Skip to content

pyauth/http-message-signatures

Repository files navigation

http-message-signatures: An implementation of RFC 9421, the IETF HTTP Message Signatures standard

http-message-signatures is an implementation of the IETF RFC 9421 HTTP Message Signatures standard in Python.

Installation

pip3 install http-message-signatures

Synopsis

from http_message_signatures import HTTPMessageSigner, HTTPMessageVerifier, HTTPSignatureKeyResolver, algorithms
import requests, base64, hashlib, http_sfv

class MyHTTPSignatureKeyResolver(HTTPSignatureKeyResolver):
    keys = {"my-key": b"top-secret-key"}

    def resolve_public_key(self, key_id: str):
        return self.keys[key_id]

    def resolve_private_key(self, key_id: str):
        return self.keys[key_id]

request = requests.Request('POST', 'https://example.com/foo?param=Value&Pet=dog', json={"hello": "world"})
request = request.prepare()
request.headers["Content-Digest"] = str(http_sfv.Dictionary({"sha-256": hashlib.sha256(request.body).digest()}))

signer = HTTPMessageSigner(signature_algorithm=algorithms.HMAC_SHA256, key_resolver=MyHTTPSignatureKeyResolver())
signer.sign(request, key_id="my-key", covered_component_ids=("@method", "@authority", "@target-uri", "content-digest"))

verifier = HTTPMessageVerifier(signature_algorithm=algorithms.HMAC_SHA256, key_resolver=MyHTTPSignatureKeyResolver())
verifier.verify(request)

Note that verifying the body content-digest is outside the scope of this package's functionality, so it remains the caller's responsibility. The requests-http-signature library builds upon this package to provide integrated signing and validation of the request body.

See what is signed

It is important to understand and follow the best practice rule of "See what is signed" when verifying HTTP message signatures. The gist of this rule is: if your application neglects to verify that the information it trusts is what was actually signed, the attacker can supply a valid signature but point you to malicious data that wasn't signed by that signature. Failure to follow this rule can lead to vulnerability against signature wrapping and substitution attacks.

In http-message-signatures, you can ensure that the information signed is what you expect to be signed by only trusting the data returned by the verify() method:

verify_results = verifier.verify(request)

This returns a list of VerifyResult s, which are namedtuple s with the following attributes:

  • label (str): The label for the signature
  • algorithm: (same as signature_algorithm above)
  • covered_components: A mapping of component names to their values, as covered by the signature
  • parameters: A mapping of signature parameters to their values, as covered by the signature
  • body: Always None (the requests-http-signature package implements returning the body upon successful digest validation).

Given an HTTP request can potentially have multiple signatures the verify() method returns a list of VerifyResult s. However, the implementation currently supports just one signature, so the returned list currently contains just one element. If more signatures are found in the request then InvalidSignature is raised.

Additionally, the verify() method raises HTTPMessageSignaturesException or an exception derived from this class in case an error occurs (unable to load PEM key, unsupported algorithm specified in signature input, signature doesn't match digest etc.)

Authors

Links

Bugs

Please report bugs, issues, feature requests, etc. on GitHub.

License

Copyright 2017-2024, Andrey Kislyuk and http-message-signatures contributors. Licensed under the terms of the Apache License, Version 2.0. Distribution of attribution information, LICENSE and NOTICE files with source copies of this package and derivative works is REQUIRED as specified by the Apache License.