Last active
April 9, 2021 15:20
Revisions
-
binaryatrocity revised this gist
Sep 13, 2016 . 1 changed file with 2 additions and 3 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,19 +10,18 @@ def create_signature(secret_key, string): return b64encode(hmac.hexdigest()) def create_token(access_key): string_to_sign = "POST\n"+\ "application/x-www-form-urlencoded\n"+\ datetime.utcnow().strftime("%Y-%m-%dT%H:%M") user_secret_key = access_key # Should be looked up based on access_key hmac = create_signature(access_key, string_to_sign) signature = "AUTH:" + access_key + ":" + hmac return signature def authenticate_signed_token(auth_token): """ Take token, recreate signature, auth if a match """ lead, access_key, signature = auth_token.split(":") if lead.upper() == "AUTH": our_token = create_token(access_key).split(":", 1)[-1] return True if signature == our_token else False -
Jun 24, 2014 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Jun 24, 2014 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,32 @@ from sys import argv from base64 import b64encode from datetime import datetime from Crypto.Hash import SHA, HMAC def create_signature(secret_key, string): """ Create the signed message from api_key and string_to_sign """ string_to_sign = string.encode('utf-8') hmac = HMAC.new(secret_key, string_to_sign, SHA) return b64encode(hmac.hexdigest()) def create_token(access_key): """ Create the full token (CONE:access_key:signed_string) """ string_to_sign = "POST\n"+\ "application/x-www-form-urlencoded\n"+\ datetime.utcnow().strftime("%Y-%m-%dT%H:%M") user_secret_key = access_key # Should be looked up based on access_key hmac = create_signature(access_key, string_to_sign) signature = "CONE" + ":" + access_key + ":" + hmac return signature def authenticate_signed_token(auth_token): """ Take token, recreate signature, auth if a match """ lead, access_key, signature = auth_token.split(":") if lead.upper() == "CONE": our_token = create_token(access_key).split(":", 1)[-1] return True if signature == our_token else False if __name__ == "__main__": print create_token('secret_api_key') print authenticate_signed_token(argv[1])