Plume/plume-common/src/activity_pub/request.rs

use chrono::{offset::Utc, DateTime};
use openssl::hash::{Hasher, MessageDigest};
use reqwest::header::{HeaderMap, HeaderValue, ACCEPT, CONTENT_TYPE, DATE, USER_AGENT};
use std::ops::Deref;
use std::time::SystemTime;
use tracing::warn;

use crate::activity_pub::sign::Signer;
use crate::activity_pub::{ap_accept_header, AP_CONTENT_TYPE};

const PLUME_USER_AGENT: &str = concat!("Plume/", env!("CARGO_PKG_VERSION"));

#[derive(Debug)]
pub struct Error();

pub struct Digest(String);

impl Digest {
    pub fn digest(body: &str) -> HeaderValue {
        let mut hasher =
            Hasher::new(MessageDigest::sha256()).expect("Digest::digest: initialization error");
        hasher
            .update(body.as_bytes())
            .expect("Digest::digest: content insertion error");
        let res = base64::encode(&hasher.finish().expect("Digest::digest: finalizing error"));
        HeaderValue::from_str(&format!("SHA-256={}", res))
            .expect("Digest::digest: header creation error")
    }

    pub fn verify(&self, body: &str) -> bool {
        if self.algorithm() == "SHA-256" {
            let mut hasher =
                Hasher::new(MessageDigest::sha256()).expect("Digest::digest: initialization error");
            hasher
                .update(body.as_bytes())
                .expect("Digest::digest: content insertion error");
            self.value().deref()
                == hasher
                    .finish()
                    .expect("Digest::digest: finalizing error")
                    .deref()
        } else {
            false //algorithm not supported
        }
    }

    pub fn verify_header(&self, other: &Digest) -> bool {
        self.value() == other.value()
    }

    pub fn algorithm(&self) -> &str {
        let pos = self
            .0
            .find('=')
            .expect("Digest::algorithm: invalid header error");
        &self.0[..pos]
    }

    pub fn value(&self) -> Vec<u8> {
        let pos = self
            .0
            .find('=')
            .expect("Digest::value: invalid header error")
            + 1;
        base64::decode(&self.0[pos..]).expect("Digest::value: invalid encoding error")
    }

    pub fn from_header(dig: &str) -> Result<Self, Error> {
        if let Some(pos) = dig.find('=') {
            let pos = pos + 1;
            if base64::decode(&dig[pos..]).is_ok() {
                Ok(Digest(dig.to_owned()))
            } else {
                Err(Error())
            }
        } else {
            Err(Error())
        }
    }

    pub fn from_body(body: &str) -> Self {
        let mut hasher =
            Hasher::new(MessageDigest::sha256()).expect("Digest::digest: initialization error");
        hasher
            .update(body.as_bytes())
            .expect("Digest::digest: content insertion error");
        let res = base64::encode(&hasher.finish().expect("Digest::digest: finalizing error"));
        Digest(format!("SHA-256={}", res))
    }
}

pub fn headers() -> HeaderMap {
    let date: DateTime<Utc> = SystemTime::now().into();
    let date = format!("{}", date.format("%a, %d %b %Y %T GMT"));

    let mut headers = HeaderMap::new();
    headers.insert(USER_AGENT, HeaderValue::from_static(PLUME_USER_AGENT));
    headers.insert(
        DATE,
        HeaderValue::from_str(&date).expect("request::headers: date error"),
    );
    headers.insert(
        ACCEPT,
        HeaderValue::from_str(
            &ap_accept_header()
                .into_iter()
                .collect::<Vec<_>>()
                .join(", "),
        )
        .expect("request::headers: accept error"),
    );
    headers.insert(CONTENT_TYPE, HeaderValue::from_static(AP_CONTENT_TYPE));
    headers
}

type Method<'a> = &'a str;
type Path<'a> = &'a str;
type Query<'a> = &'a str;
type RequestTarget<'a> = (Method<'a>, Path<'a>, Option<Query<'a>>);

pub fn signature(
    signer: &dyn Signer,
    headers: &HeaderMap,
    request_target: RequestTarget,
) -> Result<HeaderValue, Error> {
    let (method, path, query) = request_target;
    let origin_form = if let Some(query) = query {
        format!("{}?{}", path, query)
    } else {
        path.to_string()
    };

