File: //lib/python3.6/site-packages/oauthlib/oauth1/rfc5849/__pycache__/signature.cpython-36.pyc
3
,��[A\���������������
���@���s$���d�Z�d�d�l�m�Z�m�Z���d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m Z m
Z
m�Z�m�Z�m
Z
��d�d�l�m�Z���y�d�d�l�Z�W�n���e�k
r�������d�d�l�j�Z�Y�n�X�e�j�e���Z�d�d���Z�d(d d
��Z�d�g�d�d�d
f�d�d���Z�d�d���Z�d�d���Z�d�d���Z�d�a�d�d���Z�d�d���Z�d�d���Z d�d���Z!d�d���Z"d)d d!��Z#d"d#��Z$d$d%��Z%d*d&d'��Z&d�S�)+a����
oauthlib.oauth1.rfc5849.signature
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This module represents a direct implementation of `section 3.4`_ of the spec.
Terminology:
* Client: software interfacing with an OAuth API
* Server: the API provider
* Resource Owner: the user who is granting authorization to the client
Steps for signing a request:
1. Collect parameters from the uri query, auth header, & body
2. Normalize those parameters
3. Normalize the uri
4. Pass the normalized uri, normalized parameters, and http method to
construct the base string
5. Pass the base string and any keys needed to a signing function
.. _`section 3.4`: https://tools.ietf.org/html/rfc5849#section-3.4
�����)���absolute_import��unicode_literalsN)��
bytes_type��extract_params��safe_string_equals��unicode_type� urldecode�����)���utilsc����������������C���s>���t�j�|�j�����}�|�d�7�}�|�t�j�|���7�}�|�d�7�}�|�t�j�|���7�}�|�S�)�aY���**String Construction**
Per `section 3.4.1.1`_ of the spec.
For example, the HTTP request::
POST /request?b5=%3D%253D&a3=a&c%40=&a2=r%20b HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth realm="Example",
oauth_consumer_key="9djdj82h48djs9d2",
oauth_token="kkk9d7dh3k39sjv7",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="137131201",
oauth_nonce="7d8f3e4a",
oauth_signature="bYT5CMsGcbgUdFHObYMEfcx6bsw%3D"
c2&a3=2+q
is represented by the following signature base string (line breaks
are for display purposes only)::
POST&http%3A%2F%2Fexample.com%2Frequest&a2%3Dr%2520b%26a3%3D2%2520q
%26a3%3Da%26b5%3D%253D%25253D%26c%2540%3D%26c2%3D%26oauth_consumer_
key%3D9djdj82h48djs9d2%26oauth_nonce%3D7d8f3e4a%26oauth_signature_m
ethod%3DHMAC-SHA1%26oauth_timestamp%3D137131201%26oauth_token%3Dkkk
9d7dh3k39sjv7
.. _`section 3.4.1.1`: https://tools.ietf.org/html/rfc5849#section-3.4.1.1
��&)�r
�����escape��upper)���http_methodZ�base_string_uriZ%normalized_encoded_request_parameters��base_string��r������/usr/lib/python3.6/signature.py��construct_base_string+���s�����(����������r����c��������
�������C���s����t�|�t���s�t�d�����t�j�|���\�}�}�}�}�}�}�|���s4|���r<t�d�����|�sDd�}�|�j���}�|�j���}�|�d�k rd|�j���}�d�}�d |�k�r�|�j�d d
��\�}�} |�| f�|�k�r�|�}�t�j�|�|�|�|�d�d�f���S�)�aA���**Base String URI**
Per `section 3.4.1.2`_ of the spec.
For example, the HTTP request::
GET /r%20v/X?id=123 HTTP/1.1
Host: EXAMPLE.COM:80
is represented by the base string URI: "http://example.com/r%20v/X".
In another example, the HTTPS request::
GET /?q=1 HTTP/1.1
Host: www.example.net:8080
is represented by the base string URI: "https://www.example.net:8080/".
.. _`section 3.4.1.2`: https://tools.ietf.org/html/rfc5849#section-3.4.1.2
The host argument overrides the netloc part of the uri argument.
z�uri must be a unicode object.z$uri must include a scheme and netloc��/N��http��80��https��443��:r �������r����r������r����r����)�r����r����)��
isinstancer�����
ValueError��urlparse��lower��splitZ
urlunparse)
��uri��host��schemeZ�netloc��path��paramsZ�queryZ�fragmentZ
default_portsZ�portr����r����r������normalize_base_string_uril���s$�����
���������������������������������r&���r����TFc��������������������s����|�p�i�}�g�}�|�r�|�j�t�|�������|�rht�d�d���|�j���D�����}�|�j�d���}�|�d�k rh|�j���f�d�d���t�j�|���D�������t�|���prg�}�|�j�|�����g�} x2|�D�]*\�}
}�|
j�d���r�t�j |���}�| j
|
|�f�����q�W�|�r�t�t�d�d ��| ����} | S�)
a= ��**Parameter Sources**
Parameters starting with `oauth_` will be unescaped.
