15 |
15 |
# You should have received a copy of the GNU Affero General Public License
|
16 |
16 |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
17 |
17 |
|
|
18 |
import base64
|
18 |
19 |
import pytz
|
19 |
20 |
import datetime as dt
|
20 |
21 |
import hashlib
|
|
22 |
import hmac
|
21 |
23 |
import string
|
22 |
24 |
from six.moves.urllib import parse as urlparse
|
23 |
25 |
import warnings
|
... | ... | |
270 |
272 |
{'name': 'secret_production',
|
271 |
273 |
'caption': _(u'Secret pour la configuration de PRODUCTION'),
|
272 |
274 |
'validation': lambda value: str.isalnum(value), },
|
|
275 |
{'name': 'signature_algo',
|
|
276 |
'caption': _(u'Algorithme de signature'),
|
|
277 |
'default': 'hmac_sha256',
|
|
278 |
'choices': (
|
|
279 |
('sha1', 'SHA-1'),
|
|
280 |
('hmac_sha256', 'HMAC-SHA-256'),
|
|
281 |
)},
|
273 |
282 |
{
|
274 |
283 |
'name': 'manual_validation',
|
275 |
284 |
'caption': 'Validation manuelle',
|
... | ... | |
462 |
471 |
test=test)
|
463 |
472 |
return response
|
464 |
473 |
|
|
474 |
def sha1_sign(self, secret, signed_data):
|
|
475 |
return hashlib.sha1(signed_data).hexdigest()
|
|
476 |
|
|
477 |
def hmac_sha256_sign(self, secret, signed_data):
|
|
478 |
digest = hmac.HMAC(secret, digestmod=hashlib.sha256, msg=signed_data).digest()
|
|
479 |
return base64.b64encode(digest)
|
|
480 |
|
465 |
481 |
def signature(self, fields):
|
466 |
482 |
self.logger.debug('got fields %s to sign' % fields)
|
467 |
483 |
ordered_keys = sorted(
|
468 |
484 |
[key for key in fields.keys() if key.startswith('vads_')])
|
469 |
485 |
self.logger.debug('ordered keys %s' % ordered_keys)
|
470 |
486 |
ordered_fields = [force_byte(fields[key]) for key in ordered_keys]
|
471 |
|
secret = getattr(self, 'secret_%s' % fields['vads_ctx_mode'].lower())
|
|
487 |
secret = force_byte(getattr(self, 'secret_%s' % fields['vads_ctx_mode'].lower()))
|
472 |
488 |
signed_data = b'+'.join(ordered_fields)
|
473 |
|
signed_data = b'%s+%s' % (signed_data, force_byte(secret))
|
|
489 |
signed_data = b'%s+%s' % (signed_data, secret)
|
474 |
490 |
self.logger.debug(u'generating signature on «%s»', signed_data)
|
475 |
|
sign = hashlib.sha1(signed_data).hexdigest()
|
|
491 |
sign_method = getattr(self, '%s_sign' % self.signature_algo)
|
|
492 |
sign = sign_method(secret, signed_data)
|
476 |
493 |
self.logger.debug(u'signature «%s»', sign)
|
477 |
|
return sign
|
|
494 |
return force_text(sign)
|