Lots of updates for 1.0b2

* Written against http://tools.ietf.org/html/draft-cavage-http-signatures-02
* Added "setup.py test" and tox support.
* Added sign/verify unit tests for all currently-supported algorithms.
* HeaderSigner and HeaderVerifier now share the same message-building logic.
* The HTTP method in the message is now properly lower-case.
* Resolved unit test failures.
* Updated Verifier and HeaderVerifier to handle verifying both RSA and HMAC sigs.
* Updated versioneer.
* Updated contact/author info.
* Removed stray keypair in test dir.
* Removed SSH agent support.
* Removed suport for reading keyfiles from disk as this is a huge security hole if this is used in a server framework like drf-httpsig.

Author: ahknight

.gitignore

@@ -1,22 +1,13 @@
-.DS_Store
+*.egg
+*.egg-info
 *.pyc
 *~
-*.sqlite
-*.sqlite-journal
-settings_local.py
-local_settings.py
-.*.sw[po]
+.noseids
+.tox
+build/
 dist/
-*.egg-info
 doc/__build/*
-build/
+*_rsa
+*_rsa.pub
 locale/
 pip-log.txt
-devdatabase.db
-.directory
-bundle_version.gen
-celeryd.log
-celeryd.pid
-joy_rsa
-joy_rsa.pub
-.noseids

