servant-hmac-auth-0.1.2: Servant authentication with HMAC
Safe HaskellNone
LanguageHaskell2010

Servant.Auth.Hmac.Crypto

Description

Crypto primitives for hmac signing.

Synopsis

Crypto primitives

newtype SecretKey Source #

The wraper for the secret key.

Constructors

SecretKey 

newtype Signature Source #

Hashed message used as the signature. Encoded in Base64.

Constructors

Signature 

Instances

Instances details
Eq Signature Source # 
Instance details

Defined in Servant.Auth.Hmac.Crypto

sign Source #

Arguments

:: forall algo. HashAlgorithm algo 
=> SecretKey

Secret key to use

-> ByteString

Message to MAC

-> Signature

Hashed message

Compute the hashed message using the supplied hashing function. And then encode the result in the Base64 encoding.

signSHA256 :: SecretKey -> ByteString -> Signature Source #

sign function specialized for SHA256 cryptographic algorithm.

Request signing

data RequestPayload Source #

Part of the HTTP request that will be signed.

Constructors

RequestPayload 

Fields

Instances

Instances details
Show RequestPayload Source # 
Instance details

Defined in Servant.Auth.Hmac.Crypto

requestSignature Source #

Arguments

:: (SecretKey -> ByteString -> Signature)

Signing function

-> SecretKey

Secret key to use

-> RequestPayload

Payload to sign

-> Signature 

This function signs HTTP request according to the following algorithm:

stringToSign = HTTP-Method       ++ "n"
            ++ Content-MD5       ++ "n"
            ++ HeadersNormalized ++ "n"
            ++ RawURL

signature = encodeBase64
          $ signHmac yourSecretKey
          $ encodeUtf8 stringToSign

where HeadersNormalized are headers decapitalzed, joined, sorted alphabetically and intercalated with line break. So, if you have headers like these:

User-Agent: Mozilla/5.0
Host: foo.bar.com

the result of header normalization will look like this:

hostfoo.bar.com
user-agentMozilla/5.0

verifySignatureHmac Source #

Arguments

:: (SecretKey -> ByteString -> Signature)

Signing function

-> SecretKey

Secret key that was used for signing Request

-> RequestPayload 
-> Maybe ByteString 

This function takes signing function signer and secret key and expects that given Request has header:

Authentication: HMAC signature

It checks whether signature is true request signature. Function returns Nothing if it is true, and Just error message otherwise.

whitelistHeaders :: [HeaderName] Source #

White-listed headers. Only these headers will be taken into consideration:

  1. Authentication
  2. Host
  3. Accept-Encoding

keepWhitelistedHeaders :: [Header] -> [Header] Source #

Keeps only headers from whitelistHeaders.

Internals