Body parameters must be supplied as a dict, a list of 2-tuples, or a
formencoded query string.
Headers must be supplied as a dict.
Per `section 3.4.1.3.1`_ of the spec.
For example, the HTTP request::
POST /request?b5=%3D%253D&a3=a&c%40=&a2=r%20b HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth realm="Example",
oauth_consumer_key="9djdj82h48djs9d2",
oauth_token="kkk9d7dh3k39sjv7",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="137131201",
oauth_nonce="7d8f3e4a",
oauth_signature="djosJKDKJSD8743243%2Fjdk33klY%3D"
c2&a3=2+q
contains the following (fully decoded) parameters used in the
signature base sting::
+------------------------+------------------+
| Name | Value |
+------------------------+------------------+
| b5 | =%3D |
| a3 | a |
| c@ | |
| a2 | r b |
| oauth_consumer_key | 9djdj82h48djs9d2 |
| oauth_token | kkk9d7dh3k39sjv7 |
| oauth_signature_method | HMAC-SHA1 |
| oauth_timestamp | 137131201 |
| oauth_nonce | 7d8f3e4a |
| c2 | |
| a3 | 2 q |
+------------------------+------------------+
Note that the value of "b5" is "=%3D" and not "==". Both "c@" and
"c2" have empty values. While the encoding rules specified in this
specification for the purpose of constructing the signature base
string exclude the use of a "+" character (ASCII code 43) to
represent an encoded space character (ASCII code 32), this practice
is widely used in "application/x-www-form-urlencoded" encoded values,
and MUST be properly decoded, as demonstrated by one of the "a3"
parameter instances (the "a3" parameter is used twice in this
request).
.. _`section 3.4.1.3.1`: https://tools.ietf.org/html/rfc5849#section-3.4.1.3.1
c����������������s���s����|�]�\�}�}�|�j���|�f�V���q�d�S�)�N)�r����)���.0��k��vr����r����r����� <genexpr>����s������z%collect_parameters.<locals>.<genexpr>Z
authorizationNc��������������������s ���g�|�]�}���s�|�d���d�k�r�|���q�S�)�r����Z�realmr����)�r'�����i)��
with_realmr����r�����
<listcomp>����s��������z&collect_parameters.<locals>.<listcomp>Z�oauth_c����������������S���s����|�d���d�k�S�)�Nr����Z�oauth_signaturer����)�r+���r����r����r������<lambda>8���s����z$collect_parameters.<locals>.<lambda>)
��extendr������dict��items��getr
���Z�parse_authorization_headerr�����
startswithZ�unescape��append��list��filter)�Z uri_queryZ�bodyZ�headersZ�exclude_oauth_signaturer,���r%���Z
headers_lowerZ�authorization_headerZ
bodyparamsZ�unescaped_paramsr(���r)���r����)�r,���r������collect_parameters����s*����;������������
���������
�����
�
�����
���r7���c����������������C���s.���d�d���|�D���}�|�j�����d�d���|�D���}�d�j�|���S�)�a�
��**Parameters Normalization**
Per `section 3.4.1.3.2`_ of the spec.
