[Python] Support for HTTP signature (#4958)

* start implementation of HTTP signature * add api key parameters for http message signature * HTTP signature authentication * start implementation of HTTP signature * add api key parameters for http message signature * HTTP signature authentication * HTTP signature authentication * start implementation of HTTP signature * fix merge issues * Address formatting issues * Address formatting issues * move python-experimental-openapiv3-sample to a separate PR * Add support for HTTP signature * Add code comments * Add code comments * Fix formatting issues * Fix formatting issues * Fix formatting issues * add code comments * add code comments * fix python formatting issues * Make PKCS1v15 string constant consistent between Python and Golang * fix python formatting issues * Add code comments in generated Python. Start adding unit tests for HTTP signature * compliance with HTTP signature draft 12 * compliance with HTTP signature draft 12 * working on review comments * working on review comments * working on review comments * working on review comments * working on review comments * working on review comments * working on review comments * working on review comments * working on review comments * fix python formatting issues * fix trailing white space * address PR comments * address PR comments * address PR comments * Add suppport for '(expires)' signature parameter * address PR comments * address PR comments * Fix python formatting issues * Fix python formatting issues * Starting to move code to dedicated file for HTTP signatures * Continue to refactor code to dedicated file for HTTP signatures * Continue to refactor code to dedicated file for HTTP signatures * Continue to refactor code to dedicated file for HTTP signatures * Continue to refactor code to dedicated file for HTTP signatures * move method to ProcessUtils * conditionally build signing.py * move method to ProcessUtils * Code reformatting * externalize http signature configuration * address PR review comments * address PR review comments * run samples scripts * Address PR review comments * Move 'private_key' field to signing module * Move 'private_key' field to signing module * code cleanup * remove use of strftime('%s'), which is non portable * code cleanup * code cleanup * code cleanup * run sample scripts * Address PR review comments. * Add http-signature security scheme * Run sample scripts for go * Fix issue uncovered in integration branch * Fix issue uncovered in integration branch * Fix issue uncovered in integration branch * Fix issue uncovered in integration branch * Run samples scripts * move http signature tests to separate file * move http signature tests to separate file * unit tests for HTTP signature * continue implementation of unit tests * add http_signature_test to security scheme * add unit tests for http signature * address review comments * remove http signature from petapi * Add separate OAS file with support for HTTP signature * Add support for private key passphrase. Add more unit tests * Add unit test to validate the signature against the public key * remove http signature from petstore-with-fake-endpoints-models-for-testing.yaml * fix unit test issues * run scripts in bin directory * Refact unit test with better variable names * do not throw exception if security scheme is unrecognized * change URL of apache license to use https * sync from master * fix usage of escape character in python regex. Fix generated python documentation * write HTTP signed headers in user-specified order. Fix PEP8 formatting issues * write HTTP signed headers in user-specified order. Fix PEP8 formatting issues * http signature unit tests * Fix PEP8 format issue * spread out each requirement to a separate line * run samples scripts * run sample scripts * remove encoding of '+' character
2020-01-26 18:17:26 -08:00
parent c0f7b47292
commit 4f350bc01c
30 changed files with 1827 additions and 44 deletions
--- a/samples/client/petstore/python/petstore_api/configuration.py
+++ b/samples/client/petstore/python/petstore_api/configuration.py
@@ -37,6 +37,8 @@ class Configuration(object):
      The dict value is an API key prefix when generating the auth data.
    :param username: Username for HTTP basic authentication
    :param password: Password for HTTP basic authentication
+    :param signing_info: Configuration parameters for HTTP signature.
+        Must be an instance of petstore_api.signing.HttpSigningConfiguration

    :Example:

@@ -55,11 +57,50 @@ class Configuration(object):
      )
    The following cookie will be added to the HTTP request:
       Cookie: JSESSIONID abc123
+
+    Configure API client with HTTP basic authentication:
+      conf = petstore_api.Configuration(
+          username='the-user',
+          password='the-password',
+      )
+
+    Configure API client with HTTP signature authentication. Use the 'hs2019' signature scheme,
+    sign the HTTP requests with the RSA-SSA-PSS signature algorithm, and set the expiration time
+    of the signature to 5 minutes after the signature has been created.
+    Note you can use the constants defined in the petstore_api.signing module, and you can
+    also specify arbitrary HTTP headers to be included in the HTTP signature, except for the
+    'Authorization' header, which is used to carry the signature.
+
+    One may be tempted to sign all headers by default, but in practice it rarely works.
+    This is beccause explicit proxies, transparent proxies, TLS termination endpoints or
+    load balancers may add/modify/remove headers. Include the HTTP headers that you know
+    are not going to be modified in transit.
+
+      conf = petstore_api.Configuration(
+        signing_info = petstore_api.signing.HttpSigningConfiguration(
+            key_id =                 'my-key-id',
+            private_key_path =       'rsa.pem',
+            signing_scheme =         signing.SCHEME_HS2019,
+            signing_algorithm =      signing.ALGORITHM_RSASSA_PSS,
+            signed_headers =         [signing.HEADER_REQUEST_TARGET,
+                                      signing.HEADER_CREATED,
+                                      signing.HEADER_EXPIRES,
+                                      signing.HEADER_HOST,
+                                      signing.HEADER_DATE,
+                                      signing.HEADER_DIGEST,
+                                      'Content-Type',
+                                      'Content-Length',
+                                      'User-Agent'
+                                     ],
+            signature_max_validity = datetime.timedelta(minutes=5)
+        )
+      )
    """

    def __init__(self, host="http://petstore.swagger.io:80/v2",
                 api_key=None, api_key_prefix=None,
-                 username=None, password=None):
+                 username=None, password=None,
+                 signing_info=None):
        """Constructor
        """
        self.host = host
@@ -88,6 +129,11 @@ class Configuration(object):
        self.password = password
        """Password for HTTP basic authentication
        """
+        if signing_info is not None:
+            signing_info.host = host
+        self.signing_info = signing_info
+        """The HTTP signing configuration
+        """
        self.access_token = ""
        """access token for OAuth/Bearer
        """