зеркало из https://github.com/microsoft/CCF.git
github-actions[bot]
GitHub
Родитель
c9a0d18b4b
Коммит
d9ce336354
|
|
@ -266,6 +266,11 @@ html_context = {
|
|||
"doc_path": "doc/",
|
||||
}
|
||||
|
||||
# Configuration for sphinxcontrib-httpdomain, without which the following error happens
|
||||
# ERROR: HTTP status code must be an integer (e.g. `200`) or start with an integer (e.g. `200 OK`);
|
||||
# <#text: 'default'> is invalid
|
||||
http_strict_mode = False
|
||||
|
||||
# Python autodoc options
|
||||
autodoc_default_options = {
|
||||
"member-order": "bysource",
|
||||
|
|
|
|||
|
|
@ -35,8 +35,8 @@ In some situations CCF requires signed requests, for example for member votes. T
|
|||
HTTP Signatures
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
An implementation of `IETF HTTP Signatures draft RFC <https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08>`_, but
|
||||
supports `ecdsa-sha256` as well as `hs2019` signing algorithms as described in the later `draft 12 <https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12>`_
|
||||
An implementation of `IETF HTTP Signatures draft RFC <https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08>`_ , but
|
||||
supports `ecdsa-sha256` as well as `hs2019` signing algorithms as described in the later `draft 12 <https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12>`_.
|
||||
We provide a wrapper script (``scurl.sh``) around ``curl`` to submit signed requests from the command line.
|
||||
This passes most args verbatim to ``curl``, but expects additional ``--signing-cert`` and ``--signing-key`` args which specify the identity used to sign the request.
|
||||
These are distinct from the ``--cert`` and ``--key`` args which are passed to ``curl`` as the client TLS identity, and may specify a different identity.
|
||||
|
|
@ -52,12 +52,12 @@ For example, the CCF test infrastructure uses a custom authentication provider f
|
|||
COSE Sign1
|
||||
~~~~~~~~~~
|
||||
|
||||
Since 3.0, CCF also accepts signed requests in `COSE Sign1<https://www.rfc-editor.org/rfc/rfc8152#section-4.2>`_ format.
|
||||
Since 3.0, CCF also accepts signed requests in `COSE Sign1 <https://www.rfc-editor.org/rfc/rfc8152#section-4.2>`_ format.
|
||||
|
||||
CCF identifies the signing identity for a request via the SHA-256 digest of its certificate, represented as a hex string.
|
||||
That value must be set in the ``kid`` protected header. Additional protected headers may be necessary, for example governance endpoints
|
||||
require setting ``ccf.gov.msg.type``, and optionally ``ccf.gov.msg.proposal_id`` on the message types where it applies.
|
||||
|
||||
A signing script (``ccf_cose_sign1``) is provided as part of the `ccf Python package<https://pypi.org/project/ccf/>`_. The output can be piped directly into curl, or any other HTTP client.
|
||||
A signing script (``ccf_cose_sign1``) is provided as part of the `ccf Python package <https://pypi.org/project/ccf/>`_. The output can be piped directly into curl, or any other HTTP client.
|
||||
|
||||
Commands can also be signed using the pycose library, and sent with any standard HTTP library such as `Python HTTPX <https://www.python-httpx.org/>`_.
|
||||
Загрузка…
Ссылка в новой задаче