def __call__(self, request):
now = int(time.time())
sign_time = "{begin};{end}".format(begin=now, end=now+self.__expire)
SignKey = hmac_sha1(self.__secretKey, sign_time)
HttpString = "{method}\n{uri}\n{params}\n{headers}\n".format(
method = request.method.lower(),
uri = urlparse(request.path_url).path,
params = '&'.join('='.join((k.lower(),v.lower())) for k,v in sorted(self.__params.items())),
headers = '&'.join('='.join((k.lower(),quote(v, safe=''))) for k,v in sorted(request.headers.items()))
)
StringToSign = 'sha1\n{time}\n{sha1}\n'.format(time=sign_time, sha1=hashlib.sha1(to_bytes(HttpString)).hexdigest())
Signature = hmac_sha1(SignKey, StringToSign)
request.headers['Authorization'] = '&'.join('='.join((k,v)) for k,v in OrderedDict({
"q-sign-algorithm": "sha1",
"q-ak": self.__secretId,
"q-sign-time": sign_time,
"q-key-time": sign_time,
"q-header-list": ';'.join(k.lower() for k in sorted(request.headers.keys())),
"q-url-param-list": ';'.join(k.lower() for k in sorted(self.__params.keys())),
"q-signature": Signature,
}).items())
return request
def check_signature(request, secret_key):
if isinstance(secret_key, unicode):
secret_key = secret_key.encode("UTF-8")
if not 'HTTP_X_SHELL_SIGNATURE' in request.META:
raise BadSignature("X-Shell-Signature header missing")
sent_signature_header = request.META['HTTP_X_SHELL_SIGNATURE']
m = re.match(r'^\s*(\S+)\s+(\S+)\s*$', sent_signature_header)
if not m:
raise BadSignature("Can't parse X-Shell-Signature header")
signature_method = _dequote(m.group(1))
sent_signature = _dequote(m.group(2))
if signature_method != "HMAC-SHA1":
raise BadSignature("Bad signature method '%s'" % signature_method)
signature_data = request.method + "&"
if request.is_secure():
signature_data += "https://"
else:
signature_data += "http://"
signature_data += request.get_host()
signature_data += request.path
params = []
for key, values in request.GET.iterlists():
for value in values:
params.append(urllib.quote(key, "~") + "=" + urllib.quote(value, "~"))
if len(params) > 0:
signature_data += "&" + "&".join(sorted(params))
signature_data += "&&"
h = util.hmac_sha1(secret_key.encode("UTF-8"))
h.update(signature_data)
h.update(request.raw_post_data)
expected_signature = urllib.quote(base64.b64encode(h.digest()), "~")
if sent_signature != expected_signature:
raise BadSignature("Bad signature")
def make_auth(self, action):
return 'sha1_' + util.hmac_sha1(settings.SECRET_KEY, action + "&" + str(self.id)).hexdigest()
def make_auth(self, action):
return 'sha1_' + util.hmac_sha1(
settings.SECRET_KEY, action + "&" + str(self.id)).hexdigest()