    let mut headers_vec = Vec::with_capacity(headers.len());
    for (h, v) in headers.iter() {
        let v = v.to_str();
        if v.is_err() {
            warn!("invalid header error: {:?}", v.unwrap_err());
            return Err(Error());
        }
        headers_vec.push((h.as_str().to_lowercase(), v.expect("Unreachable")));
    }
    let request_target = format!("{} {}", method.to_lowercase(), origin_form);
    headers_vec.push(("(request-target)".to_string(), &request_target));

    let signed_string = headers_vec
        .iter()
        .map(|(h, v)| format!("{}: {}", h, v))
        .collect::<Vec<String>>()
        .join("\n");
    let signed_headers = headers_vec
        .iter()
        .map(|(h, _)| h.as_ref())
        .collect::<Vec<&str>>()
        .join(" ");

    let data = signer.sign(&signed_string).map_err(|_| Error())?;
    let sign = base64::encode(&data);

    HeaderValue::from_str(&format!(
        "keyId=\"{key_id}\",algorithm=\"rsa-sha256\",headers=\"{signed_headers}\",signature=\"{signature}\"",
        key_id = signer.get_key_id(),
        signed_headers = signed_headers,
        signature = sign
    )).map_err(|_| Error())
}

#[cfg(test)]
mod tests {
    use super::{signature, Error};
    use crate::activity_pub::sign::{gen_keypair, Signer};
    use openssl::{hash::MessageDigest, pkey::PKey, rsa::Rsa};
    use reqwest::header::HeaderMap;

    struct MySigner {
        public_key: String,
        private_key: String,
    }

    impl MySigner {
        fn new() -> Self {
            let (pub_key, priv_key) = gen_keypair();
            Self {
                public_key: String::from_utf8(pub_key).unwrap(),
                private_key: String::from_utf8(priv_key).unwrap(),
            }
        }
    }

    impl Signer for MySigner {
        type Error = Error;

        fn get_key_id(&self) -> String {
            "mysigner".into()
        }

        fn sign(&self, to_sign: &str) -> Result<Vec<u8>, Self::Error> {
            let key = PKey::from_rsa(Rsa::private_key_from_pem(self.private_key.as_ref()).unwrap())
                .unwrap();
            let mut signer = openssl::sign::Signer::new(MessageDigest::sha256(), &key).unwrap();
            signer.update(to_sign.as_bytes()).unwrap();
            signer.sign_to_vec().map_err(|_| Error())
        }

        fn verify(&self, data: &str, signature: &[u8]) -> Result<bool, Self::Error> {
            let key = PKey::from_rsa(Rsa::public_key_from_pem(self.public_key.as_ref()).unwrap())
                .unwrap();
            let mut verifier = openssl::sign::Verifier::new(MessageDigest::sha256(), &key).unwrap();
            verifier.update(data.as_bytes()).unwrap();
            verifier.verify(&signature).map_err(|_| Error())
        }
    }

