Update license and clean-up

LICENSE

@@ -1,6 +1,7 @@
 BSD 3-Clause License
 
 Copyright (c) 2021, James Bowes
+Copyright (c) 2023, Alexander Taraymovich, OffBlocks
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

README.md

@@ -33,6 +33,37 @@ and the request path.
 
 ## Usage
 
+### Standalone Signing and Verification
+
+To sign a request, first instantiate a `Signer` using your preferred key and signing algorithm:
+
+```go
+// Create a signer
+signer := httpsig.NewSigner(httpsig.WithSignEcdsaP256Sha256("key1", privKey))
+
+// Create a request
+req, _ := http.NewRequest("GET", "https://some-url.com", nil)
+
+// Sign the request
+header, _ := signer.Sign(httpsig.MessageFromRequest(req))
+
+// Add the signature to the request
+req.Header = header
+```
+
+To verify a response, instantiate a `Verifier` using your preferred key and signing algorithm:
+
+```go
+// Receive a response from server
+resp, _ := client.Post("https://some-url.com", "application/json", &buf)
+
+// Create a verifier
+verifier := httpsig.NewVerifier(httpsig.WithVerifyEcdsaP256Sha256("key1", pubKey))
+
+// Verify the response
+err := verifier.Verify(httpsig.MessageFromResponse(resp))
+```
+
 ### Signing HTTP Requests in Clients
 
 To sign HTTP requests from a client, wrap an `http.Client`'s transport with
@@ -119,15 +150,14 @@ computation is based on version `13` of [Digest Headers][dighdr]
 
 ## Contributing
 
-I would love your help!
+We would love your help!
 
 `httpsig` is still a work in progress. You can help by:
 
 - Opening a pull request to resolve an [open issue][issues].
 - Adding a feature or enhancement of your own! If it might be big, please
   [open an issue][enhancement] first so we can discuss it.
 - Improving this `README` or adding other documentation to `httpsig`.
-- Letting [me] know if you're using `httpsig`.
 
 <!-- These are mostly for pkg.go.dev, to show up in the header -->
 ## Links
@@ -146,5 +176,3 @@ I would love your help!
 [issues]: ./issues
 [bug]: ./issues/new?labels=bug
 [enhancement]: ./issues/new?labels=enhancement
-
-[me]: https://twitter.com/jrbowes

base.go

@@ -1,3 +1,34 @@
+// BSD 3-Clause License
+
+// Copyright (c) 2021, James Bowes
+// Copyright (c) 2023, Alexander Taraymovich, OffBlocks
+// All rights reserved.
+
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+
+// 1. Redistributions of source code must retain the above copyright notice, this
+//    list of conditions and the following disclaimer.
+
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+//    this list of conditions and the following disclaimer in the documentation
+//    and/or other materials provided with the distribution.
+
+// 3. Neither the name of the copyright holder nor the names of its
+//    contributors may be used to endorse or promote products derived from
+//    this software without specific prior written permission.
+
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 package httpsig
 
 import (
@@ -59,7 +90,7 @@ func createSigningParameters(config *SignConfig) *httpsfv.Params {
 	}
 
 	if slices.Contains(params, ParamKeyID) {
-		// attempt to obtain an overriden key id, otherwise use the one supplied by the key
+		// attempt to obtain an overridden key id, otherwise use the one supplied by the key
 		var keyID *string
 		if config.ParamValues != nil && config.ParamValues.KeyID != nil {
 			keyID = config.ParamValues.KeyID
@@ -71,7 +102,7 @@ func createSigningParameters(config *SignConfig) *httpsfv.Params {
 	}
 
 	if slices.Contains(params, ParamAlg) {
-		// attempt to obtain an overriden algorithm, otherwise use the one supplied by the key
+		// attempt to obtain an overridden algorithm, otherwise use the one supplied by the key
 		var alg *Algorithm
 		if config.ParamValues != nil && config.ParamValues.Alg != nil {
 			alg = config.ParamValues.Alg

