An implementation of the IETF HTTP Message Signatures draft standard
Project description
http-message-signatures is an implementation of the IETF HTTP Message Signatures draft standard in Python.
Installation
pip3 install http-message-signatures
Synopsis
from http_message_signatures import HTTPMessageSigner, HTTPMessageVerifier, HTTPSignatureKeyResolver, algorithms
import requests, base64, hashlib, http_sfv
class MyHTTPSignatureKeyResolver(HTTPSignatureKeyResolver):
keys = {"my-key": b"top-secret-key"}
def resolve_public_key(self, key_id: str):
return self.keys[key_id]
def resolve_private_key(self, key_id: str):
return self.keys[key_id]
request = requests.Request('POST', 'https://example.com/foo?param=Value&Pet=dog', json={"hello": "world"})
request = request.prepare()
request.headers["Content-Digest"] = str(http_sfv.Dictionary({"sha-256": hashlib.sha256(request.body).digest()}))
signer = HTTPMessageSigner(signature_algorithm=algorithms.HMAC_SHA256, key_resolver=MyHTTPSignatureKeyResolver())
signer.sign(request, key_id="my-key", covered_component_ids=("@method", "@authority", "@target-uri", "content-digest"))
verifier = HTTPMessageVerifier(signature_algorithm=algorithms.HMAC_SHA256, key_resolver=MyHTTPSignatureKeyResolver())
verifier.verify(request)Note that verifying the body content-digest is outside the scope of this package’s functionality, so it remains the caller’s responsibility. The requests-http-signature library builds upon this package to provide integrated signing and validation of the request body.
Links
Bugs
Please report bugs, issues, feature requests, etc. on GitHub.
License
Licensed under the terms of the Apache License, Version 2.0.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file http-message-signatures-0.2.1.tar.gz.
File metadata
- Download URL: http-message-signatures-0.2.1.tar.gz
- Upload date:
- Size: 22.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.6.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.1 CPython/3.9.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b0f7175082df0bb212d58253ae790944bf356af89f0a6ec8f8d97bc414817e37 |
|
| MD5 | 83f78dedf641ff368fcc08f43646f24a |
|
| BLAKE2b-256 | f03edb4b6435eda710117bf68abeedc2b37a8fb19e5dce2e58fb8360b9ac07a6 |
File details
Details for the file http_message_signatures-0.2.1-py3-none-any.whl.
File metadata
- Download URL: http_message_signatures-0.2.1-py3-none-any.whl
- Upload date:
- Size: 13.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.6.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.1 CPython/3.9.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fb5eea4d1710459440aed160cc3ad158e20584e40bbeb2ae028e7c52e270062c |
|
| MD5 | fe931b99464f72f9864f005e5d7c285b |
|
| BLAKE2b-256 | c5ad92482032fb31cef2b8e32d959b83629de5ba898e0e2314baeba0fbbc09a0 |
