http-message-signatures 0.5.0__tar.gz → 0.6.1__tar.gz

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/.github/workflows/ci.yml

@@ -10,7 +10,7 @@ jobs:
       fail-fast: false
       max-parallel: 8
       matrix:
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
 
     steps:
       - uses: actions/checkout@v4
@@ -23,13 +23,16 @@ jobs:
         run: pip install .[tests]
       - name: Test
         run: make test
-  black:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - uses: psf/black@stable
   isort:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
       - uses: isort/isort-action@v1.1.0
+  ruff:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/ruff-action@v3
+      - uses: astral-sh/ruff-action@v3
+        with:
+          args: "format --check"

http_message_signatures-0.6.1/.github/workflows/release.yml

@@ -0,0 +1,21 @@
+name: Publish release to PyPI
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  pypi-publish:
+    name: Build and upload release to PyPI
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+      - run: pip install build
+      - run: python -m build
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/Changes.rst

@@ -1,3 +1,14 @@
+Changes for v0.6.1 (2025-05-29)
+===============================
+
+- Switch to trusted publishing
+
+Changes for v0.6.0 (2025-05-29)
+===============================
+
+- [http-message-signatures-add] Add support for ‘tag’ signature
+  parameter (#17)
+
 Changes for v0.5.0 (2024-02-21)
 ===============================
 

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/LICENSE

@@ -165,27 +165,3 @@ incurred by, or claims asserted against, such Contributor by reason of your
 accepting any such warranty or additional liability.
 
 END OF TERMS AND CONDITIONS
-
-APPENDIX: How to apply the Apache License to your work
-
-To apply the Apache License to your work, attach the following boilerplate
-notice, with the fields enclosed by brackets "[]" replaced with your own
-identifying information. (Don't include the brackets!) The text should be
-enclosed in the appropriate comment syntax for the file format. We also
-recommend that a file or class name and description of purpose be included on
-the same "printed page" as the copyright notice for easier identification within
-third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/Makefile

@@ -1,7 +1,7 @@
 SHELL=/bin/bash
 
 lint:
-	ruff http_message_signatures
+	ruff check http_message_signatures
 	mypy --check-untyped-defs http_message_signatures
 
 test: lint

http_message_signatures-0.6.1/NOTICE

@@ -0,0 +1,10 @@
+http-message-signatures is a free open source implementation of the
+IETF HTTP Message Signatures standard, RFC 9421.  This project is
+staffed by volunteers. If you are using http-message-signatures in a
+for-profit project, please contribute to its development and
+maintenance using the "Sponsor" button on the GitHub project page,
+https://github.com/pyauth/http-message-signatures. If you are looking
+for support with commercial applications based on
+http-message-signatures, please donate and contact its developers
+using the issue tracker on the http-message-signatures project page or
+the contact information listed in README.rst.

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/PKG-INFO

@@ -1,13 +1,15 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: http-message-signatures
-Version: 0.5.0
+Version: 0.6.1
 Summary: An implementation of the IETF HTTP Message Signatures draft standard
-Home-page: https://github.com/pyauth/http-message-signatures
+Project-URL: Homepage, https://github.com/pyauth/http-message-signatures
 Author: Andrey Kislyuk
 Author-email: kislyuk@gmail.com
+Maintainer: Andrey Kislyuk
+Maintainer-email: kislyuk@gmail.com
 License: Apache Software License
-Platform: MacOS X
-Platform: Posix
+License-File: LICENSE
+License-File: NOTICE
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Operating System :: MacOS :: MacOS X
@@ -18,24 +20,26 @@ Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
-License-File: LICENSE
-Requires-Dist: http-sfv>=0.9.3
+Requires-Python: >=3.8
 Requires-Dist: cryptography>=36.0.2
+Requires-Dist: http-sfv>=0.9.3
 Provides-Extra: tests
-Requires-Dist: flake8; extra == "tests"
-Requires-Dist: coverage; extra == "tests"
-Requires-Dist: build; extra == "tests"
-Requires-Dist: wheel; extra == "tests"
-Requires-Dist: mypy; extra == "tests"
-Requires-Dist: requests; extra == "tests"
-Requires-Dist: ruff; extra == "tests"
+Requires-Dist: build; extra == 'tests'
+Requires-Dist: coverage; extra == 'tests'
+Requires-Dist: flake8; extra == 'tests'
+Requires-Dist: mypy; extra == 'tests'
+Requires-Dist: requests; extra == 'tests'
+Requires-Dist: ruff; extra == 'tests'
+Requires-Dist: wheel; extra == 'tests'
+Description-Content-Type: text/x-rst
 
 http-message-signatures: An implementation of RFC 9421, the IETF HTTP Message Signatures standard
 =================================================================================================
 
 *http-message-signatures* is an implementation of the IETF
-`RFC 9421 HTTP Message Signatures <https://datatracker.ietf.org/doc/rfc9421/>`_ draft standard in
+`RFC 9421 HTTP Message Signatures <https://datatracker.ietf.org/doc/rfc9421/>`_ standard in
 Python.
 
 Installation
@@ -107,7 +111,7 @@ digest etc.)
 
