From ce790999b606e38a0d4024071796a932e990dd72 Mon Sep 17 00:00:00 2001 From: Samantha Date: Thu, 21 Dec 2023 12:15:13 -0600 Subject: [PATCH] HTTP: add headers from draft-ietf-httpbis-message-signatures (#47) Updates `Signature`, adds `Signature-Input` + `Accept-Signature` Fixes #35 --- packages/http-types/build/concepts.json | 34 ++++++++++++++++--- packages/http-types/src/httpHeaders.ts | 44 +++++++++++++++++++------ 2 files changed, 64 insertions(+), 14 deletions(-) diff --git a/packages/http-types/build/concepts.json b/packages/http-types/build/concepts.json index 53d9479..37c1889 100644 --- a/packages/http-types/build/concepts.json +++ b/packages/http-types/build/concepts.json @@ -853,6 +853,19 @@ } ] }, + { + "value":"Accept-Signature", + "concept":"https://webconcepts.info/concepts/http-header/", + "id":"https://webconcepts.info/concepts/http-header/Accept-Signature", + "details":[ + { + "description":"The \"Accept-Signature\" field is a Dictionary structured field containing the metadata for one or more requested message signatures to be generated from message components of the target HTTP message. Each member describes a single message signature.", + "documentation":"https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-5.1", + "specification":"https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures", + "spec-name":"Internet Draft ietf-httpbis-message-signatures" + } + ] + }, { "value":"Access-Control-Allow-Credentials", "concept":"https://webconcepts.info/concepts/http-header/", @@ -3462,10 +3475,23 @@ "id":"https://webconcepts.info/concepts/http-header/Signature", "details":[ { - "description":"The \"signature\" HTTP Header is based on the model that the sender must authenticate itself with a digital signature produced by either a private asymmetric key (e.g., RSA) or a shared symmetric key (e.g., HMAC). The scheme is parameterized enough such that it is not bound to any particular key type or signing algorithm. However, it does explicitly assume that senders can send an HTTP 'Date' header.", - "documentation":"https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures#section-4", - "specification":"https://webconcepts.info/specs/IETF/I-D/cavage-http-signatures", - "spec-name":"Internet Draft cavage-http-signatures" + "description":"The \"Signature\" field is a Dictionary structured field containing one or more message signatures generated from the signature context of the target message. The member's key is the label that uniquely identifies the message signature within the HTTP message. The member's value is a Byte Sequence containing the signature value for the message signature identified by the label.", + "documentation":"https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-4.2", + "specification":"https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures", + "spec-name":"Internet Draft ietf-httpbis-message-signatures" + } + ] + }, + { + "value":"Signature-Input", + "concept":"https://webconcepts.info/concepts/http-header/", + "id":"https://webconcepts.info/concepts/http-header/Signature-Input", + "details":[ + { + "description":"The \"Signature-Input\" field is a Dictionary structured field containing the metadata for one or more message signatures generated from components within the HTTP message. Each member describes a single message signature.", + "documentation":"https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-4.1", + "specification":"https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures", + "spec-name":"Internet Draft ietf-httpbis-message-signatures" } ] }, diff --git a/packages/http-types/src/httpHeaders.ts b/packages/http-types/src/httpHeaders.ts index dc0152f..f283dcc 100644 --- a/packages/http-types/src/httpHeaders.ts +++ b/packages/http-types/src/httpHeaders.ts @@ -212,6 +212,18 @@ export type HttpHeaderAcceptQuery = 'Accept-Query'; */ export type HttpHeaderAcceptRanges = 'Accept-Ranges'; +/** + * The "Accept-Signature" field is a Dictionary structured + * field containing the metadata for one or more requested + * message signatures to be generated from message components + * of the target HTTP message. Each member describes a single + * message signature. + * + * @see [Documentation → Internet Draft ietf-httpbis-message-signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-5.1) + * @see [Specification → Internet Draft ietf-httpbis-message-signatures](https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures) + */ +export type HttpHeaderAcceptSignature = 'Accept-Signature'; + /** * The Access-Control-Allow-Credentials header indicates * whether the response to request can be exposed when the omit @@ -2478,20 +2490,30 @@ export type HttpHeaderSetCookie = 'Set-Cookie'; export type HttpHeaderSetCookie2 = 'Set-Cookie2'; /** - * The "signature" HTTP Header is based on the model that the - * sender must authenticate itself with a digital signature - * produced by either a private asymmetric key (e.g., RSA) or a - * shared symmetric key (e.g., HMAC). The scheme is - * parameterized enough such that it is not bound to any - * particular key type or signing algorithm. However, it does - * explicitly assume that senders can send an HTTP 'Date' - * header. + * The "Signature" field is a Dictionary structured field + * containing one or more message signatures generated from the + * signature context of the target message. The member's key is + * the label that uniquely identifies the message signature + * within the HTTP message. The member's value is a Byte + * Sequence containing the signature value for the message + * signature identified by the label. * - * @see [Documentation → Internet Draft cavage-http-signatures §4](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures#section-4) - * @see [Specification → Internet Draft cavage-http-signatures](https://webconcepts.info/specs/IETF/I-D/cavage-http-signatures) + * @see [Documentation → Internet Draft ietf-httpbis-message-signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-4.2) + * @see [Specification → Internet Draft ietf-httpbis-message-signatures](https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures) */ export type HttpHeaderSignature = 'Signature'; +/** + * The "Signature-Input" field is a Dictionary structured field + * containing the metadata for one or more message signatures + * generated from components within the HTTP message. Each + * member describes a single message signature. + * + * @see [Documentation → Internet Draft ietf-httpbis-message-signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-4.1) + * @see [Specification → Internet Draft ietf-httpbis-message-signatures](https://webconcepts.info/specs/IETF/I-D/ietf-httpbis-message-signatures) + */ +export type HttpHeaderSignatureInput = 'Signature-Input'; + /** * Slug is an HTTP entity-header whose presence in a POST to a * Collection constitutes a request by the client to use the @@ -3000,6 +3022,7 @@ export type HttpHeader = | HttpHeaderAcceptPushPolicy | HttpHeaderAcceptQuery | HttpHeaderAcceptRanges + | HttpHeaderAcceptSignature | HttpHeaderAccessControlAllowCredentials | HttpHeaderAccessControlAllowHeaders | HttpHeaderAccessControlAllowMethods @@ -3198,6 +3221,7 @@ export type HttpHeader = | HttpHeaderSetCookie | HttpHeaderSetCookie2 | HttpHeaderSignature + | HttpHeaderSignatureInput | HttpHeaderSlug | HttpHeaderSourceMap | HttpHeaderStatusURI