Skip to content

Fix empty path in request-target #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix empty path in request-target #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 78 additions & 2 deletions httpsig_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ type httpsigTest struct {
expectedSignatureAlgorithm string
expectedAlgorithm Algorithm
expectErrorSigningResponse bool
expectRequestPath bool
expectedDigest string
}

Expand Down Expand Up @@ -247,7 +246,6 @@ func init() {
expectedAlgorithm: RSA_SHA512,
expectedSignatureAlgorithm: "hs2019",
expectErrorSigningResponse: true,
expectRequestPath: true,
},
}

Expand Down Expand Up @@ -390,6 +388,84 @@ func TestSignerResponse(t *testing.T) {
}
}

func TestNewRequestTargetHeader(t *testing.T) {
tests := []struct {
name string
prefs []Algorithm
digestAlg DigestAlgorithm
headers []string
scheme SignatureScheme
privKey crypto.PrivateKey
pubKeyId string
pubKey crypto.PublicKey
expectedAlgorithm Algorithm
expectedSignatureAlgorithm string
url string
}{
{
name: "root path without /",
prefs: []Algorithm{RSA_SHA512},
digestAlg: DigestSha256,
headers: []string{"Date", RequestTarget},
scheme: Signature,
privKey: privKey,
pubKeyId: "pubKeyId",
pubKey: privKey.Public(),
expectedSignatureAlgorithm: "hs2019",
expectedAlgorithm: RSA_SHA512,
url: "", // empty url / path
},
{
name: "root path with /",
prefs: []Algorithm{RSA_SHA512},
digestAlg: DigestSha256,
headers: []string{"Date", RequestTarget},
scheme: Signature,
privKey: privKey,
pubKeyId: "pubKeyId",
pubKey: privKey.Public(),
expectedSignatureAlgorithm: "hs2019",
expectedAlgorithm: RSA_SHA512,
url: "/",
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
test := test
s, a, err := NewSigner(test.prefs, test.digestAlg, test.headers, test.scheme, 0)
if err != nil {
t.Fatalf("%s", err)
}
if a != test.expectedAlgorithm {
t.Fatalf("got %s, want %s", a, test.expectedAlgorithm)
}
req, err := http.NewRequest(testMethod, test.url, nil)
if err != nil {
t.Fatalf("%s", err)
}
req.Header.Set("Date", testDate)
err = s.SignRequest(test.privKey, test.pubKeyId, req, nil)
if err != nil {
t.Fatalf("signing failed: %s", err)
}

requestTarget := req.Header.Get(RequestTarget)
parts := strings.Split(requestTarget, requestTargetSeparator)
if len(parts) != 2 {
t.Fatalf("request target should contain two parts divided by '%s'", requestTargetSeparator)
}

if parts[0] != strings.ToLower(testMethod) {
t.Fatalf("request target method is '%s' expected '%s'", parts[0], strings.ToLower(testMethod))
}

if parts[1] != "/" {
t.Fatalf("request target path is '%s' expected '%s'", parts[1], "/")
}
})
}
}

func TestNewSignerRequestMissingHeaders(t *testing.T) {
failingTests := []struct {
name string
Expand Down
27 changes: 19 additions & 8 deletions signing.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ func (m *macSigner) SignRequest(pKey crypto.PrivateKey, pubKeyId string, r *http
return err
}
}

s, err := m.signatureString(r)
if err != nil {
return err
Expand Down Expand Up @@ -198,6 +199,7 @@ func setSignatureHeader(h http.Header, targetHeader, prefix, pubKeyId, algo, enc
headers = defaultHeaders
}
var b bytes.Buffer

// KeyId
b.WriteString(prefix)
if len(prefix) > 0 {
Expand All @@ -209,6 +211,7 @@ func setSignatureHeader(h http.Header, targetHeader, prefix, pubKeyId, algo, enc
b.WriteString(pubKeyId)
b.WriteString(parameterValueDelimiter)
b.WriteString(parameterSeparater)

// Algorithm
b.WriteString(algorithmParameter)
b.WriteString(parameterKVSeparater)
Expand Down Expand Up @@ -256,6 +259,7 @@ func setSignatureHeader(h http.Header, targetHeader, prefix, pubKeyId, algo, enc
}
b.WriteString(parameterValueDelimiter)
b.WriteString(parameterSeparater)

// Signature
b.WriteString(signatureParameter)
b.WriteString(parameterKVSeparater)
Expand All @@ -271,17 +275,24 @@ func requestTargetNotPermitted(b *bytes.Buffer) error {

func addRequestTarget(r *http.Request) func(b *bytes.Buffer) error {
return func(b *bytes.Buffer) error {
b.WriteString(RequestTarget)
b.WriteString(headerFieldDelimiter)
b.WriteString(strings.ToLower(r.Method))
b.WriteString(requestTargetSeparator)
b.WriteString(r.URL.Path)

var value strings.Builder
value.WriteString(strings.ToLower(r.Method))
value.WriteString(requestTargetSeparator)
value.WriteString(r.URL.Path)
if !strings.HasSuffix(r.URL.Path, "/") {
value.WriteString("/")
}
if r.URL.RawQuery != "" {
b.WriteString("?")
b.WriteString(r.URL.RawQuery)
value.WriteString("?")
value.WriteString(r.URL.RawQuery)
}

r.Header.Set(RequestTarget, value.String())

b.WriteString(RequestTarget)
b.WriteString(headerFieldDelimiter)
b.WriteString(value.String())

return nil
}
}
Expand Down