http_sig_examples: generate the content-digest dynamically for test messages #2
Conversation
…essages related to: httpwg/http-extensions#2049 I'm not sure what the current digest is, but it doesn't match the 23-byte HTTP body of that message. We can verify the expected/new digest with: $ echo -n '{"message": "good dog"}' | sha512sum | cut -d ' ' -f 1 | xxd -r -p | base64 mEWXIS7MaLRuGgxOBdODa3xqM1XdEvxoYhvlCFJ41QJgJc4GTsPp29l5oGX69wWdXymyU0rjJuahq4l5aGgfLQ==
There was a problem hiding this comment.
Thanks for this! This approach does get the job done, but I think it might make more sense to calculate the body hash after the message is parsed into components, or as part of the component processing step. This code will be helpful in pulling that together, regardless of which direction it goes. Thank you again!
| exampleRequestMessage = b"""POST /foo?param=Value&Pet=dog HTTP/1.1 | ||
| def addContentDigest(message, body): | ||
| b64Digest = base64.b64encode(SHA512.new(body).digest()).decode('utf-8') | ||
| contentDigest = "sha-512=:%s:" % b64Digest |
There was a problem hiding this comment.
For consistency with the rest of the script, this should use the http_sfv library primitives to create the value instead of string substitution.
|
the reason I did it this way (And I should have added this in the PR description) was to ensure that the line wrapped test messages that I think get copied over from here into the spec had the right I think thats a great current feature of the spec -- where you can literally copy/paste the example out of the spec, slap on the signature-input and signature headers (also copy/pasted out of the spec), and pass it into a a 'verify' function. Are you planning on keeping things that way @jricher or will people implementing the spec also have to generate/add a |
|
@bobby-stripe oh the examples will remain complete still, they'll just be stitched together. That already happens with several of the examples that have generated |
|
One of the other considerations I had here is that we're planning to add this functionality to bspk/httpsig-org (https://httpsig.org) as well, and so modularizing the generator in a way that works with the rest of the component parsing system was a priority for me. |
related to: httpwg/http-extensions#2049
This change ensures that the content digest and content length headers are always derived from the body.
The test cases in the file continue to verify, and the 1 changed checksum is verifiable with:
cc @jricher