o Df+7@sdZddlZddlZddlZddlmZddlmZmZddl m Z m Z dZ dZ d Zd Zd Zd Zd'd dZd'ddZddZddZddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&ZdS)(z authlib.oauth1.rfc5849.signature ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module represents a direct implementation of `section 3.4`_ of the spec. .. _`section 3.4`: https://tools.ietf.org/html/rfc5849#section-3.4 N)urlparse) to_unicodeto_bytes)escapeunescapez HMAC-SHA1zRSA-SHA1 PLAINTEXTHEADERQUERYBODYc Csnt||}g}|D]\}}|dvrq |drt|}|||fq t|}dt|t|t|gS)aXGenerate signature base string from request, per `Section 3.4.1`_. For example, the HTTP request:: POST /request?b5=%3D%253D&a3=a&c%40=&a2=r%20b HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm="Example", oauth_consumer_key="9djdj82h48djs9d2", oauth_token="kkk9d7dh3k39sjv7", oauth_signature_method="HMAC-SHA1", oauth_timestamp="137131201", oauth_nonce="7d8f3e4a", oauth_signature="bYT5CMsGcbgUdFHObYMEfcx6bsw%3D" c2&a3=2+q is represented by the following signature base string (line breaks are for display purposes only):: POST&http%3A%2F%2Fexample.com%2Frequest&a2%3Dr%2520b%26a3%3D2%2520q %26a3%3Da%26b5%3D%253D%25253D%26c%2540%3D%26c2%3D%26oauth_consumer_ key%3D9djdj82h48djs9d2%26oauth_nonce%3D7d8f3e4a%26oauth_signature_m ethod%3DHMAC-SHA1%26oauth_timestamp%3D137131201%26oauth_token%3Dkkk 9d7dh3k39sjv7 .. _`Section 3.4.1`: https://tools.ietf.org/html/rfc5849#section-3.4.1 )oauth_signaturerealmoauth_&)normalize_base_string_uri startswithrappendnormalize_parametersjoinrupper) methoduriparamshostbase_string_uriunescaped_paramskvnormalized_paramsrY/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth1/rfc5849/signature.pyconstruct_base_strings    r!c Cst|}t|\}}}}}}|r|std|sd}|}|}|dur+|}d}d|vrA|dd\}} || f|vrA|}t||||ddfS)a7Normalize Base String URI per `Section 3.4.1.2`_. For example, the HTTP request:: GET /r%20v/X?id=123 HTTP/1.1 Host: EXAMPLE.COM:80 is represented by the base string URI: "http://example.com/r%20v/X". In another example, the HTTPS request:: GET /?q=1 HTTP/1.1 Host: www.example.net:8080 is represented by the base string URI: "https://www.example.net:8080/". .. _`Section 3.4.1.2`: https://tools.ietf.org/html/rfc5849#section-3.4.1.2 The host argument overrides the netloc part of the uri argument. z$uri must include a scheme and netloc/N))http80)https443:r)rr ValueErrorlowersplit urlunparse) rrschemenetlocpathrqueryfragment default_portsportrrr rQs   rcCs.dd|D}|dd|D}d|S)a Normalize parameters per `Section 3.4.1.3.2`_. For example, the list of parameters from the previous section would be normalized as follows: Encoded:: +------------------------+------------------+ | Name | Value | +------------------------+------------------+ | b5 | %3D%253D | | a3 | a | | c%40 | | | a2 | r%20b | | oauth_consumer_key | 9djdj82h48djs9d2 | | oauth_token | kkk9d7dh3k39sjv7 | | oauth_signature_method | HMAC-SHA1 | | oauth_timestamp | 137131201 | | oauth_nonce | 7d8f3e4a | | c2 | | | a3 | 2%20q | +------------------------+------------------+ Sorted:: +------------------------+------------------+ | Name | Value | +------------------------+------------------+ | a2 | r%20b | | a3 | 2%20q | | a3 | a | | b5 | %3D%253D | | c%40 | | | c2 | | | oauth_consumer_key | 9djdj82h48djs9d2 | | oauth_nonce | 7d8f3e4a | | oauth_signature_method | HMAC-SHA1 | | oauth_timestamp | 137131201 | | oauth_token | kkk9d7dh3k39sjv7 | +------------------------+------------------+ Concatenated Pairs:: +-------------------------------------+ | Name=Value | +-------------------------------------+ | a2=r%20b | | a3=2%20q | | a3=a | | b5=%3D%253D | | c%40= | | c2= | | oauth_consumer_key=9djdj82h48djs9d2 | | oauth_nonce=7d8f3e4a | | oauth_signature_method=HMAC-SHA1 | | oauth_timestamp=137131201 | | oauth_token=kkk9d7dh3k39sjv7 | +-------------------------------------+ and concatenated together into a single string (line breaks are for display purposes only):: a2=r%20b&a3=2%20q&a3=a&b5=%3D%253D&c%40=&c2=&oauth_consumer_key=9dj dj82h48djs9d2&oauth_nonce=7d8f3e4a&oauth_signature_method=HMAC-SHA1 &oauth_timestamp=137131201&oauth_token=kkk9d7dh3k39sjv7 .. _`Section 3.4.1.3.2`: https://tools.ietf.org/html/rfc5849#section-3.4.1.3.2 cSs g|] \}}t|t|fqSrr.0rrrrr s z(normalize_parameters..cSsg|] \}}|d|qS)=rr5rrr r7sr)sortr)r key_valuesparameter_partsrrr rsJ rcCs"|jdd}t|j|j|j|S)z,Generate signature base string from request.HostN)headersgetr!rrr)requestrrrr generate_signature_base_stringsr@cCs^|}t|pd}|d7}|t|pd7}tt|t|tj}t|dd}t |S)aZGenerate signature via HMAC-SHA1 method, per `Section 3.4.2`_. The "HMAC-SHA1" signature method uses the HMAC-SHA1 signature algorithm as defined in `RFC2104`_:: digest = HMAC-SHA1 (key, text) .. _`RFC2104`: https://tools.ietf.org/html/rfc2104 .. _`Section 3.4.2`: https://tools.ietf.org/html/rfc5849#section-3.4.2 r(rN) rhmacnewrhashlibsha1binascii b2a_base64digestr) base_string client_secret token_secrettextkey signaturesigrrr hmac_sha1_signatures rPcCs<ddlm}t|}|t||}t|dd}t|S)arGenerate signature via RSA-SHA1 method, per `Section 3.4.3`_. The "RSA-SHA1" signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in `RFC3447, Section 8.2`_ (also known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. To use this method, the client MUST have established client credentials with the server that included its RSA public key (in a manner that is beyond the scope of this specification). .. _`Section 3.4.3`: https://tools.ietf.org/html/rfc5849#section-3.4.3 .. _`RFC3447, Section 8.2`: https://tools.ietf.org/html/rfc3447#section-8.2 r) sign_sha1NrA)rsarQrrFrGr)rIrsa_private_keyrQsrOrrr rsa_sha1_signature)s rUcCs(t|pd}|d7}|t|pd7}|S)aGenerate signature via PLAINTEXT method, per `Section 3.4.4`_. The "PLAINTEXT" method does not employ a signature algorithm. It MUST be used with a transport-layer mechanism such as TLS or SSL (or sent over a secure channel with equivalent protections). It does not utilize the signature base string or the "oauth_timestamp" and "oauth_nonce" parameters. .. _`Section 3.4.4`: https://tools.ietf.org/html/rfc5849#section-3.4.4 r(rr4)rJrKrNrrr plaintext_signature=s rVcCst|}t||j|jS)zSign a HMAC-SHA1 signature.)r@rPrJrKclientr?rIrrr sign_hmac_sha1]s rYcCst|}t||jS)z4Sign a RSASSA-PKCS #1 v1.5 base64 encoded signature.)r@rUrsa_keyrWrrr sign_rsa_sha1ds r[cCst|j|jS)zSign a PLAINTEXT signature.)rVrJrK)rXr?rrr sign_plaintextjsr\cCs&t|}t||j|j}t||jS)zVerify a HMAC-SHA1 signature.)r@rPrJrKrBcompare_digestrN)r?rIrOrrr verify_hmac_sha1os  r^cCs6ddlm}t|}tt|j}||t||jS)z6Verify a RSASSA-PKCS #1 v1.5 base64 encoded signature.r) verify_sha1)rRr_r@rF a2b_base64rrNrsa_public_key)r?r_rIrOrrr verify_rsa_sha1ws rbcCst|j|j}t||jS)zVerify a PLAINTEXT signature.)rVrJrKrBr]rN)r?rOrrr verify_plaintextsrc)N)__doc__rFrDrBauthlib.common.urlsrauthlib.common.encodingrrutilrrSIGNATURE_HMAC_SHA1SIGNATURE_RSA_SHA1SIGNATURE_PLAINTEXTSIGNATURE_TYPE_HEADERSIGNATURE_TYPE_QUERYSIGNATURE_TYPE_BODYr!rrr@rPrUrVrYr[r\r^rbrcrrrr s4   8G\.