Code formatting cleanup

Author: ahknight

CHANGELOG.rst

@@ -1,6 +1,14 @@
 httpsig Changes
 ---------------
 
+1.2.0 (2018-Mar-28)
+-------------------
+
+* Switched to pycryptodome instead of PyCrypto
+* Updated tests with the test data from Draft 8 and verified it still passes.
+* Dropped official Python 3.2 support (pip dropped it so it can't be properly tested)
+* Cleaned up the code to be more PEP8-like.
+
 1.1.2 (2015-Feb-11)
 -------------------
 

httpsig/_version.py

@@ -1,4 +1,3 @@
-
 # This file helps to compute a version number in source trees obtained from
 # git-archive tarball (such as those provided by githubs download-from-tag
 # feature). Distribution tarballs (build by setup.py sdist) and build
@@ -8,16 +7,17 @@
 # This file is released into the public domain. Generated by
 # versioneer-0.10 (https://github.com/warner/python-versioneer)
 
+import errno
+import os.path
+import re
+import subprocess
+import sys
+
 # these strings will be replaced by git during git-archive
 git_refnames = "$Format:%d$"
 git_full = "$Format:%H$"
 
 
-import subprocess
-import sys
-import errno
-
-
 def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False):
     assert isinstance(commands, list)
     p = None
@@ -50,18 +50,14 @@ def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False):
     return stdout
 
 
-import sys
-import re
-import os.path
-
 def get_expanded_variables(versionfile_abs):
     # the code embedded in _version.py can just fetch the value of these
     # variables. When used from setup.py, we don't want to import
     # _version.py, so we do it with a regexp instead. This function is not
     # used from _version.py.
     variables = {}
     try:
-        f = open(versionfile_abs,"r")
+        f = open(versionfile_abs, "r")
         for line in f.readlines():
             if line.strip().startswith("git_refnames ="):
                 mo = re.search(r'=\s*"(.*)"', line)
@@ -76,12 +72,13 @@ def get_expanded_variables(versionfile_abs):
         pass
     return variables
 
+
 def versions_from_expanded_variables(variables, tag_prefix, verbose=False):
     refnames = variables["refnames"].strip()
     if refnames.startswith("$Format"):
         if verbose:
             print("variables are unexpanded, not using")
-        return {} # unexpanded, so not in an unpacked git-archive tarball
+        return {}  # unexpanded, so not in an unpacked git-archive tarball
     refs = set([r.strip() for r in refnames.strip("()").split(",")])
     # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of
     # just "foo-1.0". If we see a "tag: " prefix, prefer those.
@@ -97,7 +94,7 @@ def versions_from_expanded_variables(variables, tag_prefix, verbose=False):
         # "stabilization", as well as "HEAD" and "master".
         tags = set([r for r in refs if re.search(r'\d', r)])
         if verbose:
-            print("discarding '%s', no digits" % ",".join(refs-tags))
+            print("discarding '%s', no digits" % ",".join(refs - tags))
     if verbose:
         print("likely tags: %s" % ",".join(sorted(tags)))
     for ref in sorted(tags):
@@ -106,13 +103,14 @@ def versions_from_expanded_variables(variables, tag_prefix, verbose=False):
             r = ref[len(tag_prefix):]
             if verbose:
                 print("picking %s" % r)
-            return { "version": r,
-                     "full": variables["full"].strip() }
+            return {"version": r,
+                    "full": variables["full"].strip()}
     # no suitable tags, so we use the full revision id
     if verbose:
         print("no suitable tags, using full revision id")
-    return { "version": variables["full"].strip(),
-             "full": variables["full"].strip() }
+    return {"version": variables["full"].strip(),
+            "full": variables["full"].strip()}
+
 
 def versions_from_vcs(tag_prefix, root, verbose=False):
     # this runs 'git' from the root of the source tree. This only gets called
@@ -157,17 +155,19 @@ def versions_from_parentdir(parentdir_prefix, root, verbose=False):
         return None
     return {"version": dirname[len(parentdir_prefix):], "full": ""}
 
+
 tag_prefix = "v"
 parentdir_prefix = "httpsig-"
 versionfile_source = "httpsig/_version.py"
 
+
 def get_versions(default={"version": "unknown", "full": ""}, verbose=False):
     # I am in _version.py, which lives at ROOT/VERSIONFILE_SOURCE. If we have
     # __file__, we can work backwards from there to the root. Some
     # py2exe/bbfreeze/non-CPython implementations don't do __file__, in which
     # case we can only use expanded variables.
 