    #[test]
    fn test_signature_request_target() {
        let signer = MySigner::new();
        let headers = HeaderMap::new();
        let result = signature(&signer, &headers, ("post", "/inbox", None)).unwrap();
        let fields: Vec<&str> = result.to_str().unwrap().split(",").collect();
        assert_eq!(r#"headers="(request-target)""#, fields[2]);
        let sign = &fields[3][11..(fields[3].len() - 1)];
        assert!(signer.verify("post /inbox", sign.as_bytes()).is_ok());
    }
}
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`use chrono::{offset::Utc, DateTime};`
HTTP signature when sending activites 2018-05-04 17:18:00 +02:00			`use openssl::hash::{Hasher, MessageDigest};`
Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00			`use reqwest::header::{HeaderMap, HeaderValue, ACCEPT, CONTENT_TYPE, DATE, USER_AGENT};`
Verify http signatures 2018-10-03 09:31:38 +02:00			`use std::ops::Deref;`
Update the WebFinger crate Fixes an issue with some Mastodon accounts 2018-07-26 21:35:35 +02:00			`use std::time::SystemTime;`
Care the case of invalid header value 2021-02-04 07:44:06 +01:00			`use tracing::warn;`
HTTP signature when sending activites 2018-05-04 17:18:00 +02:00
Rust 2018! (#726) 2020-01-21 07:02:03 +01:00			`use crate::activity_pub::sign::Signer;`
			`use crate::activity_pub::{ap_accept_header, AP_CONTENT_TYPE};`
HTTP signature when sending activites 2018-05-04 17:18:00 +02:00
Run cargo clippy on whole project (#322) * Run cargo clippy on plume-common Run clippy on plume-common and adjuste code accordingly * Run cargo clippy on plume-model Run clippy on plume-model and adjuste code accordingly * Reduce need for allocation in plume-common * Reduce need for allocation in plume-model add a quick compilation failure if no database backend is enabled * Run cargo clippy on plume-cli * Run cargo clippy on plume 2018-11-26 10:21:52 +01:00			`const PLUME_USER_AGENT: &str = concat!("Plume/", env!("CARGO_PKG_VERSION"));`
HTTP signature when sending activites 2018-05-04 17:18:00 +02:00
Define custom errors 2021-01-15 16:43:41 +01:00			`#[derive(Debug)]`
			`pub struct Error();`

Update webfinger and reqwest Update webfinger to 0.3.1 Update reqwest to 0.9 Fix #257 2018-10-11 13:51:45 +02:00			`pub struct Digest(String);`
HTTP signature when sending activites 2018-05-04 17:18:00 +02:00
Verify http signatures 2018-10-03 09:31:38 +02:00			`impl Digest {`
Run cargo clippy on whole project (#322) * Run cargo clippy on plume-common Run clippy on plume-common and adjuste code accordingly * Run cargo clippy on plume-model Run clippy on plume-model and adjuste code accordingly * Reduce need for allocation in plume-common * Reduce need for allocation in plume-model add a quick compilation failure if no database backend is enabled * Run cargo clippy on plume-cli * Run cargo clippy on plume 2018-11-26 10:21:52 +01:00			`pub fn digest(body: &str) -> HeaderValue {`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`let mut hasher =`
			`Hasher::new(MessageDigest::sha256()).expect("Digest::digest: initialization error");`
			`hasher`
Run cargo clippy on whole project (#322) * Run cargo clippy on plume-common Run clippy on plume-common and adjuste code accordingly * Run cargo clippy on plume-model Run clippy on plume-model and adjuste code accordingly * Reduce need for allocation in plume-common * Reduce need for allocation in plume-model add a quick compilation failure if no database backend is enabled * Run cargo clippy on plume-cli * Run cargo clippy on plume 2018-11-26 10:21:52 +01:00			`.update(body.as_bytes())`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`.expect("Digest::digest: content insertion error");`
Normalize panic message Change all unwrap to expect Normalize expect's messages Don't panic where it could be avoided easily 2018-10-20 08:44:33 +02:00			`let res = base64::encode(&hasher.finish().expect("Digest::digest: finalizing error"));`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`HeaderValue::from_str(&format!("SHA-256={}", res))`
			`.expect("Digest::digest: header creation error")`
Verify http signatures 2018-10-03 09:31:38 +02:00			`}`

Run cargo clippy on whole project (#322) * Run cargo clippy on plume-common Run clippy on plume-common and adjuste code accordingly * Run cargo clippy on plume-model Run clippy on plume-model and adjuste code accordingly * Reduce need for allocation in plume-common * Reduce need for allocation in plume-model add a quick compilation failure if no database backend is enabled * Run cargo clippy on plume-cli * Run cargo clippy on plume 2018-11-26 10:21:52 +01:00			`pub fn verify(&self, body: &str) -> bool {`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`if self.algorithm() == "SHA-256" {`
			`let mut hasher =`
			`Hasher::new(MessageDigest::sha256()).expect("Digest::digest: initialization error");`
			`hasher`
Run cargo clippy on whole project (#322) * Run cargo clippy on plume-common Run clippy on plume-common and adjuste code accordingly * Run cargo clippy on plume-model Run clippy on plume-model and adjuste code accordingly * Reduce need for allocation in plume-common * Reduce need for allocation in plume-model add a quick compilation failure if no database backend is enabled * Run cargo clippy on plume-cli * Run cargo clippy on plume 2018-11-26 10:21:52 +01:00			`.update(body.as_bytes())`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`.expect("Digest::digest: content insertion error");`
			`self.value().deref()`
			`== hasher`
			`.finish()`
			`.expect("Digest::digest: finalizing error")`
			`.deref()`
Verify http signatures 2018-10-03 09:31:38 +02:00			`} else {`
			`false //algorithm not supported`
			`}`
			`}`

