HTTP: add headers from draft-ietf-httpbis-message-signatures (#47)

Updates `Signature`, adds `Signature-Input` + `Accept-Signature` Fixes #35
nodecitylights · Dec 21, 2023 · ce79099 · ce79099
1 parent fed3702
commit ce79099
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 14 deletions.
diff --git a/packages/http-types/build/concepts.json b/packages/http-types/build/concepts.json
@@ -853,6 +853,19 @@
 					}
 				]
 			},
+			{
+				"value":"Accept-Signature",
+				"concept":"https://webconcepts.info/concepts/http-header/",
+				"id":"https://webconcepts.info/concepts/http-header/Accept-Signature",
+				"details":[
+					{
+						"description":"The \"Accept-Signature\" field is a Dictionary structured field containing the metadata for one or more requested message signatures to be generated from message components of the target HTTP message. Each member describes a single message signature.",
+						"documentation":"https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-5.1",
+						"specification":"https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures",
+						"spec-name":"Internet Draft ietf-httpbis-message-signatures"
+					}
+				]
+			},
 			{
 				"value":"Access-Control-Allow-Credentials",
 				"concept":"https://webconcepts.info/concepts/http-header/",
@@ -3462,10 +3475,23 @@
 				"id":"https://webconcepts.info/concepts/http-header/Signature",
 				"details":[
 					{
-						"description":"The \"signature\" HTTP Header is based on the model that the sender must authenticate itself with a digital signature produced by either a private asymmetric key (e.g., RSA) or a shared symmetric key (e.g., HMAC). The scheme is parameterized enough such that it is not bound to any particular key type or signing algorithm. However, it does explicitly assume that senders can send an HTTP 'Date' header.",
-						"documentation":"https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures#section-4",
-						"specification":"https://webconcepts.info/specs/IETF/I-D/cavage-http-signatures",
-						"spec-name":"Internet Draft cavage-http-signatures"
+						"description":"The \"Signature\" field is a Dictionary structured field containing one or more message signatures generated from the signature context of the target message. The member's key is the label that uniquely identifies the message signature within the HTTP message. The member's value is a Byte Sequence containing the signature value for the message signature identified by the label.",
+						"documentation":"https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-4.2",
+						"specification":"https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures",
+						"spec-name":"Internet Draft ietf-httpbis-message-signatures"
+					}
+				]
+			},
+			{
+				"value":"Signature-Input",
+				"concept":"https://webconcepts.info/concepts/http-header/",
+				"id":"https://webconcepts.info/concepts/http-header/Signature-Input",
+				"details":[
+					{
+						"description":"The \"Signature-Input\" field is a Dictionary structured field containing the metadata for one or more message signatures generated from components within the HTTP message. Each member describes a single message signature.",
+						"documentation":"https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-4.1",
+						"specification":"https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures",
+						"spec-name":"Internet Draft ietf-httpbis-message-signatures"
 					}
 				]
 			},

diff --git a/packages/http-types/src/httpHeaders.ts b/packages/http-types/src/httpHeaders.ts
@@ -212,6 +212,18 @@ export type HttpHeaderAcceptQuery = 'Accept-Query';
  */
 export type HttpHeaderAcceptRanges = 'Accept-Ranges';
 
+/**
+ * The "Accept-Signature" field is a Dictionary structured
+ * field containing the metadata for one or more requested
+ * message signatures to be generated from message components
+ * of the target HTTP message. Each member describes a single
+ * message signature.
+ *
+ * @see [Documentation → Internet Draft ietf-httpbis-message-signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-5.1)
+ * @see [Specification → Internet Draft ietf-httpbis-message-signatures](https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures)
+ */
+export type HttpHeaderAcceptSignature = 'Accept-Signature';
+
 /**
  * The Access-Control-Allow-Credentials header indicates
  * whether the response to request can be exposed when the omit
@@ -2478,20 +2490,30 @@ export type HttpHeaderSetCookie = 'Set-Cookie';
 export type HttpHeaderSetCookie2 = 'Set-Cookie2';
 
 /**
- * The "signature" HTTP Header is based on the model that the
- * sender must authenticate itself with a digital signature
- * produced by either a private asymmetric key (e.g., RSA) or a
- * shared symmetric key (e.g., HMAC). The scheme is
- * parameterized enough such that it is not bound to any
- * particular key type or signing algorithm. However, it does
- * explicitly assume that senders can send an HTTP 'Date'
- * header.
+ * The "Signature" field is a Dictionary structured field
+ * containing one or more message signatures generated from the
+ * signature context of the target message. The member's key is
+ * the label that uniquely identifies the message signature
+ * within the HTTP message. The member's value is a Byte
+ * Sequence containing the signature value for the message
+ * signature identified by the label.
  *
- * @see [Documentation → Internet Draft cavage-http-signatures §4](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures#section-4)
- * @see [Specification → Internet Draft cavage-http-signatures](https://webconcepts.info/specs/IETF/I-D/cavage-http-signatures)
+ * @see [Documentation → Internet Draft ietf-httpbis-message-signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-4.2)
+ * @see [Specification → Internet Draft ietf-httpbis-message-signatures](https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures)
  */
 export type HttpHeaderSignature = 'Signature';
 
+/**
+ * The "Signature-Input" field is a Dictionary structured field
+ * containing the metadata for one or more message signatures
+ * generated from components within the HTTP message. Each
+ * member describes a single message signature.
+ *
+ * @see [Documentation → Internet Draft ietf-httpbis-message-signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-4.1)
+ * @see [Specification → Internet Draft ietf-httpbis-message-signatures](https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures)
+ */
+export type HttpHeaderSignatureInput = 'Signature-Input';
+
 /**
  * Slug is an HTTP entity-header whose presence in a POST to a
  * Collection constitutes a request by the client to use the
@@ -3000,6 +3022,7 @@ export type HttpHeader =
 	| HttpHeaderAcceptPushPolicy
 	| HttpHeaderAcceptQuery
 	| HttpHeaderAcceptRanges
+	| HttpHeaderAcceptSignature
 	| HttpHeaderAccessControlAllowCredentials
 	| HttpHeaderAccessControlAllowHeaders
 	| HttpHeaderAccessControlAllowMethods
@@ -3198,6 +3221,7 @@ export type HttpHeader =
 	| HttpHeaderSetCookie
 	| HttpHeaderSetCookie2
 	| HttpHeaderSignature
+	| HttpHeaderSignatureInput
 	| HttpHeaderSlug
 	| HttpHeaderSourceMap
 	| HttpHeaderStatusURI