def __call__(self, request): now = int(time.time()) sign_time = "{begin};{end}".format(begin=now, end=now+self.__expire) SignKey = hmac_sha1(self.__secretKey, sign_time) HttpString = "{method}\n{uri}\n{params}\n{headers}\n".format( method = request.method.lower(), uri = urlparse(request.path_url).path, params = '&'.join('='.join((k.lower(),v.lower())) for k,v in sorted(self.__params.items())), headers = '&'.join('='.join((k.lower(),quote(v, safe=''))) for k,v in sorted(request.headers.items())) ) StringToSign = 'sha1\n{time}\n{sha1}\n'.format(time=sign_time, sha1=hashlib.sha1(to_bytes(HttpString)).hexdigest()) Signature = hmac_sha1(SignKey, StringToSign) request.headers['Authorization'] = '&'.join('='.join((k,v)) for k,v in OrderedDict({ "q-sign-algorithm": "sha1", "q-ak": self.__secretId, "q-sign-time": sign_time, "q-key-time": sign_time, "q-header-list": ';'.join(k.lower() for k in sorted(request.headers.keys())), "q-url-param-list": ';'.join(k.lower() for k in sorted(self.__params.keys())), "q-signature": Signature, }).items()) return request
def check_signature(request, secret_key): if isinstance(secret_key, unicode): secret_key = secret_key.encode("UTF-8") if not 'HTTP_X_SHELL_SIGNATURE' in request.META: raise BadSignature("X-Shell-Signature header missing") sent_signature_header = request.META['HTTP_X_SHELL_SIGNATURE'] m = re.match(r'^\s*(\S+)\s+(\S+)\s*$', sent_signature_header) if not m: raise BadSignature("Can't parse X-Shell-Signature header") signature_method = _dequote(m.group(1)) sent_signature = _dequote(m.group(2)) if signature_method != "HMAC-SHA1": raise BadSignature("Bad signature method '%s'" % signature_method) signature_data = request.method + "&" if request.is_secure(): signature_data += "https://" else: signature_data += "http://" signature_data += request.get_host() signature_data += request.path params = [] for key, values in request.GET.iterlists(): for value in values: params.append(urllib.quote(key, "~") + "=" + urllib.quote(value, "~")) if len(params) > 0: signature_data += "&" + "&".join(sorted(params)) signature_data += "&&" h = util.hmac_sha1(secret_key.encode("UTF-8")) h.update(signature_data) h.update(request.raw_post_data) expected_signature = urllib.quote(base64.b64encode(h.digest()), "~") if sent_signature != expected_signature: raise BadSignature("Bad signature")
def make_auth(self, action): return 'sha1_' + util.hmac_sha1(settings.SECRET_KEY, action + "&" + str(self.id)).hexdigest()
def make_auth(self, action): return 'sha1_' + util.hmac_sha1( settings.SECRET_KEY, action + "&" + str(self.id)).hexdigest()