sigparams

type Params struct {
	// KeyID is the identifier for the key to use for signing requests.
	KeyID string

	// Tag is an application-specific tag for the signature as a String value.
	// This value is used by applications to help identify signatures relevant for specific applications or protocols.
	// See: https://www.rfc-editor.org/rfc/rfc9421.html#section-2.3-4.12
	Tag string

	Alg string

	// CoveredComponents specify the components of the request
	// to be covered with the signature.
	//
	// An ordered set of HTTP message component identifiers for fields (Section 2.1)
	// and derived components (Section 2.2) that indicates the set of message components
	// covered by the signature, never including the @signature-params identifier itself.
	// The order of this set is preserved and communicated between the signer and verifier
	// to facilitate reconstruction of the signature base.
	//
	// See: https://www.rfc-editor.org/rfc/rfc9421.html#section-1.1-7.18.1
	CoveredComponents []string

	Nonce string

	Created time.Time

	Expires time.Time
}

type ValidateOpts struct {
	// ForbidClientSideAlg requires that the client-side alg specifier
	// is empty.
	ForbidClientSideAlg bool

	// BeforeDuration is the duration before now which a signature is invalid.
	// This should be set to a small value in production, such as time.Minute.
	BeforeDuration time.Duration

	// AfterDuration is the duration after now which a signature is invalid.
	// This should be set to zero in production to prevent
	// signatures being validated with a timestamp that is in the future.
	AfterDuration time.Duration

	// RequiredCoveredComponents, if specified, requires a set of mandatory
	// covered components which must be included in the params.
	RequiredCoveredComponents map[string]bool

	// RequireNonce, if true, requires the 'nonce' field to be set.
	RequireNonce bool
}