def get_query_string(self, parameters): """Return a query string for the given keyword arguments. This will include the correct calleryKey, version, and generated query signature needed by amazon. """ parameters.setdefault('callerKey', self.access_key_id) parameters.setdefault('version', AMAZON_FPS_VERSION) parameters.setdefault('SignatureVersion', '2') if parameters['SignatureVersion'] == '2': parameters.setdefault('SignatureMethod', 'HmacSHA256') parameters['Signature'] = util.get_signature(self.secret_key, parameters, self.endpoint) else: parameters['awsSignature'] = util.get_signature(self.secret_key, parameters, self.endpoint) return util.query_string(parameters)
def get_query_string(self, parameters): """Return a query string for the given keyword arguments. This will include the correct calleryKey, version, and generated query signature needed by amazon. """ parameters.setdefault('AWSAccessKeyId', self.access_key_id) parameters.setdefault('Version', AMAZON_FPS_API_VERSION) parameters['SignatureVersion'] = '1' parameters['Signature'] = util.get_signature(self.secret_key, parameters) return util.query_string(parameters)
def test_validate_signature(self): client = base.AmazonFPSClient( access_key_id="1DSE1XP1AXT7YPP0P702", secret_key="G8FWjm4ZfxEMGdn+BupwnQQ+W78BJE1dWptxkZeE") sig = util.get_signature(client.secret_key, {"foo":"bar"}) self.assertTrue(client.validate_signature({"foo":"bar","signature":sig})) self.assertFalse(client.validate_signature({"foo":"baz","signature":sig})) self.assertTrue(client.validate_signature({"foo":"bar"}, signature=sig)) self.assertFalse(client.validate_signature({"foo":"baz"}, signature=sig))
def test_validate_signature(self): client = base.AmazonFPSClient( access_key_id="1DSE1XP1AXT7YPP0P702", secret_key="G8FWjm4ZfxEMGdn+BupwnQQ+W78BJE1dWptxkZeE") client.endpoint = "https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start" sig = util.get_signature(client.secret_key, {"foo":"bar"}) self.assertTrue(client.validate_signature({"foo":"bar","signature":sig})) self.assertFalse(client.validate_signature({"foo":"baz","signature":sig})) self.assertTrue(client.validate_signature({"foo":"bar"}, signature=sig)) self.assertFalse(client.validate_signature({"foo":"baz"}, signature=sig)) #test version 2 signature sig = util.get_signature(client.secret_key, {"foo":"bar", "signatureVersion":"2"}, self.endpoint) self.assertTrue(client.validate_signature({"foo":"bar","signature":sig, "signatureVersion":"2"}, self.endpoint)) self.assertFalse(client.validate_signature({"foo":"baz","signature":sig, "signatureVersion":"2"}, self.endpoint)) self.assertTrue(client.validate_signature({"foo":"bar", "signatureVersion":"2"}, signature=sig, self.endpoint)) self.assertFalse(client.validate_signature({"foo":"baz", "signatureVersion":"2"}, signature=sig, self.endpoint))
def validate_signature(self, parameters, signature=None, raise_error=False): if not (signature is not None or 'signature' in parameters): raise AssertionError("expected signature in parameters: %r" %parameters) parameters = copy.copy(parameters) signature = signature or parameters.pop('signature') sig_should_be = util.get_signature(self.secret_key, parameters) matches = signature == sig_should_be if not matches: LOGGER.debug("Signatures did not match. Expected %r but got %r", sig_should_be, signature) if raise_error: LOGGER.error("Invalid Signature %r for %r", signature, parameters) raise InvalidSignatureError("Invalid Signature.", signature, parameters) return matches
def validate_signature(self, parameters, signature=None, raise_error=False, url_end_point=None): if conf.DEFAULT_SIGNATURE_VERSION == "2": assert url_end_point, "The url_end_point is a required parameter for version 2 Signatures." # @TODO - the api call won't work since api.py imports base.py (circular import). Need to resolve circular import or implement PKI method (ugh!). #client = api.ApiClient() #response = client.verify_signature(url_end_point, parameters) http_parameters = urllib.urlencode(parameters) assert type(http_parameters) in [str, unicode], "http_parameters must be a string" self.endpoint = SANDBOX_ENDPOINT if conf.RUN_IN_SANDBOX else ENDPOINT timestamp = time.strftime(TIME_FORMAT, time.gmtime()) qs = util.query_string({ 'Action':'VerifySignature', 'Timestamp':timestamp, 'AWSAccessKeyId': self.access_key_id, 'Version': AMAZON_FPS_API_VERSION, 'UrlEndPoint': url_end_point, 'HttpParameters': http_parameters,}) url = self.endpoint+'/'+qs try: data = urlopen(url).read() response = xml.VerifySignatureResponse(data) except HTTPError as e: data = e.read() response = xml.Response(data) try: matches = response.verificationStatus == 'Success' except AttributeError: matches = False if not matches: LOGGER.error("Signature Verification failed.") if raise_error: raise InvalidSignatureError("Invalid Signature.", "", parameters) return matches else: if not (signature is not None or 'signature' in parameters): raise AssertionError("expected signature in parameters: %r" %parameters) parameters = copy.copy(parameters) signature = signature or parameters.pop('signature') sig_should_be = util.get_signature(self.secret_key, parameters, self.endpoint) matches = signature == sig_should_be if not matches: LOGGER.debug("Signatures did not match. Expected %r but got %r", sig_should_be, signature) if raise_error: LOGGER.error("Invalid Signature %r for %r", signature, parameters) raise InvalidSignatureError("Invalid Signature.", signature, parameters) return matches
try: matches = response.verificationStatus == 'Success' except AttributeError: matches = False if not matches: LOGGER.error("Signature Verification failed.") if raise_error: raise InvalidSignatureError("Invalid Signature.", "", parameters) return matches else: if not (signature is not None or 'signature' in parameters): raise AssertionError("expected signature in parameters: %r" %parameters) parameters = copy.copy(parameters) signature = signature or parameters.pop('signature') sig_should_be = util.get_signature(self.secret_key, parameters, self.endpoint) matches = signature == sig_should_be if not matches: LOGGER.debug("Signatures did not match. Expected %r but got %r", sig_should_be, signature) if raise_error: LOGGER.error("Invalid Signature %r for %r", signature, parameters) raise InvalidSignatureError("Invalid Signature.", signature, parameters) return matches class ParameterizedResponse(SignatureValidator): def __init__(self, parameters, access_key_id=None, secret_key=None, url_end_point=None): super(ParameterizedResponse, self).__init__(access_key_id=access_key_id, secret_key=secret_key) parameters = parameters
def test_signature(self): self.assertEquals(util.get_signature("secret_key", dict(foo="bar", one=1)), 'XtaSKfYnpyaQqfjL6mqX2Gow+Y0=')
def test_signature_version_2(self): endpoint = "https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start" self.assertEquals(util.get_signature("secret_key", {"foo":"bar", "signatureVersion":"2"}, endpoint), "")