def get_query_string(self, parameters):
"""Return a query string for the given keyword arguments.
This will include the correct calleryKey, version, and
generated query signature needed by amazon.
"""
parameters.setdefault('callerKey', self.access_key_id)
parameters.setdefault('version', AMAZON_FPS_VERSION)
parameters.setdefault('SignatureVersion', '2')
if parameters['SignatureVersion'] == '2':
parameters.setdefault('SignatureMethod', 'HmacSHA256')
parameters['Signature'] = util.get_signature(self.secret_key, parameters, self.endpoint)
else:
parameters['awsSignature'] = util.get_signature(self.secret_key, parameters, self.endpoint)
return util.query_string(parameters)
def get_query_string(self, parameters):
"""Return a query string for the given keyword arguments.
This will include the correct calleryKey, version, and
generated query signature needed by amazon.
"""
parameters.setdefault('AWSAccessKeyId', self.access_key_id)
parameters.setdefault('Version', AMAZON_FPS_API_VERSION)
parameters['SignatureVersion'] = '1'
parameters['Signature'] = util.get_signature(self.secret_key, parameters)
return util.query_string(parameters)
def test_validate_signature(self):
client = base.AmazonFPSClient(
access_key_id="1DSE1XP1AXT7YPP0P702",
secret_key="G8FWjm4ZfxEMGdn+BupwnQQ+W78BJE1dWptxkZeE")
sig = util.get_signature(client.secret_key, {"foo":"bar"})
self.assertTrue(client.validate_signature({"foo":"bar","signature":sig}))
self.assertFalse(client.validate_signature({"foo":"baz","signature":sig}))
self.assertTrue(client.validate_signature({"foo":"bar"}, signature=sig))
self.assertFalse(client.validate_signature({"foo":"baz"}, signature=sig))
def test_validate_signature(self):
client = base.AmazonFPSClient(
access_key_id="1DSE1XP1AXT7YPP0P702",
secret_key="G8FWjm4ZfxEMGdn+BupwnQQ+W78BJE1dWptxkZeE")
client.endpoint = "https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start"
sig = util.get_signature(client.secret_key, {"foo":"bar"})
self.assertTrue(client.validate_signature({"foo":"bar","signature":sig}))
self.assertFalse(client.validate_signature({"foo":"baz","signature":sig}))
self.assertTrue(client.validate_signature({"foo":"bar"}, signature=sig))
self.assertFalse(client.validate_signature({"foo":"baz"}, signature=sig))
#test version 2 signature
sig = util.get_signature(client.secret_key, {"foo":"bar", "signatureVersion":"2"}, self.endpoint)
self.assertTrue(client.validate_signature({"foo":"bar","signature":sig, "signatureVersion":"2"}, self.endpoint))
self.assertFalse(client.validate_signature({"foo":"baz","signature":sig, "signatureVersion":"2"}, self.endpoint))
self.assertTrue(client.validate_signature({"foo":"bar", "signatureVersion":"2"}, signature=sig, self.endpoint))
self.assertFalse(client.validate_signature({"foo":"baz", "signatureVersion":"2"}, signature=sig, self.endpoint))
def validate_signature(self, parameters, signature=None, raise_error=False):
if not (signature is not None or 'signature' in parameters):
raise AssertionError("expected signature in parameters: %r" %parameters)
parameters = copy.copy(parameters)
signature = signature or parameters.pop('signature')
sig_should_be = util.get_signature(self.secret_key, parameters)
matches = signature == sig_should_be
if not matches:
LOGGER.debug("Signatures did not match. Expected %r but got %r",
sig_should_be, signature)
if raise_error:
LOGGER.error("Invalid Signature %r for %r", signature, parameters)
raise InvalidSignatureError("Invalid Signature.", signature, parameters)
return matches
def validate_signature(self, parameters, signature=None, raise_error=False, url_end_point=None):
if conf.DEFAULT_SIGNATURE_VERSION == "2":
assert url_end_point, "The url_end_point is a required parameter for version 2 Signatures."
# @TODO - the api call won't work since api.py imports base.py (circular import). Need to resolve circular import or implement PKI method (ugh!).
#client = api.ApiClient()
#response = client.verify_signature(url_end_point, parameters)
http_parameters = urllib.urlencode(parameters)
assert type(http_parameters) in [str, unicode], "http_parameters must be a string"
self.endpoint = SANDBOX_ENDPOINT if conf.RUN_IN_SANDBOX else ENDPOINT
timestamp = time.strftime(TIME_FORMAT, time.gmtime())
qs = util.query_string({
'Action':'VerifySignature',
'Timestamp':timestamp,
'AWSAccessKeyId': self.access_key_id,
'Version': AMAZON_FPS_API_VERSION,
'UrlEndPoint': url_end_point,
'HttpParameters': http_parameters,})
url = self.endpoint+'/'+qs
try:
data = urlopen(url).read()
response = xml.VerifySignatureResponse(data)
except HTTPError as e:
data = e.read()
response = xml.Response(data)
try:
matches = response.verificationStatus == 'Success'
except AttributeError:
matches = False
if not matches:
LOGGER.error("Signature Verification failed.")
if raise_error:
raise InvalidSignatureError("Invalid Signature.", "", parameters)
return matches
else:
if not (signature is not None or 'signature' in parameters):
raise AssertionError("expected signature in parameters: %r" %parameters)
parameters = copy.copy(parameters)
signature = signature or parameters.pop('signature')
sig_should_be = util.get_signature(self.secret_key, parameters, self.endpoint)
matches = signature == sig_should_be
if not matches:
LOGGER.debug("Signatures did not match. Expected %r but got %r",
sig_should_be, signature)
if raise_error:
LOGGER.error("Invalid Signature %r for %r", signature, parameters)
raise InvalidSignatureError("Invalid Signature.", signature, parameters)
return matches
try:
matches = response.verificationStatus == 'Success'
except AttributeError:
matches = False
if not matches:
LOGGER.error("Signature Verification failed.")
if raise_error:
raise InvalidSignatureError("Invalid Signature.", "", parameters)
return matches
else:
if not (signature is not None or 'signature' in parameters):
raise AssertionError("expected signature in parameters: %r" %parameters)
parameters = copy.copy(parameters)
signature = signature or parameters.pop('signature')
sig_should_be = util.get_signature(self.secret_key, parameters, self.endpoint)
matches = signature == sig_should_be
if not matches:
LOGGER.debug("Signatures did not match. Expected %r but got %r",
sig_should_be, signature)
if raise_error:
LOGGER.error("Invalid Signature %r for %r", signature, parameters)
raise InvalidSignatureError("Invalid Signature.", signature, parameters)
return matches
class ParameterizedResponse(SignatureValidator):
def __init__(self, parameters, access_key_id=None, secret_key=None, url_end_point=None):
super(ParameterizedResponse, self).__init__(access_key_id=access_key_id,
secret_key=secret_key)
parameters = parameters
def test_signature(self):
self.assertEquals(util.get_signature("secret_key", dict(foo="bar", one=1)),
'XtaSKfYnpyaQqfjL6mqX2Gow+Y0=')
def test_signature_version_2(self):
endpoint = "https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start"
self.assertEquals(util.get_signature("secret_key", {"foo":"bar", "signatureVersion":"2"}, endpoint),
"")