CHANGES.rst

@@ -1,13 +1,32 @@
-Changes
--------
+httpsig Changes
+---------------
 
-0.2.0-AK (2014-Jun-23)
+1.0b2 (2014-Jul-01)
+~~~~~~~~~~~~~~~~~~~
+* Written against http://tools.ietf.org/html/draft-cavage-http-signatures-02
+* Added "setup.py test" and tox support.
+* Added sign/verify unit tests for all currently-supported algorithms.
+* HeaderSigner and HeaderVerifier now share the same message-building logic.
+* The HTTP method in the message is now properly lower-case.
+* Resolved unit test failures.
+* Updated Verifier and HeaderVerifier to handle verifying both RSA and HMAC sigs.
+* Updated versioneer.
+* Updated contact/author info.
+* Removed stray keypair in test dir.
+* Removed SSH agent support.
+* Removed suport for reading keyfiles from disk as this is a huge security hole if this is used in a server framework like drf-httpsig.
+
+1.0b1 (2014-Jun-23)
 ~~~~~~~~~~~~~~~~~~~~~~
 * Removed HTTP version from request-line, per spec (breaks backwards compatability).
 * Removed auto-generation of missing Date header (ensures client compatability).
 
+
+http-signature (previous)
+-------------------------
+
 0.2.0 (unreleased)
-~~~~~~~~
+~~~~~~~~~~~~~~~~~~
 
 * Update to newer spec (incompatible with prior version).
 * Handle `request-line` meta-header.

LICENSE

@@ -1,4 +1,5 @@
-Copyright (c) 2012 Adam T. Lindsay
+Copyright (c) 2014 Adam Knight
+Copyright (c) 2012 Adam T. Lindsay (original author)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

MANIFEST

@@ -10,7 +10,7 @@ httpsig/requests_auth.py
 httpsig/sign.py
 httpsig/utils.py
 httpsig/verify.py
-tests/__init__.py
-tests/test_signature.py
-tests/test_utils.py
-tests/test_verify.py
+httpsig/tests/__init__.py
+httpsig/tests/test_signature.py
+httpsig/tests/test_utils.py
+httpsig/tests/test_verify.py

README.rst

@@ -1,9 +1,10 @@
-Python http-signature
-=====================
+httpsig
+=======
 
-Sign HTTP requests with secure signatures. See the original project_, original spec_, and IETF draft_ for details.
+Sign HTTP requests with secure signatures. See the original project_, original Python module_, original spec_, and IETF draft_ for details.
 
 .. _project: https://github.com/joyent/node-http-signature
+.. _module: https://github.com/zzsnzmn/py-http-signature
 .. _spec: https://github.com/joyent/node-http-signature/blob/master/http_signing.md
 .. _draft: https://datatracker.ietf.org/doc/draft-cavage-http-signatures/
 
@@ -14,12 +15,9 @@ Requirements
 
 Optional:
 
-* ssh_ or paramiko_ >= 1.8.0 (for ssh-agent integration)
 * requests_
 
 .. _PyCrypto: https://pypi.python.org/pypi/pycrypto
-.. _ssh: https://pypi.python.org/pypi/ssh
-.. _paramiko: https://pypi.python.org/pypi/paramiko
 .. _requests: https://pypi.python.org/pypi/requests
 
 Usage
@@ -29,7 +27,9 @@ for simple raw signing::
 
     import httpsig
     
-    sig_maker = httpsig.Signer(secret='test.pem', algorithm='rsa-sha256')
+    secret = open('rsa_private.pem', 'r').read()
+    
+    sig_maker = httpsig.Signer(secret=secret, algorithm='rsa-sha256')
     sig_maker.sign('hello world!')
 
 for use with requests::
@@ -38,36 +38,37 @@ for use with requests::
     import requests
     from httpsig.requests_auth import HTTPSignatureAuth
     
-    auth = HTTPSignatureAuth(key_id='Test', secret='test.pem')
-    z = requests.get('https://api.joyentcloud.com/my/packages/Small+1GB', 
+    secret = open('rsa_private.pem', 'r').read()
+    
+    auth = HTTPSignatureAuth(key_id='Test', secret=secret)
+    z = requests.get('https://api.example.com/path/to/endpoint', 
                              auth=auth, headers={'X-Api-Version': '~6.5'})
 
 Class initialization parameters
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 ::
 
-    httpsig.Signer(secret='', algorithm='rsa-sha256', allow_agent=False)
+    httpsig.Signer(secret, algorithm='rsa-sha256')
 
-``secret``, in the case of an rsa signature, is a path to a private RSA pem file. In the case of an hmac, it is a secret password.  
+``secret``, in the case of an RSA signature, is a string containing private RSA pem. In the case of HMAC, it is a secret password.  
 ``algorithm`` is one of the six allowed signatures: ``rsa-sha1``, ``rsa-sha256``, ``rsa-sha512``, ``hmac-sha1``, ``hmac-sha256``, 
 ``hmac-sha512``.
-``allow_agent`` uses the ``ssh`` package to find an ``ssh-agent`` instance running, and uses that to sign all requests. Note that if so, this overrides manual selection of the signing algorithm to ``rsa-sha1``.
 
 ::
 
-    httpsig.requests_auth.HTTPSignatureAuth(key_id='', secret='', algorithm='rsa-sha256', headers=None, allow_agent=False)
