vikramacharya · August 23, 2022 16:36
diff --git a/ondc_header_authorization.py b/ondc_header_authorization.py
 import base64
 import datetime
 import os
 import re
 import json
 import nacl.encoding
 import nacl.hash
 from nacl.bindings import crypto_sign_ed25519_sk_to_seed
 from nacl.signing import SigningKey, VerifyKey


 def hash_message(msg: str):
    HASHER = nacl.hash.blake2b
    digest = HASHER(bytes(msg, 'utf-8'), digest_size=64, encoder=nacl.encoding.Base64Encoder)
    digest_str = digest.decode("utf-8")
    return digest_str


 def create_signing_string(digest_base64, created=None, expires=None):
    if created is None:
        created = int(datetime.datetime.now().timestamp())
    if expires is None:
        expires = int((datetime.datetime.now() + datetime.timedelta(hours=1)).timestamp())
    signing_string = f"""(created): {created}
 (expires): {expires}
 digest: BLAKE-512={digest_base64}"""
    return signing_string


 def sign_response(signing_key, private_key):
    private_key64 = base64.b64decode(private_key)
    seed = crypto_sign_ed25519_sk_to_seed(private_key64)
    signer = SigningKey(seed)
    signed = signer.sign(bytes(signing_key, encoding='utf8'))
    signature = base64.b64encode(signed.signature).decode()
    return signature


 def verify_response(signature, signing_key, public_key):
    try:
        public_key64 = base64.b64decode(public_key)
        VerifyKey(public_key64).verify(bytes(signing_key, 'utf8'), base64.b64decode(signature))
        return True
    except Exception:
        return False



 def create_authorisation_header(request_body=request_body_json,
                                created=os.getenv("CREATED",  "1641287875"),
                                expires=os.getenv("EXPIRES",  "1641291475")):
    signing_key = create_signing_string(hash_message(json.dumps(request_body, separators=(',', ':'))),
                                        created=created, expires=expires)
    signature = sign_response(signing_key, private_key=os.getenv("BPP_PRIVATE_KEY"))

    subscriber_id = os.getenv("SUBSCRIBER_ID", "YOUR_SUBSCRIBER_ID")
    unique_key_id = os.getenv("UNIQUE_KEY_ID", "Your_UNIQUE_KEY_ID")
    header = f'Signature keyId="{subscriber_id}|{unique_key_id}|ed25519",algorithm="ed25519",created=' \
             f'"{created}",expires="{expires}",headers="(created) (expires) digest",signature="{signature}"'
    return header
	import base64
	import datetime
	import os
	import re
	import json
	import nacl.encoding
	import nacl.hash
	from nacl.bindings import crypto_sign_ed25519_sk_to_seed
	from nacl.signing import SigningKey, VerifyKey


	def hash_message(msg: str):
	HASHER = nacl.hash.blake2b
	digest = HASHER(bytes(msg, 'utf-8'), digest_size=64, encoder=nacl.encoding.Base64Encoder)
	digest_str = digest.decode("utf-8")
	return digest_str


	def create_signing_string(digest_base64, created=None, expires=None):
	if created is None:
	created = int(datetime.datetime.now().timestamp())
	if expires is None:
	expires = int((datetime.datetime.now() + datetime.timedelta(hours=1)).timestamp())
	signing_string = f"""(created): {created}
	(expires): {expires}
	digest: BLAKE-512={digest_base64}"""
	return signing_string


	def sign_response(signing_key, private_key):
	private_key64 = base64.b64decode(private_key)
	seed = crypto_sign_ed25519_sk_to_seed(private_key64)
	signer = SigningKey(seed)
	signed = signer.sign(bytes(signing_key, encoding='utf8'))
	signature = base64.b64encode(signed.signature).decode()
	return signature


	def verify_response(signature, signing_key, public_key):
	try:
	public_key64 = base64.b64decode(public_key)
	VerifyKey(public_key64).verify(bytes(signing_key, 'utf8'), base64.b64decode(signature))
	return True
	except Exception:
	return False



	def create_authorisation_header(request_body=request_body_json,
	created=os.getenv("CREATED", "1641287875"),
	expires=os.getenv("EXPIRES", "1641291475")):
	signing_key = create_signing_string(hash_message(json.dumps(request_body, separators=(',', ':'))),
	created=created, expires=expires)
	signature = sign_response(signing_key, private_key=os.getenv("BPP_PRIVATE_KEY"))

	subscriber_id = os.getenv("SUBSCRIBER_ID", "YOUR_SUBSCRIBER_ID")
	unique_key_id = os.getenv("UNIQUE_KEY_ID", "Your_UNIQUE_KEY_ID")
	header = f'Signature keyId="{subscriber_id}\|{unique_key_id}\|ed25519",algorithm="ed25519",created=' \
	f'"{created}",expires="{expires}",headers="(created) (expires) digest",signature="{signature}"'
	return header