From 7ba2408c8d93a8dfda42b0c5ccd000e0f4cbc16d Mon Sep 17 00:00:00 2001 From: Thomas Sileo Date: Wed, 20 Jul 2022 20:29:49 +0200 Subject: [PATCH] Add support for hs2019 HTTP sig --- app/httpsig.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/app/httpsig.py b/app/httpsig.py index 1d00f0b..a2098a8 100644 --- a/app/httpsig.py +++ b/app/httpsig.py @@ -32,7 +32,12 @@ _KEY_CACHE: MutableMapping[str, Key] = LFUCache(256) def _build_signed_string( - signed_headers: str, method: str, path: str, headers: Any, body_digest: str | None + signed_headers: str, + method: str, + path: str, + headers: Any, + body_digest: str | None, + sig_data: dict[str, Any], ) -> str: out = [] for signed_header in signed_headers.split(" "): @@ -40,6 +45,12 @@ def _build_signed_string( out.append("(request-target): " + method.lower() + " " + path) elif signed_header == "digest" and body_digest: out.append("digest: " + body_digest) + elif signed_header in ["(created)", "(expires)"]: + out.append( + signed_header + + ": " + + sig_data[signed_header[1 : len(signed_header) - 1]] + ) else: out.append(signed_header + ": " + headers[signed_header]) return "\n".join(out) @@ -143,6 +154,7 @@ async def httpsig_checker( request.url.path, request.headers, _body_digest(body) if body else None, + hsig, ) try: @@ -208,7 +220,7 @@ class HTTPXSigAuth(httpx.Auth): sigheaders = "(request-target) user-agent host date accept" to_be_signed = _build_signed_string( - sigheaders, r.method, r.url.path, r.headers, bodydigest + sigheaders, r.method, r.url.path, r.headers, bodydigest, {} ) if not self.key.privkey: raise ValueError("Should never happen")