smartapp.signature

Verify HTTP signatures on SmartApp lifecycle event requests.

Module Contents

smartapp.signature.retrieve_public_key(key_server_url: str, key_id: str) → str

Retrieve a public key, caching the result.

smartapp.signature.DATE_FORMAT = 'DD MMM YYYY HH:mm:ss ZZZ'

class smartapp.signature.SignatureVerifier

Signature verifier for Joyent HTTP signatures.

context: smartapp.interface.SmartAppRequestContext

config: smartapp.interface.SmartAppDispatcherConfig

definition: smartapp.interface.SmartAppDefinition

correlation_id: str | None

body: str

content_length: int

method: str

path: str

request_target: str

date: arrow.Arrow

authorization: str

signing_attributes: collections.abc.Mapping[str, str]

signing_headers: str

key_id: str

keyserver_url: str

algorithm: str

signature: str

signing_string: str

header(name: str) → str

Return the named header case-insensitively, raising SignatureError if it is not found or is empty

retrieve_public_key() → str

Retrieve the configured public key.

verify_date() → None

Verify the date, ensuring that it is current per skew configuration.

verify_signature() → None

Verify the RSA-SHA256 signature of the signing string.

verify() → None

Verify the request date and the signature of the signing string.