def get_oauth_parameters(self, uri, method, payload, consumer_key, signing_key): # Get all the base parameters such as nonce and timestamp oauth_parameters = OAuthParameters() oauth_parameters.set_oauth_consumer_key(consumer_key) oauth_parameters.set_oauth_nonce(OAuth.get_nonce()) oauth_parameters.set_oauth_timestamp(OAuth.get_timestamp()) oauth_parameters.set_oauth_signature_method("RSA-SHA256") oauth_parameters.set_oauth_version("1.0") if method != "GET" and method != "DELETE" and method != "HEAD": encoded_hash = util.base64_encode(util.sha256_encode(payload)) oauth_parameters.set_oauth_body_hash(encoded_hash) # Get the base string base_string = OAuth.get_base_string( uri, method, oauth_parameters, oauth_parameters.get_base_parameters_dict()) # Sign the base string using the private key signature = OAuth.sign_message(self, base_string, signing_key) # Set the signature in the Base parameters oauth_parameters.set_oauth_signature(signature) return oauth_parameters
def test_body_hash3(self): oauth_parameters = OAuthParameters() encoded_hash = Util.base64_encode( Util.sha256_encode("{\"foƵ\":\"bar\"}")) oauth_parameters.set_oauth_body_hash(encoded_hash) self.assertEqual("+Z+PWW2TJDnPvRcTgol+nKO3LT7xm8smnsg+//XMIyI=", encoded_hash)
def test_body_hash2(self): oauth_parameters = OAuthParameters() encoded_hash = Util.base64_encode(Util.sha256_encode(None)) # print(encoded_hash) oauth_parameters.set_oauth_body_hash(encoded_hash) self.assertEqual("3JN7WYkmBPWoaslpNs1/8J4l8Yrmt1joAUokx/oDnpE=", encoded_hash)
def test_body_hash1(self): oauth_parameters = OAuthParameters() encoded_hash = Util.base64_encode( Util.sha256_encode(OAuth.EMPTY_STRING)) oauth_parameters.set_oauth_body_hash(encoded_hash) self.assertEqual("47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", encoded_hash)
def test_signature_base_string2(self): body = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><ns2:TerminationInquiryRequest xmlns:ns2=\"http://mastercard.com/termination\"><AcquirerId>1996</AcquirerId><TransactionReferenceNumber>1</TransactionReferenceNumber><Merchant><Name>TEST</Name><DoingBusinessAsName>TEST</DoingBusinessAsName><PhoneNumber>5555555555</PhoneNumber><NationalTaxId>1234567890</NationalTaxId><Address><Line1>5555 Test Lane</Line1><City>TEST</City><CountrySubdivision>XX</CountrySubdivision><PostalCode>12345</PostalCode><Country>USA</Country></Address><Principal><FirstName>John</FirstName><LastName>Smith</LastName><NationalId>1234567890</NationalId><PhoneNumber>5555555555</PhoneNumber><Address><Line1>5555 Test Lane</Line1><City>TEST</City><CountrySubdivision>XX</CountrySubdivision><PostalCode>12345</PostalCode><Country>USA</Country></Address><DriversLicense><Number>1234567890</Number><CountrySubdivision>XX</CountrySubdivision></DriversLicense></Principal></Merchant></ns2:TerminationInquiryRequest>" url = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0&PageLength=10" method = "POST" oauth_parameters = OAuthParameters() oauth_parameters.set_oauth_consumer_key( "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx") oauth_parameters.set_oauth_nonce("1111111111111111111") oauth_parameters.set_oauth_timestamp("1111111111") oauth_parameters.set_oauth_version("1.0") oauth_parameters.set_oauth_body_hash("body/hash") encoded_hash = Util.base64_encode(Util.sha256_encode(body)) oauth_parameters.set_oauth_body_hash(encoded_hash) oauth_parameters_base = oauth_parameters.get_base_parameters_dict() merge_parameters = oauth_parameters_base.copy() norm_params = Util.normalize_params("", merge_parameters) # print(oauth_parameters_base) query_params = OAuth.get_query_params(url) # print(query_params) normalize_params = Util.normalize_params("", query_params) base_string = OAuth.get_base_string( url, method, oauth_parameters, oauth_parameters.get_base_parameters_dict()) expected = "POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Ffraud%2Fmerchant%2Fv1%2Ftermination-inquiry&Format%3DXML%26PageLength%3D10%26PageOffset%3D0%26oauth_body_hash%3Dh2Pd7zlzEZjZVIKB4j94UZn%2FxxoR3RoCjYQ9%2FJdadGQ%253D%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26oauth_nonce%3D1111111111111111111%26oauth_timestamp%3D1111111111%26oauth_version%3D1.0" self.maxDiff = None self.assertEqual(expected, base_string)
