Skip to content
This repository has been archived by the owner on Oct 25, 2024. It is now read-only.

Commit

Permalink
Change to typical inheritence for HeaderVerifier
Browse files Browse the repository at this point in the history 
Need to update such that the keyId is retreived from the headers
  • Loading branch information
David Sutton committed Jun 12, 2014
1 parent cfb2b75 commit 2f7d4b1
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 18 deletions.
23 changes: 14 additions & 9 deletions http_signature/verify.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,17 @@ class Verifier(object):
"""
Verifies signed text against a public key.
"""
def __init__(self, public_key='~/.ssh/id_rsa.pub', hash_algorithm="sha256"):
with open(public_key, 'r') as k:
key = k.read()
self.rsa_key = RSA.importKey(key)
def __init__(self, key_id='~/.ssh/id_rsa.pub', hash_algorithm="sha256"):
self.rsa_key = self._get_key(key_id)
self.signer = PKCS1_v1_5.new(self.rsa_key)
self.hash_algorithm = HASHES[hash_algorithm]

def _get_key(self, key_id):
with open(key_id, 'r') as k:
key = k.read()
return RSA.importKey(key)


def verify(self, data, signature):
"""
Checks data against the public key
Expand All @@ -39,14 +43,15 @@ def verify(self, data, signature):
return False


class HeaderVerifier(object):
class HeaderVerifier(Verifier):
"""
Verifies an HTTP signature from given headers.
"""
def __init__(self, headers, required_headers=None, method=None, path=None,
host=None, http_version='1.1', public_key='~/.ssh/id_rsa.pub'):
host=None, http_version='1.1', key_id='~/.ssh/id_rsa.pub'):
super(HeaderVerifier, self).__init__(key_id=key_id, hash_algorithm="sha256")

required_headers = required_headers or ['date']
self.verifier = Verifier(public_key=public_key) # need to look up key in a better way
self.auth_dict = self.parse_auth(headers['authorization'])
self.headers = CaseInsensitiveDict(headers)
self.required_headers = [s.lower() for s in required_headers]
Expand Down Expand Up @@ -107,8 +112,8 @@ def get_signable(self):
signable = '\n'.join(signable_list)
return signable

def verify(self):
def verify_headers(self):
signing_str = self.get_signable()
# self.auth_dict['keyId']
# self.auth_dict['signature']
return self.verifier.verify(signing_str, self.auth_dict['signature'])
return self.verify(signing_str, self.auth_dict['signature'])
19 changes: 10 additions & 9 deletions tests/test_verify.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ def setUp(self):

def test_basic_sign(self):
signer = Signer(secret=self.private_key)
verifier = Verifier(public_key=self.public_key)
verifier = Verifier(key_id=self.public_key)

# generate signed string
signature = signer.sign("this is a test")
Expand All @@ -42,13 +42,14 @@ def test_basic_sign(self):
def test_default(self):
# signer = HeaderSigner(secret=self.private_key)
# verifier = HeaderVerifier(public_key=self.public_key)
hs = HeaderSigner(key_id='fingerprint', secret=self.private_key)
hs = HeaderSigner(key_id=self.public_key, secret=self.private_key)

unsigned = {
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'
}
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed, public_key=self.public_key)
hv = HeaderVerifier(headers=signed, key_id=self.public_key)
self.assertTrue(hv.verify_headers())

def test_signed_headers(self):
HOST = "example.com"
Expand All @@ -72,8 +73,8 @@ def test_signed_headers(self):
signed = hs.sign(unsigned, method=METHOD,
path=PATH)

hv = HeaderVerifier(headers=signed, public_key=self.public_key, host=HOST, method=METHOD, path=PATH)
self.assertTrue(hv.verify())
hv = HeaderVerifier(headers=signed, key_id=self.public_key, host=HOST, method=METHOD, path=PATH)
self.assertTrue(hv.verify_headers())

def test_incorrect_headers(self):
HOST = "example.com"
Expand All @@ -97,9 +98,9 @@ def test_incorrect_headers(self):
signed = hs.sign(unsigned, method=METHOD,
path=PATH)

hv = HeaderVerifier(headers=signed, required_headers=["some-other-header"], public_key=self.public_key, host=HOST, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed, required_headers=["some-other-header"], key_id=self.public_key, host=HOST, method=METHOD, path=PATH)
with self.assertRaises(Exception) as ex:
hv.verify()
hv.verify_headers()
self.assertEqual(ex.exception.message,
"some-other-header is a required header(s)")

Expand All @@ -125,8 +126,8 @@ def test_extra_auth_headers(self):
signed = hs.sign(unsigned, method=METHOD,
path=PATH)
hv = HeaderVerifier(headers=signed, method=METHOD, path=PATH,
required_headers=['date', 'request-line'], public_key=self.public_key)
self.assertTrue(hv.verify())
required_headers=['date', 'request-line'], key_id=self.public_key)
self.assertTrue(hv.verify_headers())

if __name__ == "__main__":
unittest.main()
Expand Down

0 comments on commit 2f7d4b1

Please sign in to comment.