def sign(self, msg: Mapping) -> Mapping:
"""
Return a signature for the given message.
"""
ser = serializeForSig(msg)
bsig = self.naclSigner.signature(ser)
b64sig = base64_encode(bsig)
sig = b64sig.decode('utf-8')
return sig
def authenticate(self,
msg: Mapping,
identifier: str=None,
signature: str=None) -> bool:
"""
Authenticate the client's message with the signature provided.
:param identifier: some unique identifier; if None, then try to use
msg['clientId'] as identifier
:param signature: a utf-8 and base64 encoded signature
:param msg: the message to authenticate
:return: the identifier; an exception of type SigningException is
raised if the signature is not valid
"""
try:
if not signature:
try:
signature = msg["signature"]
if not signature:
raise EmptySignature
except KeyError:
raise MissingSignature
if not identifier:
try:
identifier = msg[f.CLIENT_ID.nm]
if not identifier:
raise EmptyIdentifier
except KeyError:
raise MissingIdentifier
b64sig = signature.encode('utf-8')
sig = b64decode(b64sig)
ser = serializeForSig(msg)
try:
verkey = self.clients[identifier]
except KeyError:
raise InvalidIdentifier
vr = Verifier(verkey)
isVerified = vr.verify(sig, ser)
if not isVerified:
raise InvalidSignature
except SigningException:
raise
except Exception as ex:
raise CouldNotAuthenticate from ex
return identifier