Make Plume compile on release (#365) * Remove use of String for body parameters Create SignedJson and implement FromData for it * Make Travis test on release * Remove warning when installing and fix coverage 2018-12-22 18:27:21 +01:00			`pub fn verify_header(&self, other: &Digest) -> bool {`
Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00			`self.value() == other.value()`
Make Plume compile on release (#365) * Remove use of String for body parameters Create SignedJson and implement FromData for it * Make Travis test on release * Remove warning when installing and fix coverage 2018-12-22 18:27:21 +01:00			`}`

Verify http signatures 2018-10-03 09:31:38 +02:00			`pub fn algorithm(&self) -> &str {`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`let pos = self`
			`.0`
			`.find('=')`
			`.expect("Digest::algorithm: invalid header error");`
Verify http signatures 2018-10-03 09:31:38 +02:00			`&self.0[..pos]`
			`}`

			`pub fn value(&self) -> Vec<u8> {`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`let pos = self`
			`.0`
			`.find('=')`
Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00			`.expect("Digest::value: invalid header error")`
			`+ 1;`
Normalize panic message Change all unwrap to expect Normalize expect's messages Don't panic where it could be avoided easily 2018-10-20 08:44:33 +02:00			`base64::decode(&self.0[pos..]).expect("Digest::value: invalid encoding error")`
Verify http signatures 2018-10-03 09:31:38 +02:00			`}`

Define custom errors 2021-01-15 16:43:41 +01:00			`pub fn from_header(dig: &str) -> Result<Self, Error> {`
Verify http signatures 2018-10-03 09:31:38 +02:00			`if let Some(pos) = dig.find('=') {`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`let pos = pos + 1;`
Run cargo clippy on whole project (#322) * Run cargo clippy on plume-common Run clippy on plume-common and adjuste code accordingly * Run cargo clippy on plume-model Run clippy on plume-model and adjuste code accordingly * Reduce need for allocation in plume-common * Reduce need for allocation in plume-model add a quick compilation failure if no database backend is enabled * Run cargo clippy on plume-cli * Run cargo clippy on plume 2018-11-26 10:21:52 +01:00			`if base64::decode(&dig[pos..]).is_ok() {`
Verify http signatures 2018-10-03 09:31:38 +02:00			`Ok(Digest(dig.to_owned()))`
			`} else {`
Define custom errors 2021-01-15 16:43:41 +01:00			`Err(Error())`
Verify http signatures 2018-10-03 09:31:38 +02:00			`}`
			`} else {`
Define custom errors 2021-01-15 16:43:41 +01:00			`Err(Error())`
Verify http signatures 2018-10-03 09:31:38 +02:00			`}`
			`}`
Make Plume compile on release (#365) * Remove use of String for body parameters Create SignedJson and implement FromData for it * Make Travis test on release * Remove warning when installing and fix coverage 2018-12-22 18:27:21 +01:00
			`pub fn from_body(body: &str) -> Self {`
Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00			`let mut hasher =`
			`Hasher::new(MessageDigest::sha256()).expect("Digest::digest: initialization error");`
			`hasher`
			`.update(body.as_bytes())`
			`.expect("Digest::digest: content insertion error");`
Make Plume compile on release (#365) * Remove use of String for body parameters Create SignedJson and implement FromData for it * Make Travis test on release * Remove warning when installing and fix coverage 2018-12-22 18:27:21 +01:00			`let res = base64::encode(&hasher.finish().expect("Digest::digest: finalizing error"));`
			`Digest(format!("SHA-256={}", res))`
			`}`
Verify http signatures 2018-10-03 09:31:38 +02:00			`}`

