Skip to content

Instantly share code, notes, and snippets.

@mdornseif

mdornseif/check_signature_server.py

Last active December 24, 2015 14:59
Show Gist options
  • Save mdornseif/6816959 to your computer and use it in GitHub Desktop.
Save mdornseif/6816959 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
check_signature_server.py
class UeCheckin2(gaetk.handler.BasicHandler):
def put(self, uuid):
key = "sekrit" # determined by some other process
bodyhash = base64.b64encode(hashlib.sha256(self.request.body).digest())
toBeSigned = "&".join([self.request.method, self.request.path, bodyhash])
signature = base64.b64encode(hmac.new(key, toBeSigned, hashlib.sha256).digest())
header = self.request.headers['Authorization']
typ, value = header.split()
if typ != 'X-Signature':
raise gaetk.handler.HTTP401_Unauthorized
if value != signature:
raise gaetk.handler.HTTP403_Forbidden
# the request is genuide and authenticated, do the real work
# ...
self.response.write('ok')
Raw
signing_client.m
#import "MDHTTP.h"
#import "AFNetworking/AFJSONRequestOperation.h"
#import "AFNetworking/AFNetworkActivityIndicatorManager.h"
#include <CommonCrypto/CommonHMAC.h>
@implementation MDHTTPClient
#pragma mark - Initialization
- (id)initWithBaseURL:(NSURL *)url {
self = [super initWithBaseURL:url];
if (!self) return nil;
[self registerHTTPOperationClass:[AFJSONRequestOperation class]];
[self setDefaultHeader:@"Accept" value:@"application/json"];
[self setParameterEncoding:AFJSONParameterEncoding];
[self setDefaultSSLPinningMode:AFSSLPinningModePublicKey];
[self setSignatureKey:@"sekrit"];
[[AFNetworkActivityIndicatorManager sharedManager] setEnabled:YES];
return self;
}
#pragma mark - Singleton Methods
+ (MDHTTPClient *)sharedClient;
{
static dispatch_once_t pred;
static MDHTTPClient *_sharedClient = nil;
dispatch_once(&pred, ^{
_sharedClient = [[self alloc] initWithBaseURL:[NSURL URLWithString:@"https://im-fluss.appspot.com/"]];
});
return _sharedClient;
}
- (void)putPath:(NSString *)path
parameters:(NSDictionary *)parameters
success:(void (^)(AFHTTPRequestOperation *operation, id responseObject))success
failure:(void (^)(AFHTTPRequestOperation *operation, NSError *error))failure {
NSMutableURLRequest *request = [self requestWithMethod:@"PUT" path:path parameters:parameters];
NSString *bodyhash = [self sha256:request.HTTPBody];
NSArray *hashArray = [NSArray arrayWithObjects:request.HTTPMethod, path, bodyhash, nil];
NSString *signature = [self hmac:[[hashArray componentsJoinedByString:@"&"] dataUsingEncoding:NSUTF8StringEncoding]];
NSString *header = [NSString stringWithFormat:@"X-Signature %@", signature, nil];
[request setValue:header forHTTPHeaderField:@"Authorization"];
AFHTTPRequestOperation *operation = [self HTTPRequestOperationWithRequest:request success:success failure:failure];
[self enqueueHTTPRequestOperation:operation];
}
#pragma mark crypto helpers
- (NSString *)sha256:(NSData *)data {
unsigned char hash[CC_SHA256_DIGEST_LENGTH];
if (CC_SHA256([data bytes], [data length], hash) ) {
NSData *sha = [NSData dataWithBytes:hash length:CC_SHA256_DIGEST_LENGTH];
return [sha base64EncodedStringWithOptions:NSDataBase64Encoding76CharacterLineLength];
}
return nil;
}
- (NSString *)hmac:(NSData *)data {
const char *cKey = [[self signatureKey] cStringUsingEncoding : NSASCIIStringEncoding];
unsigned char cHMAC[CC_SHA256_DIGEST_LENGTH];
CCHmac(kCCHmacAlgSHA256, cKey, strlen(cKey), [data bytes], [data length], cHMAC);
NSData *hmac = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)];
return [hmac base64EncodedStringWithOptions:NSDataBase64Encoding76CharacterLineLength];
}
@end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment