def get_oauth_parameters(self, uri, method, payload, consumer_key,
signing_key):
# Get all the base parameters such as nonce and timestamp
oauth_parameters = OAuthParameters()
oauth_parameters.set_oauth_consumer_key(consumer_key)
oauth_parameters.set_oauth_nonce(OAuth.get_nonce())
oauth_parameters.set_oauth_timestamp(OAuth.get_timestamp())
oauth_parameters.set_oauth_signature_method("RSA-SHA256")
oauth_parameters.set_oauth_version("1.0")
if method != "GET" and method != "DELETE" and method != "HEAD":
encoded_hash = util.base64_encode(util.sha256_encode(payload))
oauth_parameters.set_oauth_body_hash(encoded_hash)
# Get the base string
base_string = OAuth.get_base_string(
uri, method, oauth_parameters,
oauth_parameters.get_base_parameters_dict())
# Sign the base string using the private key
signature = OAuth.sign_message(self, base_string, signing_key)
# Set the signature in the Base parameters
oauth_parameters.set_oauth_signature(signature)
return oauth_parameters
def test_body_hash3(self):
oauth_parameters = OAuthParameters()
encoded_hash = Util.base64_encode(
Util.sha256_encode("{\"foõ\":\"bar\"}"))
oauth_parameters.set_oauth_body_hash(encoded_hash)
self.assertEqual("+Z+PWW2TJDnPvRcTgol+nKO3LT7xm8smnsg+//XMIyI=",
encoded_hash)
def test_body_hash2(self):
oauth_parameters = OAuthParameters()
encoded_hash = Util.base64_encode(Util.sha256_encode(None))
# print(encoded_hash)
oauth_parameters.set_oauth_body_hash(encoded_hash)
self.assertEqual("3JN7WYkmBPWoaslpNs1/8J4l8Yrmt1joAUokx/oDnpE=",
encoded_hash)
def test_body_hash1(self):
oauth_parameters = OAuthParameters()
encoded_hash = Util.base64_encode(
Util.sha256_encode(OAuth.EMPTY_STRING))
oauth_parameters.set_oauth_body_hash(encoded_hash)
self.assertEqual("47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=",
encoded_hash)
def test_signature_base_string2(self):
body = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><ns2:TerminationInquiryRequest xmlns:ns2=\"http://mastercard.com/termination\"><AcquirerId>1996</AcquirerId><TransactionReferenceNumber>1</TransactionReferenceNumber><Merchant><Name>TEST</Name><DoingBusinessAsName>TEST</DoingBusinessAsName><PhoneNumber>5555555555</PhoneNumber><NationalTaxId>1234567890</NationalTaxId><Address><Line1>5555 Test Lane</Line1><City>TEST</City><CountrySubdivision>XX</CountrySubdivision><PostalCode>12345</PostalCode><Country>USA</Country></Address><Principal><FirstName>John</FirstName><LastName>Smith</LastName><NationalId>1234567890</NationalId><PhoneNumber>5555555555</PhoneNumber><Address><Line1>5555 Test Lane</Line1><City>TEST</City><CountrySubdivision>XX</CountrySubdivision><PostalCode>12345</PostalCode><Country>USA</Country></Address><DriversLicense><Number>1234567890</Number><CountrySubdivision>XX</CountrySubdivision></DriversLicense></Principal></Merchant></ns2:TerminationInquiryRequest>"
url = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0&PageLength=10"
method = "POST"
oauth_parameters = OAuthParameters()
oauth_parameters.set_oauth_consumer_key(
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
oauth_parameters.set_oauth_nonce("1111111111111111111")
oauth_parameters.set_oauth_timestamp("1111111111")
oauth_parameters.set_oauth_version("1.0")
oauth_parameters.set_oauth_body_hash("body/hash")
encoded_hash = Util.base64_encode(Util.sha256_encode(body))
oauth_parameters.set_oauth_body_hash(encoded_hash)
oauth_parameters_base = oauth_parameters.get_base_parameters_dict()
merge_parameters = oauth_parameters_base.copy()
norm_params = Util.normalize_params("", merge_parameters)
# print(oauth_parameters_base)
query_params = OAuth.get_query_params(url)
# print(query_params)
normalize_params = Util.normalize_params("", query_params)
base_string = OAuth.get_base_string(
url, method, oauth_parameters,
oauth_parameters.get_base_parameters_dict())
