def sign_headers(account, method, path):
sign = HeaderSigner(account.ap_id(),
account.private_key,
algorithm='rsa-sha256',
headers=['(request-target)', 'date'
]).sign({'Date': datetime.now().isoformat()},
method=method,
path=path)
auth = sign.pop('authorization')
sign['Signature'] = auth[len('Signature '):] if auth.startswith(
'Signature ') else ''
return sign
def build_signature(self, user_api_key, user_secret, request):
"""Return the signature for the request."""
path = request.get_full_path()
sent_signature = request.META.get(
self.header_canonical('Authorization'))
signature_headers = self.get_headers_from_signature(sent_signature)
unsigned = self.build_dict_to_sign(request, signature_headers)
# Sign string and compare.
signer = HeaderSigner(
key_id=user_api_key, secret=user_secret,
headers=signature_headers, algorithm=self.ALGORITHM)
signed = signer.sign(unsigned, method=request.method, path=path)
return signed['authorization']
def build_signature(self, user_api_key, user_secret, request):
"""Return the signature for the request."""
path = request.get_full_path()
sent_signature = request.META.get(
self.header_canonical('Authorization'))
signature_headers = self.get_headers_from_signature(sent_signature)
unsigned = self.build_dict_to_sign(request, signature_headers)
# Sign string and compare.
signer = HeaderSigner(
key_id=user_api_key, secret=user_secret,
headers=signature_headers, algorithm=self.ALGORITHM)
signed = signer.sign(unsigned, method=request.method, path=path)
return signed['authorization']
def sign_headers(u, headers):
"""
"""
key_id = u['publicKey']['@id']
secret = u['privateKey']
hs = HeaderSigner(key_id, secret, algorithm='rsa-sha256')
auth = hs.sign({"Date": http_date()})
# thanks to https://github.com/snarfed for the authorization -> signature headers hack
# this is necessary because httpsig.HeaderSigner returns an Authorization header instead of Signature
auth['Signature'] = auth.pop('authorization')
assert auth['Signature'].startswith('Signature ')
auth['Signature'] = auth['Signature'][len('Signature '):]
auth.update(headers)
return auth
#!/usr/bin/env python3
from httpsig import HeaderSigner
ENDPOINT = '/api'
METHOD = 'GET'
KEYID = 'some-key'
SECRET = 'my secret string'
SIGNATURE = 'some.signature'
headers = ['(request-target)', 'accept', 'date', 'host']
hs = HeaderSigner(KEYID, SECRET, "hmac-sha256", headers)
unsigned = {
'Host': 'localhost:8000',
'Date': 'Mon, 17 Feb 2014 06:11:05 GMT',
'Accept': 'application/json',
}
signed = hs.sign(unsigned, method="GET", path='/packages/measures/')
print(signed)
