def sign(self, msg: Mapping) -> Mapping: """ Return a signature for the given message. """ ser = serializeForSig(msg) bsig = self.naclSigner.signature(ser) b64sig = base64_encode(bsig) sig = b64sig.decode('utf-8') return sig
def authenticate(self, msg: Mapping, identifier: str=None, signature: str=None) -> bool: """ Authenticate the client's message with the signature provided. :param identifier: some unique identifier; if None, then try to use msg['clientId'] as identifier :param signature: a utf-8 and base64 encoded signature :param msg: the message to authenticate :return: the identifier; an exception of type SigningException is raised if the signature is not valid """ try: if not signature: try: signature = msg["signature"] if not signature: raise EmptySignature except KeyError: raise MissingSignature if not identifier: try: identifier = msg[f.CLIENT_ID.nm] if not identifier: raise EmptyIdentifier except KeyError: raise MissingIdentifier b64sig = signature.encode('utf-8') sig = b64decode(b64sig) ser = serializeForSig(msg) try: verkey = self.clients[identifier] except KeyError: raise InvalidIdentifier vr = Verifier(verkey) isVerified = vr.verify(sig, ser) if not isVerified: raise InvalidSignature except SigningException: raise except Exception as ex: raise CouldNotAuthenticate from ex return identifier