From 22fdf8dbedb1ee4124afd97fb1c4ab879b760062 Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Fri, 15 May 2026 12:38:47 +0200 Subject: [PATCH 1/3] fix: NonceChecker adapter function fixed --- nonce.go | 8 +++++--- nonce_test.go | 23 +++++++++++++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 nonce_test.go diff --git a/nonce.go b/nonce.go index 7bdbce0..fb49f6f 100644 --- a/nonce.go +++ b/nonce.go @@ -20,7 +20,7 @@ func (ng NonceGetterFunc) GetNonce(ctx context.Context) (string, error) { return //go:generate mockery --name NonceChecker --structname NonceCheckerMock --inpackage --testonly // NonceChecker is responsible for the verification of the nonce received in a signature, -// e.g. to prevent replay attacks, or to verify that the nonce is the expected one, like +// e.g. to prevent replay attacks, or to verify that the nonce is the expected one, like // if requested using the Accept-Signature header. type NonceChecker interface { CheckNonce(ctx context.Context, nonce NonceValue) error @@ -31,9 +31,11 @@ type NonceValue struct { Value string } -type NonceCheckerFunc func(ctx context.Context, nonce string) error +type NonceCheckerFunc func(ctx context.Context, nonce NonceValue) error -func (nc NonceCheckerFunc) GetNonce(ctx context.Context, nonce string) error { return nc(ctx, nonce) } +func (f NonceCheckerFunc) CheckNonce(ctx context.Context, nonce NonceValue) error { + return f(ctx, nonce) +} type noopNonceChecker struct{} diff --git a/nonce_test.go b/nonce_test.go new file mode 100644 index 0000000..5af3409 --- /dev/null +++ b/nonce_test.go @@ -0,0 +1,23 @@ +package httpsig + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestNonceCheckerFuncImplementsNonceChecker(t *testing.T) { + t.Parallel() + + var checker NonceChecker = NonceCheckerFunc(func(_ context.Context, nonce NonceValue) error { + assert.True(t, nonce.Present) + assert.Equal(t, nonce.Value, "foo") + + return nil + }) + + err := checker.CheckNonce(context.Background(), NonceValue{Present: true, Value: "foo"}) + require.NoError(t, err) +} From 2712c403fccf29c6f3b3dd4773b456e7fc21bc91 Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Fri, 15 May 2026 12:39:00 +0200 Subject: [PATCH 2/3] typo fixed --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f1b8f2d..58f8c44 100644 --- a/README.md +++ b/README.md @@ -109,7 +109,7 @@ Both the `Signer` and `Verifier` respect the `"content-digest"` component identi > > For server-side request handling, consider using `http.MaxBytesReader`; for other contexts, use `io.LimitedReader` or an equivalent mechanism. The library restores the body after reading it, so it can still be consumed by subsequent handlers, but it does not impose global body size limits on behalf of the application. -* On the `Verifier` side, verification of the corresponding hash values is done by default with no additional configuration required. If the `"Signature-Input"` header value contains a `"content-digest"` component, the implementation expects the `"Content-Digest"` header to be present and uses the supplied algorithm names and values to calculate the digest over the body and compare these value to the received ones. If the `"Content-Digest"` header is missing, references unsupported hash algorithms (only `sha-256` and `sha-512` are supported), or there is a mismatch between the calculated and provided values, the message verification will fail with an error. +* On the `Verifier` side, verification of the corresponding hash values is done by default with no additional configuration required. If the `"Signature-Input"` header value contains a `"content-digest"` component, the implementation expects the `"Content-Digest"` header to be present and uses the supplied algorithm names and values to calculate the digest over the body and compare these values to the received ones. If the `"Content-Digest"` header is missing, references unsupported hash algorithms (only `sha-256` and `sha-512` are supported), or there is a mismatch between the calculated and provided values, the message verification will fail with an error. ## Signature Negotiation From 54e699b20209e77708769ce8e6cef42c64b6225c Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Fri, 15 May 2026 12:39:35 +0200 Subject: [PATCH 3/3] test fixed --- nonce_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nonce_test.go b/nonce_test.go index 5af3409..77eeda7 100644 --- a/nonce_test.go +++ b/nonce_test.go @@ -13,7 +13,7 @@ func TestNonceCheckerFuncImplementsNonceChecker(t *testing.T) { var checker NonceChecker = NonceCheckerFunc(func(_ context.Context, nonce NonceValue) error { assert.True(t, nonce.Present) - assert.Equal(t, nonce.Value, "foo") + assert.Equal(t, "foo", nonce.Value) return nil })