Safe Haskell | None |
---|---|
Language | Haskell2010 |
Crypto primitives for hmac signing.
Synopsis
- newtype SecretKey = SecretKey {}
- newtype Signature = Signature {}
- sign :: forall algo. HashAlgorithm algo => SecretKey -> ByteString -> Signature
- signSHA256 :: SecretKey -> ByteString -> Signature
- data RequestPayload = RequestPayload {
- rpMethod :: !Method
- rpContent :: !ByteString
- rpHeaders :: !RequestHeaders
- rpRawUrl :: !ByteString
- requestSignature :: (SecretKey -> ByteString -> Signature) -> SecretKey -> RequestPayload -> Signature
- verifySignatureHmac :: (SecretKey -> ByteString -> Signature) -> SecretKey -> RequestPayload -> Maybe ByteString
- whitelistHeaders :: [HeaderName]
- keepWhitelistedHeaders :: [Header] -> [Header]
- authHeaderName :: HeaderName
Crypto primitives
Hashed message used as the signature. Encoded in Base64.
:: forall algo. HashAlgorithm algo | |
=> SecretKey | Secret key to use |
-> ByteString | Message to MAC |
-> Signature | Hashed message |
Compute the hashed message using the supplied hashing function. And then encode the result in the Base64 encoding.
signSHA256 :: SecretKey -> ByteString -> Signature Source #
Request signing
data RequestPayload Source #
Part of the HTTP request that will be signed.
RequestPayload | |
|
Instances
Show RequestPayload Source # | |
Defined in Servant.Auth.Hmac.Crypto showsPrec :: Int -> RequestPayload -> ShowS # show :: RequestPayload -> String # showList :: [RequestPayload] -> ShowS # |
:: (SecretKey -> ByteString -> Signature) | Signing function |
-> SecretKey | Secret key to use |
-> RequestPayload | Payload to sign |
-> Signature |
This function signs HTTP request according to the following algorithm:
stringToSign = HTTP-Method ++ "n" ++ Content-MD5 ++ "n" ++ HeadersNormalized ++ "n" ++ RawURL signature = encodeBase64 $ signHmac yourSecretKey $ encodeUtf8 stringToSign
where HeadersNormalized
are headers decapitalzed, joined, sorted
alphabetically and intercalated with line break. So, if you have headers like
these:
User-Agent: Mozilla/5.0 Host: foo.bar.com
the result of header normalization will look like this:
hostfoo.bar.com user-agentMozilla/5.0
:: (SecretKey -> ByteString -> Signature) | Signing function |
-> SecretKey | Secret key that was used for signing |
-> RequestPayload | |
-> Maybe ByteString |
whitelistHeaders :: [HeaderName] Source #
White-listed headers. Only these headers will be taken into consideration:
Authentication
Host
Accept-Encoding
keepWhitelistedHeaders :: [Header] -> [Header] Source #
Keeps only headers from whitelistHeaders
.