing.T) {
 			fields: fields{
 				sigName: "",
 				signer: func() *Signer {
-					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
 					return signer
 				}(),
 				verifier:      nil,
@@ -87,7 +87,7 @@ func TestClient_Get(t *testing.T) {
 			fields: fields{
 				sigName: "sig1",
 				signer: func() *Signer {
-					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
 					return signer
 				}(),
 				verifier: nil,
@@ -107,12 +107,12 @@ func TestClient_Get(t *testing.T) {
 			fields: fields{
 				sigName: "sig1",
 				signer: func() *Signer {
-					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
 					return signer
 				}(),
 				verifier: nil,
 				fetchVerifier: func(res *http.Response, req *http.Request) (sigName string, verifier *Verifier) {
-					verifier, _ = NewHMACSHA256Verifier("key1", bytes.Repeat([]byte{2}, 64), NewVerifyConfig(), HeaderList([]string{"@method"}))
+					verifier, _ = NewHMACSHA256Verifier("key1", bytes.Repeat([]byte{2}, 64), NewVerifyConfig(), Headers("@method"))
 					return "name", verifier
 				},
 				Client: *http.DefaultClient,
@@ -192,7 +192,7 @@ func TestClient_Head(t *testing.T) {
 			fields: fields{
 				sigName: "sig1",
 				signer: func() *Signer {
-					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), HeaderList([]string{"@method"}))
+					signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64), NewSignConfig(), Headers("@method"))
 					return signer
 				}(),
 				verifier:      nil,

clientex_test.go

@@ -24,7 +24,7 @@ func ExampleClient_Get() {
 	// Create a signer and a wrapped HTTP client (we set SignCreated to false to make the response deterministic,
 	// don't do that in production.)
 	signer, _ := httpsign.NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64),
-		httpsign.NewSignConfig().SignCreated(false), httpsign.HeaderList([]string{"@method"}))
+		httpsign.NewSignConfig().SignCreated(false), httpsign.Headers("@method"))
 	client := httpsign.NewDefaultClient("sig22", signer, nil, nil) // sign, don't verify
 
 	// Send an HTTP GET, get response -- signing and verification happen behind the scenes

fields.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 )
 
-// Fields is a list of fields to be signed. To initialize, use HeaderList or for more complex
+// Fields is a list of fields to be signed. To initialize, use Headers or for more complex
 // cases, NewFields followed by a chain of Add... methods.
 type Fields []field
 
@@ -23,14 +23,19 @@ func (f *field) String() string {
 	return fmt.Sprintf("%s;%s=\"%s\"", f.name, f.flagName, f.flagValue)
 }
 
-// HeaderList is a simple way to generate a Fields list, where only simple header names and specialty headers
+// Headers is a simple way to generate a Fields list, where only simple header names and derived headers
 // are needed.
-func HeaderList(hs []string) Fields {
-	var f []field
+func Headers(hs ...string) Fields {
+	fs := NewFields()
+	return *fs.AddHeaders(hs...)
+}
+
+// AddHeaders adds a list of simple or derived header names
+func (fs *Fields) AddHeaders(hs ...string) *Fields {
 	for _, h := range hs {
-		f = append(f, *fromHeaderName(h))
+		*fs = append(*fs, *fromHeaderName(h))
 	}
-	return f
+	return fs
 }
 
 // NewFields return an empty list of fields

fields_test.go

@@ -18,7 +18,7 @@ func TestFields_asSignatureInput(t *testing.T) {
 	}{
 		{
 			name: "Just headers",
-			fs:   HeaderList([]string{"hdr1", "hdr2", "@Hdr3"}),
+			fs:   Headers("hdr1", "hdr2", "@Hdr3"),
 			args: args{
 				p: httpsfv.NewParams(),
 			},

handler_test.go

@@ -14,14 +14,14 @@ func Test_WrapHandler(t *testing.T) {
 	fetchVerifier := func(r *http.Request) (string, *Verifier) {
 		sigName := "sig1"
 		verifier, _ := NewHMACSHA256Verifier("key", bytes.Repeat([]byte{0}, 64), nil,
-			HeaderList([]string{"@method"}))
+			Headers("@method"))
 		return sigName, verifier
 	}
 
 	fetchSigner := func(res http.Response, r *http.Request) (string, *Signer) {
 		sigName := "sig1"
 		signer, _ := NewHMACSHA256Signer("key", bytes.Repeat([]byte{0}, 64), nil,
-			HeaderList([]string{"@status", "bar", "date"}))
+			Headers("@status", "bar", "date"))
 		return sigName, signer
 	}
 
