def generate_signature(self, secret_key, data): """ Generate a signature for the given data dict. """ keys = data['signed_field_names'].split(',') message = ','.join( ['{key}={value}'.format(key=key, value=data[key]) for key in keys]) return sign(message, secret_key)
def _generate_signature(self, parameters): """ Sign the contents of the provided transaction parameters dictionary. This allows CyberSource to verify that the transaction parameters have not been tampered with during transit. The parameters dictionary should contain a key 'signed_field_names' which CyberSource uses to validate the signature. The message to be signed must contain parameter keys and values ordered in the same way they appear in 'signed_field_names'. We also use this signature to verify that the signature we get back from Cybersource is valid for the parameters that they are giving to us. Arguments: parameters (dict): A dictionary of transaction parameters. Returns: unicode: the signature for the given parameters """ keys = parameters[u'signed_field_names'].split(u',') # Generate a comma-separated list of keys and values to be signed. CyberSource refers to this # as a 'Version 1' signature in their documentation. message = u','.join([ u'{key}={value}'.format(key=key, value=parameters.get(key)) for key in keys ]) return sign(message, self.secret_key)
def _generate_signature(self, parameters, use_sop_profile): """ Sign the contents of the provided transaction parameters dictionary. This allows CyberSource to verify that the transaction parameters have not been tampered with during transit. The parameters dictionary should contain a key 'signed_field_names' which CyberSource uses to validate the signature. The message to be signed must contain parameter keys and values ordered in the same way they appear in 'signed_field_names'. We also use this signature to verify that the signature we get back from Cybersource is valid for the parameters that they are giving to us. Arguments: parameters (dict): A dictionary of transaction parameters. use_sop_profile (bool): Indicates if the Silent Order POST profile should be used. Returns: unicode: the signature for the given parameters """ keys = parameters['signed_field_names'].split(',') secret_key = self.sop_secret_key if use_sop_profile else self.secret_key # Generate a comma-separated list of keys and values to be signed. CyberSource refers to this # as a 'Version 1' signature in their documentation. message = ','.join(['{key}={value}'.format(key=key, value=parameters.get(key)) for key in keys]) return sign(message, secret_key)
def _generate_signature(self, parameters): """Sign the contents of the provided transaction parameters dictionary. This allows CyberSource to verify that the transaction parameters have not been tampered with during transit. The parameters dictionary should contain a key 'signed_field_names' which CyberSource uses to validate the signature. The message to be signed must contain parameter keys and values ordered in the same way they appear in 'signed_field_names'. We also use this signature to verify that the signature we get back from Cybersource is valid for the parameters that they are giving to us. Arguments: parameters (dict): A dictionary of transaction parameters. Returns: unicode: the signature for the given parameters """ target_parameters = parameters[CS.FIELD_NAMES.SIGNED_FIELD_NAMES].split(CS.SEPARATOR) # Generate a comma-separated list of keys and values to be signed. CyberSource refers to this # as a 'Version 1' signature in their documentation. message = CS.SEPARATOR.join( [CS.MESSAGE_SUBSTRUCTURE.format( key=key, value=parameters.get(key) ) for key in target_parameters] ) return sign(message, self.secret_key)
def _generate_signature(self, parameters, use_sop_profile): """ Sign the contents of the provided transaction parameters dictionary. This allows CyberSource to verify that the transaction parameters have not been tampered with during transit. The parameters dictionary should contain a key 'signed_field_names' which CyberSource uses to validate the signature. The message to be signed must contain parameter keys and values ordered in the same way they appear in 'signed_field_names'. We also use this signature to verify that the signature we get back from Cybersource is valid for the parameters that they are giving to us. Arguments: parameters (dict): A dictionary of transaction parameters. use_sop_profile (bool): Indicates if the Silent Order POST profile should be used. Returns: unicode: the signature for the given parameters """ order_number = None basket_id = None if 'reference_number' in parameters: order_number = parameters['reference_number'] elif 'req_reference_number' in parameters: order_number = parameters['req_reference_number'] if order_number: basket_id = str(OrderNumberGenerator().basket_id(order_number)) logger.info( 'Signing CyberSource payment data for basket [%s], to become order [%s].', basket_id, order_number) keys = parameters['signed_field_names'].split(',') secret_key = self.sop_secret_key if use_sop_profile else self.secret_key # Generate a comma-separated list of keys and values to be signed. CyberSource refers to this # as a 'Version 1' signature in their documentation. message = ','.join([ '{key}={value}'.format(key=key, value=parameters.get(key)) for key in keys ]) return sign(message, secret_key)
def generate_signature(self, secret_key, data): """ Generate a signature for the given data dict. """ keys = data['signed_field_names'].split(',') message = ','.join(['{key}={value}'.format(key=key, value=data[key]) for key in keys]) return sign(message, secret_key)
def test_sign(self): """ Verify the function returns a valid HMAC SHA-256 signature. """ message = "This is a super-secret message!" secret = "password" expected = "qU4fRskS/R9yZx/yPq62sFGOUzX0GSUtmeI6bPVsqao=" self.assertEqual(helpers.sign(message, secret), expected)