-    variables = { "refnames": git_refnames, "full": git_full }
+    variables = {"refnames": git_refnames, "full": git_full}
     ver = versions_from_expanded_variables(variables, tag_prefix, verbose)
     if ver:
         return ver
@@ -185,4 +185,3 @@ def get_versions(default={"version": "unknown", "full": ""}, verbose=False):
     return (versions_from_vcs(tag_prefix, root, verbose)
             or versions_from_parentdir(parentdir_prefix, root, verbose)
             or default)
-

httpsig/requests_auth.py

@@ -1,4 +1,4 @@
-from requests.auth import AuthBase
+import requests.auth
 try:
     # Python 3
     from urllib.parse import urlparse
@@ -9,20 +9,23 @@
 from .sign import HeaderSigner
 
 
-class HTTPSignatureAuth(AuthBase):
+class HTTPSignatureAuth(requests.auth.AuthBase):
     '''
     Sign a request using the http-signature scheme.
     https://github.com/joyent/node-http-signature/blob/master/http_signing.md
 
-    key_id is the mandatory label indicating to the server which secret to use
-    secret is the filename of a pem file in the case of rsa, a password string in the case of an hmac algorithm
-    algorithm is one of the six specified algorithms
-    headers is a list of http headers to be included in the signing string, defaulting to "Date" alone.
+    `key_id` is the mandatory label indicating to the server which secret to
+      use secret is the filename of a pem file in the case of rsa, a password
+      string in the case of an hmac algorithm
+    `algorithm` is one of the six specified algorithms
+      headers is a list of http headers to be included in the signing string,
+      defaulting to "Date" alone.
     '''
     def __init__(self, key_id='', secret='', algorithm=None, headers=None):
         headers = headers or []
-        self.header_signer = HeaderSigner(key_id=key_id, secret=secret,
-                algorithm=algorithm, headers=headers)
+        self.header_signer = HeaderSigner(
+                                key_id=key_id, secret=secret,
+                                algorithm=algorithm, headers=headers)
         self.uses_host = 'host' in [h.lower() for h in headers]
 
     def __call__(self, r):

httpsig/sign.py

@@ -15,49 +15,54 @@ class Signer(object):
     """
     When using an RSA algo, the secret is a PEM-encoded private key.
     When using an HMAC algo, the secret is the HMAC signing secret.
-    
+
     Password-protected keyfiles are not supported.
     """
     def __init__(self, secret, algorithm=None):
         if algorithm is None:
             algorithm = DEFAULT_SIGN_ALGORITHM
-        
+
         assert algorithm in ALGORITHMS, "Unknown algorithm"
-        if isinstance(secret, six.string_types): secret = secret.encode("ascii")
-        
+        if isinstance(secret, six.string_types):
+            secret = secret.encode("ascii")
+
         self._rsa = None
         self._hash = None
         self.sign_algorithm, self.hash_algorithm = algorithm.split('-')
-        
+
         if self.sign_algorithm == 'rsa':
             try:
                 rsa_key = RSA.importKey(secret)
                 self._rsa = PKCS1_v1_5.new(rsa_key)
                 self._hash = HASHES[self.hash_algorithm]
             except ValueError:
                 raise HttpSigException("Invalid key.")
-            
+
         elif self.sign_algorithm == 'hmac':
-            self._hash = HMAC.new(secret, digestmod=HASHES[self.hash_algorithm])
+            self._hash = HMAC.new(secret,
+                                  digestmod=HASHES[self.hash_algorithm])
 