@@ -71,7 +71,7 @@ func TestWrapHandlerServerSigns(t *testing.T) {
 		fetchSigner := func(res http.Response, r *http.Request) (string, *Signer) {
 			sigName := "sig1"
 			signer, _ := NewHMACSHA256Signer("key", bytes.Repeat([]byte{0}, 64), signConfig,
-				HeaderList([]string{"@status", "bar", "date"}))
+				Headers("@status", "bar", "date"))
 			return sigName, signer
 		}
 		badFetchSigner := func(res http.Response, r *http.Request) (string, *Signer) {
@@ -178,7 +178,7 @@ func TestWrapHandlerServerFails(t *testing.T) { // non-default verify handler
 	fetchVerifier := func(r *http.Request) (string, *Verifier) {
 		sigName := "sig1"
 		verifier, _ := NewHMACSHA256Verifier("key", bytes.Repeat([]byte{0}, 64), nil,
-			HeaderList([]string{"@method"}))
+			Headers("@method"))
 		return sigName, verifier
 	}
 	config := NewHandlerConfig().SetReqNotVerified(verifyFailed).SetFetchVerifier(fetchVerifier)
@@ -189,7 +189,7 @@ func TestWrapHandlerServerFails(t *testing.T) { // non-default verify handler
 	// Create a signer and a wrapped HTTP client (we set SignCreated to false to make the response deterministic,
 	// don't do that in production.)
 	signer, _ := NewHMACSHA256Signer("key1", bytes.Repeat([]byte{1}, 64),
-		NewSignConfig().SignCreated(false), HeaderList([]string{"@method"}))
+		NewSignConfig().SignCreated(false), Headers("@method"))
 	client := NewDefaultClient("sig22", signer, nil, nil) // sign, don't verify
 
 	// Send an HTTP GET, get response -- signing and verification happen behind the scenes

handlerex_test.go

@@ -17,7 +17,7 @@ func ExampleWrapHandler_clientSigns() {
 	fetchVerifier := func(r *http.Request) (string, *httpsign.Verifier) {
 		sigName := "sig1"
 		verifier, _ := httpsign.NewHMACSHA256Verifier("key", bytes.Repeat([]byte{0x99}, 64), nil,
-			httpsign.HeaderList([]string{"@method"}))
+			httpsign.Headers("@method"))
 		return sigName, verifier
 	}
 
@@ -57,7 +57,7 @@ func ExampleWrapHandler_serverSigns() {
 	fetchSigner := func(res http.Response, r *http.Request) (string, *httpsign.Signer) {
 		sigName := "sig1"
 		signer, _ := httpsign.NewHMACSHA256Signer("key", bytes.Repeat([]byte{0}, 64), nil,
-			httpsign.HeaderList([]string{"@status", "bar", "date", "content-type"}))
+			httpsign.Headers("@status", "bar", "date", "content-type"))
 		return sigName, signer
 	}
 