def get_oauth_parameters(self, uri, method, payload, consumer_key, signing_key): # Get all the base parameters such as nonce and timestamp oauth_parameters = OAuthParameters() oauth_parameters.set_oauth_consumer_key(consumer_key) oauth_parameters.set_oauth_nonce(OAuth.get_nonce(self)) oauth_parameters.set_oauth_timestamp(OAuth.get_timestamp(self)) oauth_parameters.set_oauth_signature_method("RSA-SHA256") oauth_parameters.set_oauth_version("1.0") payload_str = json.dumps(payload) if type(payload) is dict else payload if not payload_str: # If the request does not have an entity body, the hash should be taken over the empty string payload_str = OAuth.EMPTY_STRING encoded_hash = util.base64_encode(util.sha256_encode(payload_str)) oauth_parameters.set_oauth_body_hash(encoded_hash) # Get the base string base_string = OAuth.get_base_string( self, uri, method, oauth_parameters.get_base_parameters_dict()) # Sign the base string using the private key signature = OAuth.sign_message(self, base_string, signing_key) # Set the signature in the Base parameters oauth_parameters.set_oauth_signature(signature) return oauth_parameters
def get_encoded_body_hash(self, payload): payload_str = json.dumps(payload) if type(payload) is dict else payload if not payload_str: # If the request does not have an entity body, the hash should be taken over the empty string payload_str = OAuth.EMPTY_STRING encoded_hash = util.base64_encode(util.sha256_encode(payload_str)) return util.uri_rfc3986_encode(encoded_hash)
def test_signature(self): oauth_object = OAuth1RSA(OAuthExtTest.consumer_key, OAuthExtTest.signing_key) oauth_signature_object = oauth_object.signature(OAuthExtTest.data) signature = util.base64_encode( crypto.sign(OAuthExtTest.signing_key, OAuthExtTest.data, HASH_SHA256)) self.assertEqual(signature, oauth_signature_object)
def test_oauth_body_hash_with_body_bytes(self): oauth_object = OAuth1RSA(OAuthExtTest.consumer_key, OAuthExtTest.signing_key) OAuthExtTest.mock_prepared_request.body = b'{"A" : OAuthExtTest.data}' # Passing mock data to the actual func to get the value oauth_body_hash_object = oauth_object.oauth_body_hash( OAuthExtTest.mock_prepared_request, OAuthExtTest.payload) # Using mock data to find the hash value hashlib_val = hashlib.sha256( OAuthExtTest.mock_prepared_request.body).digest() payload_hash_value = util.uri_rfc3986_encode( util.base64_encode(hashlib_val)) self.assertEqual(oauth_body_hash_object['oauth_body_hash'], payload_hash_value)
def test_oauth_body_hash_with_body_multipart(self): oauth_object = OAuth1RSA(OAuthExtTest.consumer_key, OAuthExtTest.signing_key) mock_request = PreparedRequest() mock_request.prepare(headers={'Content-type': 'multipart/form-data'}, method="GET", url="http://www.mastercard.com") # Passing mock data to the actual func to get the value oauth_body_hash_object = oauth_object.oauth_body_hash( mock_request, OAuthExtTest.payload) # Using mock data to find the hash value hashlib_val = hashlib.sha256( str(OAuthExtTest.mock_prepared_request.body).encode( 'utf8')).digest() payload_hash_value = util.uri_rfc3986_encode( util.base64_encode(hashlib_val)) self.assertEqual(oauth_body_hash_object['oauth_body_hash'], payload_hash_value)
def sign_message(self, message, signing_key): # Signs the message using the private key with sha1 as digest sign = crypto.sign(signing_key, message.encode("utf-8"), 'SHA256') return util.base64_encode(sign)