     @property
     def algorithm(self):
         return '%s-%s' % (self.sign_algorithm, self.hash_algorithm)
 
     def _sign_rsa(self, data):
-        if isinstance(data, six.string_types): data = data.encode("ascii")
+        if isinstance(data, six.string_types):
+            data = data.encode("ascii")
         h = self._hash.new()
         h.update(data)
         return self._rsa.sign(h)
 
     def _sign_hmac(self, data):
-        if isinstance(data, six.string_types): data = data.encode("ascii")
+        if isinstance(data, six.string_types):
+            data = data.encode("ascii")
         hmac = self._hash.copy()
         hmac.update(data)
         return hmac.digest()
 
     def _sign(self, data):
-        if isinstance(data, six.string_types): data = data.encode("ascii")
+        if isinstance(data, six.string_types):
+            data = data.encode("ascii")
         signed = None
         if self._rsa:
             signed = self._sign_rsa(data)
@@ -70,37 +75,43 @@ def _sign(self, data):
 
 class HeaderSigner(Signer):
     '''
-    Generic object that will sign headers as a dictionary using the http-signature scheme.
+    Generic object that will sign headers as a dictionary using the
+        http-signature scheme.
     https://github.com/joyent/node-http-signature/blob/master/http_signing.md
 
-    :arg key_id:    the mandatory label indicating to the server which secret to use
-    :arg secret:    a PEM-encoded RSA private key or an HMAC secret (must match the algorithm)
+    :arg key_id:    the mandatory label indicating to the server which secret
+        to use
+    :arg secret:    a PEM-encoded RSA private key or an HMAC secret (must
+        match the algorithm)
     :arg algorithm: one of the six specified algorithms
-    :arg headers:   a list of http headers to be included in the signing string, defaulting to ['date'].
+    :arg headers:   a list of http headers to be included in the signing
+        string, defaulting to ['date'].
     '''
     def __init__(self, key_id, secret, algorithm=None, headers=None):
         if algorithm is None:
             algorithm = DEFAULT_SIGN_ALGORITHM
-        
+
         super(HeaderSigner, self).__init__(secret=secret, algorithm=algorithm)
         self.headers = headers or ['date']
-        self.signature_template = build_signature_template(key_id, algorithm, headers)
+        self.signature_template = build_signature_template(
+                                    key_id, algorithm, headers)
 
     def sign(self, headers, host=None, method=None, path=None):
         """
         Add Signature Authorization header to case-insensitive header dict.
 
-        headers is a case-insensitive dict of mutable headers.
-        host is a override for the 'host' header (defaults to value in headers).
-        method is the HTTP method (required when using '(request-target)').
-        path is the HTTP path (required when using '(request-target)').
+        `headers` is a case-insensitive dict of mutable headers.
+        `host` is a override for the 'host' header (defaults to value in
+            headers).
+        `method` is the HTTP method (required when using '(request-target)').
+        `path` is the HTTP path (required when using '(request-target)').
         """
         headers = CaseInsensitiveDict(headers)
         required_headers = self.headers or ['date']
-        signable = generate_message(required_headers, headers, host, method, path)
-        
+        signable = generate_message(
+                    required_headers, headers, host, method, path)
+
         signature = self._sign(signable)
         headers['authorization'] = self.signature_template % signature
-        
-        return headers
 
+        return headers

httpsig/tests/__init__.py

@@ -1,3 +1,3 @@
 from .test_signature import *
 from .test_utils import *
-from .test_verify import *
+from .test_verify import *

httpsig/tests/test_signature.py

@@ -1,15 +1,15 @@
 #!/usr/bin/env python
 import sys
 import os
-sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))
 
-import json
 import unittest
 
 import httpsig.sign as sign
 from httpsig.utils import parse_authorization_header
 
 
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))
+
 sign.DEFAULT_SIGN_ALGORITHM = "rsa-sha256"
 
