def _sign(self, pdata, sks, dump_json_data):
if not isinstance(sks, list):
sks = [sks]
jheader = '{"alg": "ES256"}'
jheader_b64 = base64url_encode(jheader)
jpayload = json.dumps(pdata) if dump_json_data else pdata
jpayload_b64 = base64url_encode(jpayload)
pdata_sig = {'payload': jpayload_b64,
'signatures': []}
for sk in sks:
sig_string_b64 = jws.sign(jheader, jpayload, sk, is_json=True)
order = sk.curve.order
sig_string = base64url_decode(sig_string_b64)
r, s = sigdecode_string(sig_string, order)
sig_der = sigencode_der(r, s, order)
sig_der_b64 = base64url_encode(sig_der)
pdata_sig['signatures'].append({'protected': jheader_b64,
'signature': sig_der_b64})
return pdata_sig
def b64url_dec(b64url, e=None):
try:
# Adding `str` wrapper here avoids a TypeError
return base64url_decode(str(b64url))
except TypeError, msg:
if e is None:
raise TypeError(msg)
else:
raise e
def _create_auth_token(self, sk, profile):
jheader = '{"alg": "ES256"}'
jheader_b64 = base64url_encode(jheader)
body = {'id': profile.profile_id, 'timestamp': int(time.time())}
jbody = json.dumps(body)
jbody_b64 = base64url_encode(jbody)
sig_string_b64 = jws.sign(jheader, jbody, sk, is_json=True)
order = sk.curve.order
sig_string = base64url_decode(sig_string_b64)
r, s = sigdecode_string(sig_string, order)
sig_der = sigencode_der(r, s, order)
sig_der_b64 = base64url_encode(sig_der)
return '{0}.{1}.{2}'.format(jheader_b64, jbody_b64, sig_der_b64)
