diff --git a/README.md b/README.md index f1b8f2d..58f8c44 100644 --- a/README.md +++ b/README.md @@ -109,7 +109,7 @@ Both the `Signer` and `Verifier` respect the `"content-digest"` component identi > > For server-side request handling, consider using `http.MaxBytesReader`; for other contexts, use `io.LimitedReader` or an equivalent mechanism. The library restores the body after reading it, so it can still be consumed by subsequent handlers, but it does not impose global body size limits on behalf of the application. -* On the `Verifier` side, verification of the corresponding hash values is done by default with no additional configuration required. If the `"Signature-Input"` header value contains a `"content-digest"` component, the implementation expects the `"Content-Digest"` header to be present and uses the supplied algorithm names and values to calculate the digest over the body and compare these value to the received ones. If the `"Content-Digest"` header is missing, references unsupported hash algorithms (only `sha-256` and `sha-512` are supported), or there is a mismatch between the calculated and provided values, the message verification will fail with an error. +* On the `Verifier` side, verification of the corresponding hash values is done by default with no additional configuration required. If the `"Signature-Input"` header value contains a `"content-digest"` component, the implementation expects the `"Content-Digest"` header to be present and uses the supplied algorithm names and values to calculate the digest over the body and compare these values to the received ones. If the `"Content-Digest"` header is missing, references unsupported hash algorithms (only `sha-256` and `sha-512` are supported), or there is a mismatch between the calculated and provided values, the message verification will fail with an error. ## Signature Negotiation diff --git a/nonce.go b/nonce.go index 7bdbce0..fb49f6f 100644 --- a/nonce.go +++ b/nonce.go @@ -20,7 +20,7 @@ func (ng NonceGetterFunc) GetNonce(ctx context.Context) (string, error) { return //go:generate mockery --name NonceChecker --structname NonceCheckerMock --inpackage --testonly // NonceChecker is responsible for the verification of the nonce received in a signature, -// e.g. to prevent replay attacks, or to verify that the nonce is the expected one, like +// e.g. to prevent replay attacks, or to verify that the nonce is the expected one, like // if requested using the Accept-Signature header. type NonceChecker interface { CheckNonce(ctx context.Context, nonce NonceValue) error @@ -31,9 +31,11 @@ type NonceValue struct { Value string } -type NonceCheckerFunc func(ctx context.Context, nonce string) error +type NonceCheckerFunc func(ctx context.Context, nonce NonceValue) error -func (nc NonceCheckerFunc) GetNonce(ctx context.Context, nonce string) error { return nc(ctx, nonce) } +func (f NonceCheckerFunc) CheckNonce(ctx context.Context, nonce NonceValue) error { + return f(ctx, nonce) +} type noopNonceChecker struct{} diff --git a/nonce_test.go b/nonce_test.go new file mode 100644 index 0000000..77eeda7 --- /dev/null +++ b/nonce_test.go @@ -0,0 +1,23 @@ +package httpsig + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestNonceCheckerFuncImplementsNonceChecker(t *testing.T) { + t.Parallel() + + var checker NonceChecker = NonceCheckerFunc(func(_ context.Context, nonce NonceValue) error { + assert.True(t, nonce.Present) + assert.Equal(t, "foo", nonce.Value) + + return nil + }) + + err := checker.CheckNonce(context.Background(), NonceValue{Present: true, Value: "foo"}) + require.NoError(t, err) +}