For example, the list of parameters from the previous section would
be normalized as follows:
Encoded::
+------------------------+------------------+
| Name | Value |
+------------------------+------------------+
| b5 | %3D%253D |
| a3 | a |
| c%40 | |
| a2 | r%20b |
| oauth_consumer_key | 9djdj82h48djs9d2 |
| oauth_token | kkk9d7dh3k39sjv7 |
| oauth_signature_method | HMAC-SHA1 |
| oauth_timestamp | 137131201 |
| oauth_nonce | 7d8f3e4a |
| c2 | |
| a3 | 2%20q |
+------------------------+------------------+
Sorted::
+------------------------+------------------+
| Name | Value |
+------------------------+------------------+
| a2 | r%20b |
| a3 | 2%20q |
| a3 | a |
| b5 | %3D%253D |
| c%40 | |
| c2 | |
| oauth_consumer_key | 9djdj82h48djs9d2 |
| oauth_nonce | 7d8f3e4a |
| oauth_signature_method | HMAC-SHA1 |
| oauth_timestamp | 137131201 |
| oauth_token | kkk9d7dh3k39sjv7 |
+------------------------+------------------+
Concatenated Pairs::
+-------------------------------------+
| Name=Value |
+-------------------------------------+
| a2=r%20b |
| a3=2%20q |
| a3=a |
| b5=%3D%253D |
| c%40= |
| c2= |
| oauth_consumer_key=9djdj82h48djs9d2 |
| oauth_nonce=7d8f3e4a |
| oauth_signature_method=HMAC-SHA1 |
| oauth_timestamp=137131201 |
| oauth_token=kkk9d7dh3k39sjv7 |
+-------------------------------------+
and concatenated together into a single string (line breaks are for
display purposes only)::
a2=r%20b&a3=2%20q&a3=a&b5=%3D%253D&c%40=&c2=&oauth_consumer_key=9dj
dj82h48djs9d2&oauth_nonce=7d8f3e4a&oauth_signature_method=HMAC-SHA1
&oauth_timestamp=137131201&oauth_token=kkk9d7dh3k39sjv7
.. _`section 3.4.1.3.2`: https://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
c����������������S���s$���g�|�]�\�}�}�t�j�|���t�j�|���f���q�S�r����)�r
���r����)�r'���r(���r)���r����r����r����r-�������s������z(normalize_parameters.<locals>.<listcomp>c����������������S���s����g�|�]�\�}�}�d�j�|�|�����q�S�)�z�{0}={1})���format)�r'���r(���r)���r����r����r����r-�������s������r����)���sort��join)�r%���Z
key_valuesZ�parameter_partsr����r����r������normalize_parameters>���s�����P������r;���c����������������C���s����t�|�|�j�|�j���S�)�N)���sign_hmac_sha1�
client_secret��resource_owner_secret)�r������clientr����r����r������sign_hmac_sha1_with_client����s����������r@���c����������������C���sl���|�}�t�j�|�p�d���}�|�d�7�}�|�t�j�|�p&d���7�}�|�j�d���}�|�j�d���}�t�j�|�|�t�j���}�t�j�|�j ����d�d�����j
d���S�)�aP���**HMAC-SHA1**
The "HMAC-SHA1" signature method uses the HMAC-SHA1 signature
algorithm as defined in `RFC2104`_::
digest = HMAC-SHA1 (key, text)
Per `section 3.4.2`_ of the spec.
.. _`RFC2104`: https://tools.ietf.org/html/rfc2104
.. _`section 3.4.2`: https://tools.ietf.org/html/rfc5849#section-3.4.2
r����r����z�utf-8Nr ������)�r
���r������encode��hmac��new��hashlibZ�sha1��binascii�
b2a_base64Z�digest��decode)�r����r=���r>�����text��keyZ�key_utf8Z text_utf8� signaturer����r����r����r<�������s��������������
�
���r<���c����������������C���s$���t�d�k�r d�d�l�j�}�|�j�|�j�j���a�t�S�)�Nr����)���_jwtrs1Z�jwt.algorithmsZ
algorithmsZ�RSAAlgorithmZ�hashesZ�SHA1)�Z�jwtalgor����r����r������_jwt_rs1_signing_algorithm����s��������
���rM���c����������������C���sH���t�|�t���r�|�j�d���}�t���}�t�|�|���}�|�j�|�|���}�t�j�|���d�d�����j�d���S�)�ai���**RSA-SHA1**
Per `section 3.4.3`_ of the spec.
The "RSA-SHA1" signature method uses the RSASSA-PKCS1-v1_5 signature
algorithm as defined in `RFC3447, Section 8.2`_ (also known as
PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. To
use this method, the client MUST have established client credentials
with the server that included its RSA public key (in a manner that is
beyond the scope of this specification).
.. _`section 3.4.3`: https://tools.ietf.org/html/rfc5849#section-3.4.3
.. _`RFC3447, Section 8.2`: https://tools.ietf.org/html/rfc3447#section-8.2
z�utf-8Nr ���rA���) r����r����rB���rM�����_prepare_key_plusZ�signrF���rG���rH���)�r����Z�rsa_private_key��algrJ�����sr����r����r�����
sign_rsa_sha1����s������
�
���
���rQ���c����������������C���s����|�j�s�t�d�����t�|�|�j���S�)�Nz4rsa_key is required when using RSA signature method.)�Z�rsa_keyr����rQ���)�r����r?���r����r����r������sign_rsa_sha1_with_client����s����������rR���c����������������C���s,���t�j�|�p
d���}�|�d�7�}�|�t�j�|�p"d���7�}�|�S�)�a����Sign a request using plaintext.
