Merge pull request #2 from kevingill1966/master

kislyuk · web-flow · commit 8d1c0d07f3b4 · 2018-10-22T10:55:27.000-07:00
Changes to support Irish Revenue Modernisation Project
diff --git a/requests_http_signature/__init__.py b/requests_http_signature/__init__.py
@@ -13,7 +13,7 @@ def __init__(self, algorithm):
             from cryptography.hazmat.backends import default_backend
             from cryptography.hazmat.primitives.asymmetric import rsa, ec
             from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
-            from cryptography.hazmat.primitives.hashes import SHA1, SHA256
+            from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512
         self.__dict__.update(locals())
 
     def sign(self, string_to_sign, key, passphrase=None):
@@ -23,6 +23,9 @@ def sign(self, string_to_sign, key, passphrase=None):
         if self.algorithm in {"rsa-sha1", "rsa-sha256"}:
             hasher = self.SHA1() if self.algorithm.endswith("sha1") else self.SHA256()
             signer = key.signer(padding=self.PKCS1v15(), algorithm=hasher)
+        elif self.algorithm in {"rsa-sha512"}:
+            hasher = self.SHA512()
+            signer = key.signer(padding=self.PKCS1v15(), algorithm=hasher)
         elif self.algorithm == "ecdsa-sha256":
             signer = key.signer(signature_algorithm=self.ec.ECDSA(algorithm=self.SHA256()))
         signer.update(string_to_sign)
@@ -44,6 +47,7 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
     known_algorithms = {
         "rsa-sha1",
         "rsa-sha256",
+        "rsa-sha512",
         "hmac-sha256",
         "ecdsa-sha256",
     }
@@ -117,3 +121,25 @@ def verify(self, request, key_resolver):
         sts = self.get_string_to_sign(request, headers)
         key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
         Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
+
+class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
+    """
+        https://tools.ietf.org/html/draft-cavage-http-signatures-08#section-4
+
+        Using "Signature" header instead of "Authorization" header.
+    """
+
+    def __call__(self, request):
+        self.add_date(request)
+        self.add_digest(request)
+        raw_sig = Crypto(self.algorithm).sign(string_to_sign=self.get_string_to_sign(request, self.headers),
+                                              key=self.key,
+                                              passphrase=self.passphrase)
+        sig = base64.b64encode(raw_sig).decode()
+        sig_struct = [("keyId", self.key_id),
+                      ("algorithm", self.algorithm),
+                      ("headers", " ".join(self.headers)),
+                      ("signature", sig)]
+        request.headers["Signature"] = ",".join('{}="{}"'.format(k, v) for k, v in sig_struct)
+        return request
+
