@@ -19,11 +19,12 @@ class Signer(object):
1919
2020 Password-protected keyfiles are not supported.
2121 """
22- def __init__ (self , secret , algorithm = None ):
22+ def __init__ (self , secret , algorithm = None , digital_signature_algorithm = None ):
2323 if algorithm is None :
2424 algorithm = DEFAULT_SIGN_ALGORITHM
2525
2626 assert algorithm in ALGORITHMS , "Unknown algorithm"
27+ assert digital_signature_algorithm in DIGITAL_SIGNATURE_ALGORITHMS , "Unsupported digital signature algrotihm"
2728
2829 if algorithm != DEFAULT_SIGN_ALGORITHM :
2930 print ("Algorithm: {} is deprecated please update to {}" .format (algorithm , DEFAULT_SIGN_ALGORITHM ))
@@ -33,7 +34,13 @@ def __init__(self, secret, algorithm=None):
3334
3435 self ._rsa = None
3536 self ._hash = None
36- self .sign_algorithm , self .hash_algorithm = algorithm .split ('-' )
37+
38+ if "-" in algorithm :
39+ self .sign_algorithm , self .hash_algorithm = algorithm .split ('-' )
40+ elif algorithm == "hs2019" :
41+ assert digital_signature_algorithm is not None , "Required digital signature algorithm not specified"
42+ self .sign_algorithm = digital_signature_algorithm
43+ self .hash_algorithm = "sha512"
3744
3845 if self .sign_algorithm == 'rsa' :
3946 try :
@@ -47,6 +54,15 @@ def __init__(self, secret, algorithm=None):
4754 self ._hash = HMAC .new (secret ,
4855 digestmod = HASHES [self .hash_algorithm ])
4956
57+ elif self .sign_algorithm == "PSS" :
58+ try :
59+ rsa_key = RSA .importKey (secret )
60+ self ._rsa = PKCS1_PSS .new (rsa_key )
61+ self ._hash = HASHES [self .hash_algorithm ]
62+ except ValueError :
63+ raise HttpSigException ("Invalid key." )
64+
65+
5066 @property
5167 def algorithm (self ):
5268 return '%s-%s' % (self .sign_algorithm , self .hash_algorithm )
0 commit comments