Per `section 3.4.4`_ of the spec.
The "PLAINTEXT" method does not employ a signature algorithm. It
MUST be used with a transport-layer mechanism such as TLS or SSL (or
sent over a secure channel with equivalent protections). It does not
utilize the signature base string or the "oauth_timestamp" and
"oauth_nonce" parameters.
.. _`section 3.4.4`: https://tools.ietf.org/html/rfc5849#section-3.4.4
r����r����)�r
���r����)�r=���r>���rK���r����r����r������sign_plaintext����s������������rS���c����������������C���s����t�|�j�|�j���S�)�N)�rS���r=���r>���)�r����r?���r����r����r������sign_plaintext_with_client$���s������rT���c����������������C���sN���t�|�j���}�t�|�j���}�t�|�j�|�|���}�t�|�|�|���}�t�|�|�j���}�|�sJt j
d�|�����|�S�)�a����Verify a HMAC-SHA1 signature.
Per `section 3.4`_ of the spec.
.. _`section 3.4`: https://tools.ietf.org/html/rfc5849#section-3.4
To satisfy `RFC2616 section 5.2`_ item 1, the request argument's uri
attribute MUST be an absolute URI whose netloc part identifies the
origin server or gateway on which the resource resides. Any Host
item of the request argument's headers dict attribute will be
ignored.
.. _`RFC2616 section 5.2`: https://tools.ietf.org/html/rfc2616#section-5.2
z,Verify HMAC-SHA1 failed: sig base string: %s)�r;���r%���r&���r!���r����r����r<���r����rK�����log��debug)���requestr=���r>�����norm_paramsr!���r����rK�����matchr����r����r������verify_hmac_sha1(���s������
�
�������������rZ���c����������������C���s����t�|�t���r�|�j�d���}�|�j�|���S�)�Nz�utf-8)�r����r����rH���Z�prepare_key)�rO���Z�keystrr����r����r����rN���D���s������
�
�rN���c�������� �������C���sl���t�|�j���}�t�|�j���}�t�|�j�|�|���j�d���}�t�j�|�j j�d�����}�t
��}�t�|�|���}�|�j�|�|�|���}�|�sht
j�d�|�����|�S�)�af���Verify a RSASSA-PKCS #1 v1.5 base64 encoded signature.
Per `section 3.4.3`_ of the spec.
Note this method requires the jwt and cryptography libraries.
.. _`section 3.4.3`: https://tools.ietf.org/html/rfc5849#section-3.4.3
To satisfy `RFC2616 section 5.2`_ item 1, the request argument's uri
attribute MUST be an absolute URI whose netloc part identifies the
origin server or gateway on which the resource resides. Any Host
item of the request argument's headers dict attribute will be
ignored.
.. _`RFC2616 section 5.2`: https://tools.ietf.org/html/rfc2616#section-5.2
z�utf-8z+Verify RSA-SHA1 failed: sig base string: %s)�r;���r%���r&���r!���r����r����rB���rF���Z
a2b_base64rK���rM���rN���Z�verifyrU���rV���) rW���Z�rsa_public_keyrX���r!�����messageZ�sigrO���rJ���Z verify_okr����r����r������verify_rsa_sha1I���s������
�
�������
�������r\���c����������������C���s(���t�|�|���}�t�|�|�j���}�|�s$t�j�d�����|�S�)�z�Verify a PLAINTEXT signature.
Per `section 3.4`_ of the spec.
.. _`section 3.4`: https://tools.ietf.org/html/rfc5849#section-3.4
z�Verify PLAINTEXT failed)�rS���r����rK���rU���rV���)�rW���r=���r>���rK���rY���r����r����r������verify_plaintexth���s
�����
�����
�r]���)�N)�NN)�NN)'��__doc__Z
__future__r����r����rF���rE���rC���Z�loggingZ�oauthlib.commonr����r����r����r����r����r����r
���r������ImportErrorZ�urllib.parse��parseZ getLogger��__name__rU���r����r&���r7���r;���r@���r<���rL���rM���rQ���rR���rS���rT���rZ���rN���r\���r]���r����r����r����r������<module>����s<���������������������������
��A
W���z�b���1���������#����
�����