+    httpsig.requests_auth.HTTPSignatureAuth(key_id, secret, algorithm='rsa-sha256', headers=None)
 
 ``key_id`` is the label by which the server system knows your RSA signature or password.  
 ``headers`` is the list of HTTP headers that are concatenated and used as signing objects. By default it is the specification's minimum, the ``Date`` HTTP header.  
-``secret``, ``algorithm``, and ``allow_agent`` are as above.
+``secret`` and ``algorithm`` are as above.
 
 Tests
 -----
 
 To run tests::
 
-    python -m unittest discover
+    python setup.py test
 
 License
 -------

httpsig/sign.py

@@ -1,23 +1,20 @@
-from datetime import datetime
-from getpass import getpass
-from os.path import expanduser
-from time import mktime
-from wsgiref.handlers import format_date_time
 import base64
 
-from Crypto.Hash import SHA256, SHA, SHA512, HMAC
+from Crypto.Hash import HMAC
 from Crypto.PublicKey import RSA
 from Crypto.Signature import PKCS1_v1_5
 
-from .utils import sig, is_rsa, CaseInsensitiveDict
+from .utils import generate_message, sig, is_rsa, CaseInsensitiveDict, ALGORITHMS, HASHES, HttpSigException
 
-ALGORITHMS = frozenset(['rsa-sha1', 'rsa-sha256', 'rsa-sha512', 'hmac-sha1', 'hmac-sha256', 'hmac-sha512'])
-HASHES = {'sha1':   SHA,
-          'sha256': SHA256,
-          'sha512': SHA512}
 
 class Signer(object):
-    def __init__(self, secret='~/.ssh/id_rsa', algorithm='rsa-sha256'):
+    """
+    When using an RSA algo, the secret is a PEM-encoded private key.
+    When using an HMAC algo, the secret is the HMAC signing secret.
+    
+    Password-protected keyfiles are not supported.
+    """
+    def __init__(self, secret, algorithm='rsa-sha256'):
         assert algorithm in ALGORITHMS, "Unknown algorithm"
         self._rsa = False
         self._hash = None
@@ -33,19 +30,14 @@ def algorithm(self):
         return '%s-%s' % (self.sign_algorithm, self.hash_algorithm)
 
     def _get_key(self, secret):
-        if (secret.startswith('-----BEGIN RSA PRIVATE KEY-----') or
-            secret.startswith('-----BEGIN PRIVATE KEY-----')):
-            # string with PEM encoded key data
-            k = secret
-        else:
-            # file with key data
-            with open(expanduser(secret)) as fh:
-                k = fh.read()
+        # if not (secret.startswith('-----BEGIN RSA PRIVATE KEY-----') or secret.startswith('-----BEGIN PRIVATE KEY-----')):
+        #     raise HttpSigException("Invalid PEM key")
+        
         try:
-            rsa_key = RSA.importKey(k)
+            rsa_key = RSA.importKey(secret)
         except ValueError:
-            pw = getpass('RSA SSH Key Password: ')
-            rsa_key = RSA.importKey(k, pw)
+            raise HttpSigException("Invalid key.")
+        
         return PKCS1_v1_5.new(rsa_key)
 
     def _sign_rsa(self, sign_string):
@@ -58,48 +50,14 @@ def _sign_hmac(self, sign_string):
         hmac.update(sign_string)
         return hmac.digest()
 
-
     def _sign(self, sign_string):
         data = None
         if self._rsa:
             data = self._sign_rsa(sign_string)
         elif self._hash:
             data = self._sign_hmac(sign_string)
         if not data:
-            raise SystemError('No valid encryption: try allow_agent=False ?')
-        return base64.b64encode(data)
-
-
-class AgentSigner(Signer):
-    def __init__(self, secret='~/.ssh/id_rsa', algorithm='rsa-sha256'):
-        super(AgentSigner, self).__init__()
-        self._agent_key = False
-
-    def _get_key(self):
-        try:
-            import paramiko as ssh
-        except ImportError:
-            import ssh
-        keys = ssh.Agent().get_keys()
-        self._keys = filter(is_rsa, keys)
-        if self._keys:
-            self._agent_key = self._keys[0]
-            self._keys = self._keys[1:]
-            self.sign_algorithm, self.hash_algorithm = ('rsa', 'sha1')
-
-    def swap_keys(self):
-        if self._keys:
-            self._agent_key = self._keys[0]
-            self._keys = self._keys[1:]
-        else:
-            self._agent_key = None
-
-    def sign_agent(self, sign_string):
-        data = self._agent_key.sign_ssh_data(None, sign_string)
-        return sig(data)
-
-    def sign(self, sign_string):
-        data = self.sign_agent(sign_string)
+            raise SystemError('No valid encryptor found.')
         return base64.b64encode(data)
 
 
@@ -111,10 +69,9 @@ class HeaderSigner(Signer):
     key_id is the mandatory label indicating to the server which secret to use