canonicalise.go

@@ -1,6 +1,33 @@
-// Copyright (c) 2021 James Bowes. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
+// BSD 3-Clause License
+
+// Copyright (c) 2021, James Bowes
+// Copyright (c) 2023, Alexander Taraymovich, OffBlocks
+// All rights reserved.
+
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+
+// 1. Redistributions of source code must retain the above copyright notice, this
+//    list of conditions and the following disclaimer.
+
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+//    this list of conditions and the following disclaimer in the documentation
+//    and/or other materials provided with the distribution.
+
+// 3. Neither the name of the copyright holder nor the names of its
+//    contributors may be used to endorse or promote products derived from
+//    this software without specific prior written permission.
+
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 package httpsig
 

digest.go

@@ -1,3 +1,34 @@
+// BSD 3-Clause License
+
+// Copyright (c) 2021, James Bowes
+// Copyright (c) 2023, Alexander Taraymovich, OffBlocks
+// All rights reserved.
+
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+
+// 1. Redistributions of source code must retain the above copyright notice, this
+//    list of conditions and the following disclaimer.
+
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+//    this list of conditions and the following disclaimer in the documentation
+//    and/or other materials provided with the distribution.
+
+// 3. Neither the name of the copyright holder nor the names of its
+//    contributors may be used to endorse or promote products derived from
+//    this software without specific prior written permission.
+
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 package httpsig
 
 import (
@@ -15,6 +46,30 @@ type DigestConfig struct {
 	Algorithms []DigestAlgorithm
 }
 
+type Digestor struct {
+	*digestor
+}
+
+// NewDigestor creates a new digestor with the given options
+func NewDigestor(opts ...digestOption) *Digestor {
+	d := digestor{}
+
+	for _, o := range opts {
+		o.configureDigest(&d)
+	}
+
+	if len(d.config.Algorithms) == 0 {
+		d.config.Algorithms = []DigestAlgorithm{DigestAlgorithmSha256}
+	}
+
+	return &Digestor{&d}
+}
+
+// Digest creates a digest header for the given body
+func (d *Digestor) Digest(body []byte) (http.Header, error) {
+	return d.digestor.Digest(body)
+}
+
 type digestor struct {
 	config DigestConfig
 }

digest_test.go

@@ -1,3 +1,34 @@
+// BSD 3-Clause License
+
+// Copyright (c) 2021, James Bowes
+// Copyright (c) 2023, Alexander Taraymovich, OffBlocks
+// All rights reserved.
+
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+
+// 1. Redistributions of source code must retain the above copyright notice, this
+//    list of conditions and the following disclaimer.
+
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+//    this list of conditions and the following disclaimer in the documentation
+//    and/or other materials provided with the distribution.
+
+// 3. Neither the name of the copyright holder nor the names of its
+//    contributors may be used to endorse or promote products derived from
+//    this software without specific prior written permission.
+
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 package httpsig
 
 import (

doc.go

@@ -1,6 +1,33 @@
-// Copyright (c) 2021 James Bowes. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
+// BSD 3-Clause License
+
+// Copyright (c) 2021, James Bowes
+// Copyright (c) 2023, Alexander Taraymovich, OffBlocks
+// All rights reserved.
+
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+
+// 1. Redistributions of source code must retain the above copyright notice, this
+//    list of conditions and the following disclaimer.
+
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+//    this list of conditions and the following disclaimer in the documentation
+//    and/or other materials provided with the distribution.
+
+// 3. Neither the name of the copyright holder nor the names of its
+//    contributors may be used to endorse or promote products derived from
+//    this software without specific prior written permission.
+
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 /*
 Package httpsig signs and verifies HTTP requests (with body digests) according

example_test.go

@@ -1,6 +1,33 @@
-// Copyright (c) 2021 James Bowes. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file
+// BSD 3-Clause License
+
+// Copyright (c) 2021, James Bowes
+// Copyright (c) 2023, Alexander Taraymovich, OffBlocks
+// All rights reserved.
+
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+
+// 1. Redistributions of source code must retain the above copyright notice, this
+//    list of conditions and the following disclaimer.
+
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+//    this list of conditions and the following disclaimer in the documentation
+//    and/or other materials provided with the distribution.
+
+// 3. Neither the name of the copyright holder nor the names of its
+//    contributors may be used to endorse or promote products derived from
+//    this software without specific prior written permission.
+
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 package httpsig_test