From 28746486ba793efa8754baaea40eacc65d7de3b7 Mon Sep 17 00:00:00 2001 From: Thomas Sanders Date: Mon, 22 May 2023 12:07:13 +0100 Subject: [PATCH 1/3] Remove needless referencing (Clippy complained about this.) --- src/algorithm.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/algorithm.rs b/src/algorithm.rs index b2ca335..2f55bad 100644 --- a/src/algorithm.rs +++ b/src/algorithm.rs @@ -80,7 +80,7 @@ impl HttpDigest for Sha256 { "SHA-256" } fn http_digest(&self, bytes_to_digest: &[u8]) -> String { - base64::encode(&Self::digest(bytes_to_digest)) + base64::encode(Self::digest(bytes_to_digest)) } } @@ -89,7 +89,7 @@ impl HttpDigest for Sha512 { "SHA-512" } fn http_digest(&self, bytes_to_digest: &[u8]) -> String { - base64::encode(&Self::digest(bytes_to_digest)) + base64::encode(Self::digest(bytes_to_digest)) } } From 6e30d1d23dcdea8df47036cad97404c473aabf9e Mon Sep 17 00:00:00 2001 From: Thomas Sanders Date: Fri, 12 May 2023 15:25:33 +0100 Subject: [PATCH 2/3] Add missing final quote to authorization header This bug was causing the "http-signature" npm package to reject our signatures. We were omitting the final double-quote character from a header which should have been like authorization: Signature keyId="XsaEtYId",algorithm="hs2019", signature="+5ZJSiOnnJ9BMuNv1GdosHGVERGm1j/yz2W56MXcKM0=", headers="(request-target) host date" (but without the line-breaks which are included in this commit-message for readability). Jira: APPS-874 Fixes: https://github.com/PassFort/http-signatures/issues/19 --- src/reqwest_impls.rs | 2 +- src/signing.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/reqwest_impls.rs b/src/reqwest_impls.rs index fa38994..ff5c123 100644 --- a/src/reqwest_impls.rs +++ b/src/reqwest_impls.rs @@ -92,7 +92,7 @@ mod tests { let with_sig = without_sig.signed(&config).unwrap(); - assert_eq!(with_sig.headers().get(AUTHORIZATION).unwrap(), "Signature keyId=\"test_key\",algorithm=\"hs2019\",signature=\"F8gZiriO7dtKFiP5eSZ+Oh1h61JIrAR6D5Mdh98DjqA=\",headers=\"(request-target) host date digest"); + assert_eq!(with_sig.headers().get(AUTHORIZATION).unwrap(), "Signature keyId=\"test_key\",algorithm=\"hs2019\",signature=\"F8gZiriO7dtKFiP5eSZ+Oh1h61JIrAR6D5Mdh98DjqA=\",headers=\"(request-target) host date digest\""); assert_eq!( with_sig .headers() diff --git a/src/signing.rs b/src/signing.rs index 4f6145f..5c76dba 100644 --- a/src/signing.rs +++ b/src/signing.rs @@ -476,7 +476,7 @@ impl SigningExt for R { // Construct the authorization header let auth_header = format!( - r#"Signature keyId="{}",algorithm="{}",signature="{}",headers="{}"#, + r#"Signature keyId="{}",algorithm="{}",signature="{}",headers="{}""#, config.key_id, "hs2019", signature, joined_headers ); From 38f950546d106094b66325dec27d3dbe3d5baa43 Mon Sep 17 00:00:00 2001 From: Thomas Sanders Date: Mon, 22 May 2023 16:01:52 +0100 Subject: [PATCH 3/3] Increment version to 0.5.0 after bug-fix The change to the signing code was potentially backward-incompatible (depending on the implementation of the counterparty's verification code). According to the Semantic Versioning convention, a backward-incompatible change would require incrementing the major version if it were non-zero already, but it is still zero so any changes are allowed. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index d76e105..e354feb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "http-sig" description = "Implementation of the IETF draft 'Signing HTTP Messages'" -version = "0.4.1" +version = "0.5.0" authors = ["Jack Cargill ", "Diggory Blake"] edition = "2018" readme = "README.md"