signatures_test.go

@@ -361,7 +361,7 @@ func TestSignRequest(t *testing.T) {
 				signatureName: "sig1",
 				signer: (func() Signer {
 					config := NewSignConfig().SignAlg(false).setFakeCreated(1618884475)
-					fields := HeaderList([]string{"@authority", "date", "content-type"})
+					fields := Headers("@authority", "date", "content-type")
 					key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
 					signer, _ := NewHMACSHA256Signer("test-shared-secret", key, config, fields)
 					return *signer
@@ -378,7 +378,7 @@ func TestSignRequest(t *testing.T) {
 				signatureName: "sig1",
 				signer: (func() Signer {
 					config := NewSignConfig().SignAlg(false).setFakeCreated(1618884475)
-					fields := HeaderList([]string{"@authorityxx", "date", "content-type"})
+					fields := Headers("@authorityxx", "date", "content-type")
 					key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
 					signer, _ := NewHMACSHA256Signer("test-shared-secret", key, config, fields)
 					return *signer
@@ -395,7 +395,7 @@ func TestSignRequest(t *testing.T) {
 				signatureName: "sig1",
 				signer: (func() Signer {
 					config := NewSignConfig().SignAlg(false).setFakeCreated(1618884475)
-					fields := HeaderList([]string{"@authority", "date-not-really", "content-type"})
+					fields := Headers("@authority", "date-not-really", "content-type")
 					key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
 					signer, _ := NewHMACSHA256Signer("test-shared-secret", key, config, fields)
 					return *signer
@@ -557,7 +557,7 @@ func readResponse(s string) *http.Response {
 
 func TestSignAndVerifyHMAC(t *testing.T) {
 	config := NewSignConfig().SignAlg(false).setFakeCreated(1618884475)
-	fields := HeaderList([]string{"@authority", "date", "content-type"})
+	fields := Headers("@authority", "date", "content-type")
 	signatureName := "sig1"
 	key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
 	signer, _ := NewHMACSHA256Signer("test-shared-secret", key, config, fields)
@@ -577,7 +577,7 @@ func TestSignAndVerifyHMAC(t *testing.T) {
 
 func TestSignAndVerifyHMACBad(t *testing.T) {
 	config := NewSignConfig().SignAlg(false).setFakeCreated(1618884475)
-	fields := HeaderList([]string{"@authority", "date", "content-type"})
+	fields := Headers("@authority", "date", "content-type")
 	signatureName := "sig1"
 	key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
 	signer, _ := NewHMACSHA256Signer("test-shared-secret", key, config, fields)
@@ -598,7 +598,7 @@ func TestSignAndVerifyHMACBad(t *testing.T) {
 
 func TestCreated(t *testing.T) {
 	testOnceWithConfig := func(t *testing.T, createdTime int64, verifyConfig *VerifyConfig, wantSuccess bool) {
-		fields := HeaderList([]string{"@status", "date", "content-type"})
+		fields := Headers("@status", "date", "content-type")
 		signatureName := "sigres"
 		key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
 		signConfig := NewSignConfig().SignCreated(true).setFakeCreated(createdTime)
@@ -650,7 +650,7 @@ func TestCreated(t *testing.T) {
 }
 
 func TestSignAndVerifyResponseHMAC(t *testing.T) {
-	fields := HeaderList([]string{"@status", "date", "content-type"})
+	fields := Headers("@status", "date", "content-type")
 	signatureName := "sigres"
 	key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
 	config := NewSignConfig().SetExpires(999)                                   // should have expired long ago (but will be ignored by verifier)
@@ -673,7 +673,7 @@ func TestSignAndVerifyResponseHMAC(t *testing.T) {
 
 func TestSignAndVerifyRSAPSS(t *testing.T) {
 	config := NewSignConfig().SignAlg(false).setFakeCreated(1618884475)
-	fields := HeaderList([]string{"@authority", "date", "content-type"})
+	fields := Headers("@authority", "date", "content-type")
 	signatureName := "sig1"
 	prvKey, err := loadRSAPSSPrivateKey(rsaPSSPrvKey)
 	if err != nil {
@@ -700,7 +700,7 @@ func TestSignAndVerifyRSAPSS(t *testing.T) {
 