     secret is the filename of a pem file in the case of rsa, a password string in the case of an hmac algorithm
     algorithm is one of the six specified algorithms
-    headers is a list of http headers to be included in the signing string, defaulting to "Date" alone.
+    headers is a list of http headers to be included in the signing string, defaulting to ['date'].
     '''
-    def __init__(self, key_id='', secret='~/.ssh/id_rsa', algorithm='rsa-sha256', headers=None):
-        
+    def __init__(self, key_id, secret, algorithm='rsa-sha256', headers=None):
         #PyCrypto wants strings, not unicode. We're not so demanding as an API.
         key_id = str(key_id)
         secret = str(secret)
@@ -150,37 +107,15 @@ def sign(self, headers, host=None, method=None, path=None):
 
         headers is a case-insensitive dict of mutable headers.
         host is a override for the 'host' header (defaults to value in headers).
-        method is the HTTP method (used for '(request-line)').
-        path is the HTTP path (used for '(request-line)').
+        method is the HTTP method (required when using '(request-line)').
+        path is the HTTP path (required when using '(request-line)').
         """
         headers = CaseInsensitiveDict(headers)
-                
         required_headers = self.headers or ['date']
-        signable_list = []
-        for h in required_headers:
-            if h == '(request-line)':
-                if not method or not path:
-                    raise Exception('method and path arguments required when using "(request-line)"')
-                signable_list.append('%s: %s %s' % (h, method.lower(), path))
-
-            elif h == 'host':
-                # 'host' special case due to requests lib restrictions
-                # 'host' is not available when adding auth so must use a param
-                # if no param used, defaults back to the 'host' header
-                if not host:
-                    if 'host' in headers:
-                        host = headers[h]
-                    else:
-                        raise Exception('missing required header "%s"' % (h))
-                signable_list.append('%s: %s' % (h.lower(), host))
-            else:
-                if h not in headers:
-                    raise Exception('missing required header "%s"' % (h))
-
-                signable_list.append('%s: %s' % (h.lower(), headers[h]))
-
-        signable = '\n'.join(signable_list)
+        signable = generate_message(required_headers, headers, host, method, path)
+        
         signature = self._sign(signable)
         headers['Authorization'] = self.signature_template % signature
-
+        
         return headers
+

httpsig/tests/__init__.py

@@ -25,14 +25,8 @@ def _parse_auth(self, auth):
         return param_dict
 
     def setUp(self):
-        self.key = os.path.join(os.path.dirname(__file__), 'rsa_private.pem')
-
-    def test_date_added(self):
-        hs = HeaderSigner(key_id='', secret=self.key)
-        unsigned = {}
-        signed = hs.sign(unsigned)
-        self.assertIn('Date', signed)
-        self.assertIn('Authorization', signed)
+        self.key_path = os.path.join(os.path.dirname(__file__), 'rsa_private.pem')
+        self.key = open(self.key_path, 'r').read()
 
     def test_default(self):
         hs = HeaderSigner(key_id='Test', secret=self.key)
@@ -67,8 +61,8 @@ def test_all(self):
             'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
             'Content-Length': '18',
         }
-        signed = hs.sign(unsigned, method='POST',
-                path='/foo?param=value&pet=dog')
+        signed = hs.sign(unsigned, method='POST', path='/foo?param=value&pet=dog')
+        
         self.assertIn('Date', signed)
         self.assertEqual(unsigned['Date'], signed['Date'])
         self.assertIn('Authorization', signed)
@@ -79,7 +73,4 @@ def test_all(self):
         self.assertEqual(params['keyId'], 'Test')
         self.assertEqual(params['algorithm'], 'rsa-sha256')
         self.assertEqual(params['headers'], '(request-line) host date content-type content-md5 content-length')
-        self.assertEqual(params['signature'], 'H/AaTDkJvLELy4i1RujnKlS6dm8QWiJvEpn9cKRMi49kKF+mohZ15z1r+mF+XiKS5kOOscyS83olfBtsVhYjPg2Ei3/D9D4Mvb7bFm9IaLJgYTFFuQCghrKQQFPiqJN320emjHxFowpIm1BkstnEU7lktH/XdXVBo8a6Uteiztw=')
-
-if __name__ == '__main__':
-    unittest.main()
+        self.assertEqual(params['signature'], 'vYJio4AxbN38TKdzE1Qk/3qXhzTaBS7zUIPCqV+NsjLSf8ZK/19L9ErTz8FYBAW8Gko2dEaU70McrIO33k0PUlPsWvbGn/IhnU14rvSPF/F+AnFVFeA9ivvvyVZQYYYp17fnNfiCzHrvUn+VnqMhRKA15Nr8KKwt9Eqi36wQ8Vg=')