Update webfinger and reqwest Update webfinger to 0.3.1 Update reqwest to 0.9 Fix #257 2018-10-11 13:51:45 +02:00			`pub fn headers() -> HeaderMap {`
			`let date: DateTime<Utc> = SystemTime::now().into();`
Always use GMT as a timezone for federation (#502) To prevent a bug with Mastodon 2019-03-25 14:13:54 +01:00			`let date = format!("{}", date.format("%a, %d %b %Y %T GMT"));`
Update webfinger and reqwest Update webfinger to 0.3.1 Update reqwest to 0.9 Fix #257 2018-10-11 13:51:45 +02:00
			`let mut headers = HeaderMap::new();`
			`headers.insert(USER_AGENT, HeaderValue::from_static(PLUME_USER_AGENT));`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`headers.insert(`
			`DATE,`
			`HeaderValue::from_str(&date).expect("request::headers: date error"),`
			`);`
			`headers.insert(`
			`ACCEPT,`
			`HeaderValue::from_str(`
			`&ap_accept_header()`
			`.into_iter()`
			`.collect::<Vec<_>>()`
			`.join(", "),`
Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00			`)`
			`.expect("request::headers: accept error"),`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`);`
Set Content-Type for ActivityPub request to correct value. (#315) 2018-11-23 13:18:33 +01:00			`headers.insert(CONTENT_TYPE, HeaderValue::from_static(AP_CONTENT_TYPE));`
HTTP signature when sending activites 2018-05-04 17:18:00 +02:00			`headers`
			`}`

Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00			`type Method<'a> = &'a str;`
			`type Path<'a> = &'a str;`
			`type Query<'a> = &'a str;`
Define RequestTarget 2021-01-24 16:13:53 +01:00			`type RequestTarget<'a> = (Method<'a>, Path<'a>, Option<Query<'a>>);`
Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00
Sign GET request to other instances 2021-11-24 14:50:16 +01:00			`pub fn signature(`
			`signer: &dyn Signer,`
Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00			`headers: &HeaderMap,`
Define RequestTarget 2021-01-24 16:13:53 +01:00			`request_target: RequestTarget,`
Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00			`) -> Result<HeaderValue, Error> {`
Define RequestTarget 2021-01-24 16:13:53 +01:00			`let (method, path, query) = request_target;`
Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00			`let origin_form = if let Some(query) = query {`
			`format!("{}?{}", path, query)`
			`} else {`
			`path.to_string()`
			`};`

