1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
import base64, typing
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding, rsa
from cryptography.hazmat.backends import default_backend
SIGNATURE_FORMAT = (
"keyId=\"%s\",headers=\"%s\",signature=\"%s\",algorithm=\"rsa-sha256\"")
def private_key(key_filename: str) -> rsa.RSAPrivateKey:
with open(key_filename) as key_file:
return serialization.load_pem_private_key(
key_file.read(), password=None, backend=default_backend())
def signature(key: rsa.RSAPrivateKey, key_id: str,
headers: typing.List[typing.Tuple[str, str]]) -> str:
private_key = _private_key(key_filename)
sign_header_keys = " ".join(h[0] for h in headers)
sign_string_parts = ["%s: %s" % (k, v) for k, v in headers]
sign_string = "\n".join(sign_string_parts)
signature = private_key.sign(
sign_string.encode("utf8"),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256()
)
signature = base64.b64encode(signature).decode("ascii")
return SIGNATURE_FORMAT % (key_id, sign_header_keys, signature)
|