expected = "POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Ffraud%2Fmerchant%2Fv1%2Ftermination-inquiry&Format%3DXML%26PageLength%3D10%26PageOffset%3D0%26oauth_body_hash%3Dh2Pd7zlzEZjZVIKB4j94UZn%2FxxoR3RoCjYQ9%2FJdadGQ%253D%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26oauth_nonce%3D1111111111111111111%26oauth_timestamp%3D1111111111%26oauth_version%3D1.0"
self.maxDiff = None
self.assertEqual(expected, base_string)
def get_oauth_parameters(self, uri, method, payload, consumer_key,
signing_key):
# Get all the base parameters such as nonce and timestamp
oauth_parameters = OAuthParameters()
oauth_parameters.set_oauth_consumer_key(consumer_key)
oauth_parameters.set_oauth_nonce(OAuth.get_nonce(self))
oauth_parameters.set_oauth_timestamp(OAuth.get_timestamp(self))
oauth_parameters.set_oauth_signature_method("RSA-SHA256")
oauth_parameters.set_oauth_version("1.0")
payload_str = json.dumps(payload) if type(payload) is dict else payload
if not payload_str:
# If the request does not have an entity body, the hash should be taken over the empty string
payload_str = OAuth.EMPTY_STRING
encoded_hash = util.base64_encode(util.sha256_encode(payload_str))
oauth_parameters.set_oauth_body_hash(encoded_hash)
# Get the base string
base_string = OAuth.get_base_string(
self, uri, method, oauth_parameters.get_base_parameters_dict())
# Sign the base string using the private key
signature = OAuth.sign_message(self, base_string, signing_key)
# Set the signature in the Base parameters
oauth_parameters.set_oauth_signature(signature)
return oauth_parameters
def get_encoded_body_hash(self, payload):
payload_str = json.dumps(payload) if type(payload) is dict else payload
if not payload_str:
# If the request does not have an entity body, the hash should be taken over the empty string
payload_str = OAuth.EMPTY_STRING
encoded_hash = util.base64_encode(util.sha256_encode(payload_str))
return util.uri_rfc3986_encode(encoded_hash)
def test_signature(self):
oauth_object = OAuth1RSA(OAuthExtTest.consumer_key,
OAuthExtTest.signing_key)
oauth_signature_object = oauth_object.signature(OAuthExtTest.data)
signature = util.base64_encode(
crypto.sign(OAuthExtTest.signing_key, OAuthExtTest.data,
HASH_SHA256))
self.assertEqual(signature, oauth_signature_object)
def test_oauth_body_hash_with_body_bytes(self):
oauth_object = OAuth1RSA(OAuthExtTest.consumer_key,
OAuthExtTest.signing_key)
OAuthExtTest.mock_prepared_request.body = b'{"A" : OAuthExtTest.data}'
# Passing mock data to the actual func to get the value
oauth_body_hash_object = oauth_object.oauth_body_hash(
OAuthExtTest.mock_prepared_request, OAuthExtTest.payload)
# Using mock data to find the hash value
hashlib_val = hashlib.sha256(
OAuthExtTest.mock_prepared_request.body).digest()
payload_hash_value = util.uri_rfc3986_encode(
util.base64_encode(hashlib_val))
self.assertEqual(oauth_body_hash_object['oauth_body_hash'],
payload_hash_value)
def test_oauth_body_hash_with_body_multipart(self):
oauth_object = OAuth1RSA(OAuthExtTest.consumer_key,
OAuthExtTest.signing_key)
mock_request = PreparedRequest()
mock_request.prepare(headers={'Content-type': 'multipart/form-data'},
method="GET",
url="http://www.mastercard.com")
# Passing mock data to the actual func to get the value
oauth_body_hash_object = oauth_object.oauth_body_hash(
mock_request, OAuthExtTest.payload)
# Using mock data to find the hash value
hashlib_val = hashlib.sha256(
str(OAuthExtTest.mock_prepared_request.body).encode(
'utf8')).digest()
payload_hash_value = util.uri_rfc3986_encode(
util.base64_encode(hashlib_val))
self.assertEqual(oauth_body_hash_object['oauth_body_hash'],
payload_hash_value)
def sign_message(self, message, signing_key):
# Signs the message using the private key with sha1 as digest
sign = crypto.sign(signing_key, message.encode("utf-8"), 'SHA256')
return util.base64_encode(sign)