Care the case of invalid header value 2021-02-04 07:44:06 +01:00			`let mut headers_vec = Vec::with_capacity(headers.len());`
			`for (h, v) in headers.iter() {`
			`let v = v.to_str();`
			`if v.is_err() {`
			`warn!("invalid header error: {:?}", v.unwrap_err());`
			`return Err(Error());`
			`}`
			`headers_vec.push((h.as_str().to_lowercase(), v.expect("Unreachable")));`
			`}`
Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00			`let request_target = format!("{} {}", method.to_lowercase(), origin_form);`
Care the case of invalid header value 2021-02-04 07:44:06 +01:00			`headers_vec.push(("(request-target)".to_string(), &request_target));`
Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00
Care the case of invalid header value 2021-02-04 07:44:06 +01:00			`let signed_string = headers_vec`
Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00			`.iter()`
			`.map(\|(h, v)\| format!("{}: {}", h, v))`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`.collect::<Vec<String>>()`
			`.join("\n");`
Care the case of invalid header value 2021-02-04 07:44:06 +01:00			`let signed_headers = headers_vec`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`.iter()`
Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00			`.map(\|(h, _)\| h.as_ref())`
Add unit tests for main model parts (#310) Add tests for following models: - Blog - Instance - Media - User 2018-11-24 12:44:17 +01:00			`.collect::<Vec<&str>>()`
Include (request-target) and Host header to HTTP Signature 2021-01-20 18:45:29 +01:00			`.join(" ");`
Version bump 0.1.x was the pre-alpha. The first Alpha will be 0.2.x 2018-09-11 20:53:14 +02:00
Define custom errors 2021-01-15 16:43:41 +01:00			`let data = signer.sign(&signed_string).map_err(\|_\| Error())?;`
Run cargo clippy on whole project (#322) * Run cargo clippy on plume-common Run clippy on plume-common and adjuste code accordingly * Run cargo clippy on plume-model Run clippy on plume-model and adjuste code accordingly * Reduce need for allocation in plume-common * Reduce need for allocation in plume-model add a quick compilation failure if no database backend is enabled * Run cargo clippy on plume-cli * Run cargo clippy on plume 2018-11-26 10:21:52 +01:00			`let sign = base64::encode(&data);`
HTTP signature when sending activites 2018-05-04 17:18:00 +02:00
Update webfinger and reqwest Update webfinger to 0.3.1 Update reqwest to 0.9 Fix #257 2018-10-11 13:51:45 +02:00			`HeaderValue::from_str(&format!(`
Fix request signatures We don't need to sha256 actually 2018-05-08 21:38:37 +02:00			`"keyId=\"{key_id}\",algorithm=\"rsa-sha256\",headers=\"{signed_headers}\",signature=\"{signature}\"",`
Remove PgConnection when we don't need it Massive simplification in the ActivityPub module! 2018-06-21 17:31:42 +02:00			`key_id = signer.get_key_id(),`
HTTP signature when sending activites 2018-05-04 17:18:00 +02:00			`signed_headers = signed_headers,`
			`signature = sign`
Define custom errors 2021-01-15 16:43:41 +01:00			`)).map_err(\|_\| Error())`
HTTP signature when sending activites 2018-05-04 17:18:00 +02:00			`}`
Add test for signagure() 2021-02-05 02:23:54 +01:00
			`#[cfg(test)]`
			`mod tests {`
			`use super::{signature, Error};`
			`use crate::activity_pub::sign::{gen_keypair, Signer};`
			`use openssl::{hash::MessageDigest, pkey::PKey, rsa::Rsa};`
			`use reqwest::header::HeaderMap;`

			`struct MySigner {`
			`public_key: String,`
			`private_key: String,`
			`}`

			`impl MySigner {`
			`fn new() -> Self {`
			`let (pub_key, priv_key) = gen_keypair();`
			`Self {`
			`public_key: String::from_utf8(pub_key).unwrap(),`
			`private_key: String::from_utf8(priv_key).unwrap(),`
			`}`
			`}`
			`}`

			`impl Signer for MySigner {`
			`type Error = Error;`

			`fn get_key_id(&self) -> String {`
			`"mysigner".into()`
			`}`

			`fn sign(&self, to_sign: &str) -> Result<Vec<u8>, Self::Error> {`
			`let key = PKey::from_rsa(Rsa::private_key_from_pem(self.private_key.as_ref()).unwrap())`
			`.unwrap();`
			`let mut signer = openssl::sign::Signer::new(MessageDigest::sha256(), &key).unwrap();`
			`signer.update(to_sign.as_bytes()).unwrap();`
			`signer.sign_to_vec().map_err(\|_\| Error())`
			`}`

			`fn verify(&self, data: &str, signature: &[u8]) -> Result<bool, Self::Error> {`
			`let key = PKey::from_rsa(Rsa::public_key_from_pem(self.public_key.as_ref()).unwrap())`
			`.unwrap();`
			`let mut verifier = openssl::sign::Verifier::new(MessageDigest::sha256(), &key).unwrap();`
			`verifier.update(data.as_bytes()).unwrap();`
			`verifier.verify(&signature).map_err(\|_\| Error())`
			`}`
			`}`

			`#[test]`
			`fn test_signature_request_target() {`
			`let signer = MySigner::new();`
			`let headers = HeaderMap::new();`
			`let result = signature(&signer, &headers, ("post", "/inbox", None)).unwrap();`
			`let fields: Vec<&str> = result.to_str().unwrap().split(",").collect();`
			`assert_eq!(r#"headers="(request-target)""#, fields[2]);`
			`let sign = &fields[3][11..(fields[3].len() - 1)];`
			`assert!(signer.verify("post /inbox", sign.as_bytes()).is_ok());`
			`}`
			`}`