 
@@ -21,9 +21,10 @@ class TestSign(unittest.TestCase):
     header_content_type = 'application/json'
     header_digest = 'SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE='
     header_content_length = '18'
-    
+
     def setUp(self):
-        self.key_path = os.path.join(os.path.dirname(__file__), 'rsa_private.pem')
+        self.key_path = os.path.join(
+            os.path.dirname(__file__), 'rsa_private.pem')
         with open(self.key_path, 'rb') as f:
             self.key = f.read()
 
@@ -55,8 +56,9 @@ def test_basic(self):
             'Host': self.header_host,
             'Date': self.header_date,
         }
-        signed = hs.sign(unsigned, method=self.test_method, path=self.test_path)
-        
+        signed = hs.sign(
+            unsigned, method=self.test_method, path=self.test_path)
+
         self.assertIn('Date', signed)
         self.assertEqual(unsigned['Date'], signed['Date'])
         self.assertIn('Authorization', signed)
@@ -67,8 +69,8 @@ def test_basic(self):
         self.assertIn('signature', params)
         self.assertEqual(params['keyId'], 'Test')
         self.assertEqual(params['algorithm'], 'rsa-sha256')
-        self.assertEqual(params['headers'],
-            '(request-target) host date')
+        self.assertEqual(
+            params['headers'], '(request-target) host date')
         self.assertEqual(params['signature'], 'HUxc9BS3P/kPhSmJo+0pQ4IsCo007vkv6bUm4Qehrx+B1Eo4Mq5/6KylET72ZpMUS80XvjlOPjKzxfeTQj4DiKbAzwJAb4HX3qX6obQTa00/qPDXlMepD2JtTw33yNnm/0xV7fQuvILN/ys+378Ysi082+4xBQFwvhNvSoVsGv4=')
 
     def test_all(self):
@@ -87,8 +89,9 @@ def test_all(self):
             'Digest': self.header_digest,
             'Content-Length': self.header_content_length,
         }
-        signed = hs.sign(unsigned, method=self.test_method, path=self.test_path)
-        
+        signed = hs.sign(
+            unsigned, method=self.test_method, path=self.test_path)
+
         self.assertIn('Date', signed)
         self.assertEqual(unsigned['Date'], signed['Date'])
         self.assertIn('Authorization', signed)
@@ -99,5 +102,7 @@ def test_all(self):
         self.assertIn('signature', params)
         self.assertEqual(params['keyId'], 'Test')
         self.assertEqual(params['algorithm'], 'rsa-sha256')
-        self.assertEqual(params['headers'], '(request-target) host date content-type digest content-length')
+        self.assertEqual(
+            params['headers'],
+            '(request-target) host date content-type digest content-length')
         self.assertEqual(params['signature'], 'Ef7MlxLXoBovhil3AlyjtBwAL9g4TN3tibLj7uuNB3CROat/9KaeQ4hW2NiJ+pZ6HQEOx9vYZAyi+7cmIkmJszJCut5kQLAwuX+Ms/mUFvpKlSo9StS2bMXDBNjOh4Auj774GFj4gwjS+3NhFeoqyr/MuN6HsEnkvn6zdgfE2i0=')

httpsig/tests/test_utils.py

@@ -1,17 +1,18 @@
 #!/usr/bin/env python
 import os
-import re
 import sys
-sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))
-
 import unittest
-
 from httpsig.utils import get_fingerprint
 
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))
+
+
 class TestUtils(unittest.TestCase):
 
     def test_get_fingerprint(self):
-        with open(os.path.join(os.path.dirname(__file__), 'rsa_public.pem'), 'r') as k:
+        with open(os.path.join(
+                os.path.dirname(__file__), 'rsa_public.pem'), 'r') as k:
             key = k.read()
         fingerprint = get_fingerprint(key)
-        self.assertEqual(fingerprint, "73:61:a2:21:67:e0:df:be:7e:4b:93:1e:15:98:a5:b7")
+        self.assertEqual(
+            fingerprint, "73:61:a2:21:67:e0:df:be:7e:4b:93:1e:15:98:a5:b7")