Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

http-signature

Package Overview
Dependencies
Maintainers
1
Versions
28
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

http-signature - npm Package Compare versions

Comparing version 0.9.7 to 0.9.8

.npmignore

81

http_signing.md

@@ -87,3 +87,3 @@ # Abstract

headers in useful signature calculation, it is deemed simpler to simply use
`request-line` then to add a separate parameter for it.
`request-line` than to add a separate parameter for it.

@@ -109,3 +109,3 @@ #### extensions

appear, and separate with an ASCII newline `\n`. The last header in the list
MUST include a trailing ASCII newline.
MUST NOT include a trailing ASCII newline.

@@ -131,6 +131,7 @@ # Example Requests

The client would compose the signing string as:
The client would compose the signing string as (`+ "\n"` inserted for
readability):
application/json
Tue, 07 Jun 2011 20:51:35 GMT
application/json + "\n"
Tue, 07 Jun 2011 20:51:35 GMT + "\n"
h0auK8hnYJKmHTLhKtMTkQ==

@@ -206,1 +207,71 @@

URI: http://www.joyent.com
# Appendix A - Test Values
The following test data uses the RSA (2048b) keys, which we will refer
to as `keyId=Test` in the following samples:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3
6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6
Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw
oYi+1hqp1fIekaxsyQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF
NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F
UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB
AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA
QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK
kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg
f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u
412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc
mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7
kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA
gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW
G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI
7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==
-----END RSA PRIVATE KEY-----
And all examples use this request:
POST /foo?param=value&pet=dog HTTP/1.1
Host: example.com
Date: Thu, 05 Jan 2012 21:31:40 GMT
Content-Type: application/json
Content-MD5: Sd/dVLAcvNLSq16eXua5uQ==
Content-Length: 18
{"hello": "world"}
### Default
The string to sign would be:
```
Thu, 05 Jan 2012 21:31:40 GMT
```
The Authorization header would be:
Authorization: Signature keyId="Test",algorithm="rsa-sha256" MDyO5tSvin5FBVdq3gMBTwtVgE8U/JpzSwFvY7gu7Q2tiZ5TvfHzf/RzmRoYwO8PoV1UGaw6IMwWzxDQkcoYOwvG/w4ljQBBoNusO/mYSvKrbqxUmZi8rNtrMcb82MS33bai5IeLnOGl31W1UbL4qE/wL8U9wCPGRJlCFLsTgD8=
### All Headers
Parameterized to include all headers, the string to sign would be:
```
/foo?param=value&pet=dog HTTP/1.1
example.com
Thu, 05 Jan 2012 21:31:40 GMT
application/json
Sd/dVLAcvNLSq16eXua5uQ==
18
```
The Authorization header would be:
Authorization: Signature
keyId="Test",algorithm="rsa-sha256",headers="request-line host date content-type content-md5 content-length" gVrKP7wVh1+FmWbNlhj0pNXIe9XmeOA6EcnoOKAvUILnwaMFzaKaam9UmeDPwjC9TdT+jSRqjtyZE49kZcSpYAHxGlPQ4ziXFRfPprlN/3Xwg3sUOGqbBiS3WFuY3QOOWv4tzc5p70g74U/QvHNNiYMcjoz89vRJhefbFSNwCDs=

3

lib/parser.js

@@ -119,3 +119,4 @@ // Copyright 2011 Joyent, Inc. All rights reserved.

if (!request.headers.authorization)
throw new TypeError('no authorization header present in the requset');
throw new MissingHeaderError('no authorization header present in ' +
'the requset');

@@ -122,0 +123,0 @@ if (options && typeof(options) !== 'object')

@@ -5,3 +5,3 @@ {

"description": "Reference implementation of Joyent's HTTP Signature Scheme",
"version": "0.9.7",
"version": "0.9.8",
"homepage": "http://www.joyent.com",

@@ -8,0 +8,0 @@ "repository": {

@@ -84,3 +84,3 @@ // Copyright 2011 Joyent, Inc. All rights reserved.

} catch (e) {
t.equal(e.name, 'TypeError');
t.equal(e.name, 'MissingHeaderError');
}

@@ -87,0 +87,0 @@ res.writeHead(200);

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc