apsig.draft
apsig.draft provide signer and verifier implementation of cavage-http-signatures. not compatible with RFC9421 implementation.
Signer
__init__(headers, private_key, method, url, key_id, body=b'', signed_headers=None)
Signs an HTTP request with a digital signature.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
private_key
|
|
The RSA private key used to sign the request. |
required |
method
|
|
The HTTP method (e.g., "GET", "POST"). |
required |
url
|
|
The URL of the request. |
required |
headers
|
|
A dictionary of HTTP headers that will be signed. |
required |
key_id
|
|
The key identifier to include in the signature header. |
required |
body
|
|
The request body. Defaults to an empty byte string. |
b''
|
signed_headers
|
|
A list of headers to include in the signature. Defaults to a secure set of headers. |
None
|
Raises:
| Type | Description |
|---|---|
|
If the signing process fails due to invalid parameters. |
Verifier
__init__(public_pem, method, url, headers, body=None, clock_skew=300)
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
public_pem
|
|
The public key in PEM format used to verify the signature. |
required |
method
|
|
The HTTP method (e.g., "GET", "POST"). |
required |
url
|
|
The URL of the request. |
required |
headers
|
|
A dictionary of HTTP headers, including the signature and other relevant information. |
required |
body
|
|
The request body. Defaults to an empty byte string. |
None
|
clock_skew
|
|
The number of seconds to allow for clock skew. Defaults to 300. |
300
|
verify(raise_on_fail=False)
Verifies the digital signature of an HTTP request.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
raise_on_fail
|
|
Return error on failure. defaults to False. |
False
|
Returns:
Raises:
| Type | Description |
|---|---|
|
If the signature header is missing or if the algorithm is unsupported. |