 func TestSignAndVerifyRSA(t *testing.T) {
 	config := NewSignConfig().SignAlg(false).setFakeCreated(1618884475)
-	fields := HeaderList([]string{"@authority", "date", "content-type"})
+	fields := Headers("@authority", "date", "content-type")
 	signatureName := "sig1"
 	prvKey, err := parseRsaPrivateKeyFromPemStr(rsaPrvKey)
 	if err != nil {
@@ -817,7 +817,8 @@ func TestSignResponse(t *testing.T) {
 				signatureName: "sig1",
 				signer: (func() Signer {
 					key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
-					signer, _ := NewHMACSHA256Signer("test-shared-secret", key, NewSignConfig().setFakeCreated(1618889999), HeaderList([]string{"@status", "date", "content-type"}))
+					signer, _ := NewHMACSHA256Signer("test-shared-secret", key, NewSignConfig().setFakeCreated(1618889999), Headers(
+						"@status", "date", "content-type"))
 					return *signer
 				})(),
 				res: readResponse(httpres1),
@@ -832,7 +833,10 @@ func TestSignResponse(t *testing.T) {
 				signatureName: "sig1",
 				signer: (func() Signer {
 					key, _ := base64.StdEncoding.DecodeString("uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ==")
-					signer, _ := NewHMACSHA256Signer("test-shared-secret", key, NewSignConfig().setFakeCreated(1618889999), HeaderList([]string{"@status", "date", "content-type"}))
+					signer, _ := NewHMACSHA256Signer("test-shared-secret", key, NewSignConfig().setFakeCreated(1618889999), Headers(
+
+						"@status", "date", "content-type",
+					))
 					return *signer
 				})(),
 				res: nil,
@@ -1071,7 +1075,7 @@ func TestRequestResponse(t *testing.T) {
 		t.Errorf("Could not generate P-256 keypair")
 	}
 	req := readRequest(httpreq2)
-	signer1, err := NewP256Signer("key9", priv1, NewSignConfig(), HeaderList([]string{"@request-target"}))
+	signer1, err := NewP256Signer("key9", priv1, NewSignConfig(), Headers("@request-target"))
 	if err != nil {
 		t.Errorf("Could not create signer")
 	}
@@ -1083,7 +1087,7 @@ func TestRequestResponse(t *testing.T) {
 	req.Header.Add("Signature", sig1)
 
 	// Server verifies request and signs response
-	verifier1, err := NewP256Verifier("key9", pub1, NewVerifyConfig(), HeaderList([]string{"@request-target"}))
+	verifier1, err := NewP256Verifier("key9", pub1, NewVerifyConfig(), Headers("@request-target"))
 	if err != nil {
 		t.Errorf("Could not create verifier: %v", err)
 	}
@@ -1101,7 +1105,7 @@ func TestRequestResponse(t *testing.T) {
 	if err != nil {
 		t.Errorf("Could not parse sig1")
 	}
-	signer2, err := NewP256Signer("key10", priv2, NewSignConfig().SetRequestResponse("sig1", sig1Value), HeaderList([]string{"@status"}))
+	signer2, err := NewP256Signer("key10", priv2, NewSignConfig().SetRequestResponse("sig1", sig1Value), Headers("@status"))
 	if err != nil {
 		t.Errorf("Could not create signer")
 	}
@@ -1113,15 +1117,15 @@ func TestRequestResponse(t *testing.T) {
 	res.Header.Add("Signature", sig2)
 
 	// Client verifies response
-	verifier2, err := NewP256Verifier("key10", pub2, NewVerifyConfig().SetRequestResponse("sigxx", sig1Value).SetVerifyCreated(false), HeaderList([]string{"@status"}))
+	verifier2, err := NewP256Verifier("key10", pub2, NewVerifyConfig().SetRequestResponse("sigxx", sig1Value).SetVerifyCreated(false), Headers("@status"))
 	if err != nil {
 		t.Errorf("Could not create second verifier: %v", err)
 	}
 	err = VerifyResponse("sig2", *verifier2, res)
 	if err == nil {
 		t.Errorf("Verification should have failed, wrong sig name in SetRequestResponse")
 	}
-	verifier2, err = NewP256Verifier("key10", pub2, NewVerifyConfig().SetRequestResponse("sig1", sig1Value).SetVerifyCreated(false), HeaderList([]string{"@status"}))
+	verifier2, err = NewP256Verifier("key10", pub2, NewVerifyConfig().SetRequestResponse("sig1", sig1Value).SetVerifyCreated(false), Headers("@status"))
 	if err != nil {
 		t.Errorf("Could not create second verifier: %v", err)
 	}
@@ -1165,7 +1169,7 @@ func TestDictionary(t *testing.T) {
 func TestMultipleSignatures(t *testing.T) {
 	priv1, _, err := genP256KeyPair() // no pub, no verify
 	res := readResponse(httpres2)
-	signer1, err := NewP256Signer("key10", priv1, NewSignConfig().SignCreated(false), HeaderList([]string{"Content-Type", "Digest"}))
+	signer1, err := NewP256Signer("key10", priv1, NewSignConfig().SignCreated(false), Headers("Content-Type", "Digest"))
 	if err != nil {
 		t.Errorf("Could not create signer")
 	}
@@ -1245,7 +1249,7 @@ func Test_signRequestDebug(t *testing.T) {
 			name: "normal header, sec. 2.1.1",
 			args: args{
 				signatureName: "sig1",
-				signer:        makeHMACSigner(*NewSignConfig().SignCreated(false), HeaderList([]string{"example-dictionary"})),
+				signer:        makeHMACSigner(*NewSignConfig().SignCreated(false), Headers("example-dictionary")),
 				req:           readRequest(dict1),
 			},
 			wantSignatureInputHeader: "sig1=(\"example-dictionary\");alg=\"hmac-sha256\";keyid=\"test-key-hmac\"",
@@ -1257,7 +1261,7 @@ func Test_signRequestDebug(t *testing.T) {
 			name: "cross-line header, trim",
 			args: args{
 				signatureName: "sig1",
-				signer:        makeHMACSigner(*NewSignConfig().SignCreated(false), HeaderList([]string{"example-dictionary"})),
+				signer:        makeHMACSigner(*NewSignConfig().SignCreated(false), Headers("example-dictionary")),
 				req:           readRequest(dict2),
 			},
 			wantSignatureInputHeader: "sig1=(\"example-dictionary\");alg=\"hmac-sha256\";keyid=\"test-key-hmac\"",
@@ -1270,7 +1274,7 @@ func Test_signRequestDebug(t *testing.T) {
 			args: args{
 				signatureName: "sig1",
 				signer: makeHMACSigner(*NewSignConfig().SignCreated(false),
-					HeaderList([]string{"X-OWS-Header", "X-Obs-Fold-Header", "Cache-Control", "Example-Dictionary"})),
+					Headers("X-OWS-Header", "X-Obs-Fold-Header", "Cache-Control", "Example-Dictionary")),
 				req: readRequest(httpreq4),
 			},
 			wantSignatureInputHeader: "sig1=(\"x-ows-header\" \"x-obs-fold-header\" \"cache-control\" \"example-dictionary\");alg=\"hmac-sha256\";keyid=\"test-key-hmac\"",

signaturesex_test.go

@@ -11,7 +11,7 @@ import (
 
 func ExampleSignRequest() {
 	config := httpsign.NewSignConfig().SignCreated(false).SetNonce("BADCAB") // SignCreated should be "true" to protect against replay attacks
-	fields := httpsign.HeaderList([]string{"@authority", "Date", "@method"})
+	fields := httpsign.Headers("@authority", "Date", "@method")
 	signer, _ := httpsign.NewHMACSHA256Signer("my-shared-secret", bytes.Repeat([]byte{0x77}, 64), config, fields)
 	reqStr := `GET /foo HTTP/1.1
 Host: example.org
@@ -30,7 +30,7 @@ Cache-Control: max-age=60
 func ExampleVerifyRequest() {
 	config := httpsign.NewVerifyConfig().SetVerifyCreated(false) // for testing only
 	verifier, _ := httpsign.NewHMACSHA256Verifier("my-shared-secret", bytes.Repeat([]byte{0x77}, 64), config,
-		httpsign.HeaderList([]string{"@authority", "Date", "@method"}))
+		httpsign.Headers("@authority", "Date", "@method"))
 	reqStr := `GET /foo HTTP/1.1
 Host: example.org
 Date: Tue, 20 Apr 2021 02:07:55 GMT