 Authors
 -------
-* Andrey Kislyuk
+* `Andrey Kislyuk <https://kislyuk.com>`
 
 Links
 -----
@@ -124,4 +128,7 @@ Please report bugs, issues, feature requests, etc. on `GitHub <https://github.co
 
 License
 -------
-Licensed under the terms of the `Apache License, Version 2.0 <http://www.apache.org/licenses/LICENSE-2.0>`_.
+Copyright 2017-2024, Andrey Kislyuk and http-message-signatures contributors. Licensed under the terms of the
+`Apache License, Version 2.0 <http://www.apache.org/licenses/LICENSE-2.0>`_. Distribution of attribution information,
+LICENSE and NOTICE files with source copies of this package and derivative works is **REQUIRED** as specified by the
+Apache License.

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/README.rst

@@ -2,7 +2,7 @@ http-message-signatures: An implementation of RFC 9421, the IETF HTTP Message Si
 =================================================================================================
 
 *http-message-signatures* is an implementation of the IETF
-`RFC 9421 HTTP Message Signatures <https://datatracker.ietf.org/doc/rfc9421/>`_ draft standard in
+`RFC 9421 HTTP Message Signatures <https://datatracker.ietf.org/doc/rfc9421/>`_ standard in
 Python.
 
 Installation
@@ -74,7 +74,7 @@ digest etc.)
 
 Authors
 -------
-* Andrey Kislyuk
+* `Andrey Kislyuk <https://kislyuk.com>`
 
 Links
 -----
@@ -91,4 +91,7 @@ Please report bugs, issues, feature requests, etc. on `GitHub <https://github.co
 
 License
 -------
-Licensed under the terms of the `Apache License, Version 2.0 <http://www.apache.org/licenses/LICENSE-2.0>`_.
+Copyright 2017-2024, Andrey Kislyuk and http-message-signatures contributors. Licensed under the terms of the
+`Apache License, Version 2.0 <http://www.apache.org/licenses/LICENSE-2.0>`_. Distribution of attribution information,
+LICENSE and NOTICE files with source copies of this package and derivative works is **REQUIRED** as specified by the
+Apache License.

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/common.mk

@@ -18,9 +18,8 @@ release:
 	@if ! type -P pandoc; then echo "Please install pandoc"; exit 1; fi
 	@if ! type -P sponge; then echo "Please install moreutils"; exit 1; fi
 	@if ! type -P gh; then echo "Please install gh"; exit 1; fi
-	@if ! type -P twine; then echo "Please install twine"; exit 1; fi
 	git pull
-	git clean -x --force $$(python setup.py --name)
+	git clean -x --force $$(ls */__init__.py | xargs dirname)
 	TAG_MSG=$$(mktemp); \
 	    echo "# Changes for ${TAG} ($$(date +%Y-%m-%d))" > $$TAG_MSG; \
 	    git log --pretty=format:%s $$(git describe --abbrev=0)..HEAD >> $$TAG_MSG; \
@@ -32,10 +31,5 @@ release:
 	git push --follow-tags
 	$(MAKE) install
 	gh release create ${TAG} dist/*.whl --notes="$$(git tag --list ${TAG} -n99 | perl -pe 's/^\S+\s*// if $$. == 1' | sed 's/^\s\s\s\s//')"
-	$(MAKE) release-pypi
-
-release-pypi:
-	python -m build
-	twine upload dist/*.tar.gz dist/*.whl --verbose
 
 .PHONY: release

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/http_message_signatures/_algorithms.py

@@ -91,9 +91,9 @@ class ECDSA_P256_SHA256(HTTPSignatureAlgorithm, PEMKeyLoader):
             raise HTTPMessageSignaturesException("Unexpected public key type")
         if self.private_key and not isinstance(self.private_key, ec.EllipticCurvePrivateKey):
             raise HTTPMessageSignaturesException("Unexpected private key type")
-        if self.public_key and type(self.public_key.curve) != ec.SECP256R1:
+        if self.public_key and not isinstance(self.public_key.curve, ec.SECP256R1):
             raise HTTPMessageSignaturesException("Unexpected elliptic curve type in public key")
-        if self.private_key and type(self.private_key.curve) != ec.SECP256R1:
+        if self.private_key and not isinstance(self.private_key.curve, ec.SECP256R1):
             raise HTTPMessageSignaturesException("Unexpected elliptic curve type in private key")
         self.signature_algorithm = ec.ECDSA(hashes.SHA256())
 

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/http_message_signatures/signatures.py

@@ -14,7 +14,7 @@ logger = logging.getLogger(__name__)
 
 
 class HTTPSignatureHandler:
-    signature_metadata_parameters = {"alg", "created", "expires", "keyid", "nonce"}
+    signature_metadata_parameters = {"alg", "created", "expires", "keyid", "nonce", "tag"}
 
     def __init__(
         self,
@@ -46,7 +46,7 @@ class HTTPSignatureHandler:
                 raise HTTPMessageSignaturesException(f'Component ID "{component_key}" contains newline character')
             if component_key in sig_elements:
                 raise HTTPMessageSignaturesException(
-                    f'Component ID "{component_key}" appeared multiple times in ' "signature input"
+                    f'Component ID "{component_key}" appeared multiple times in signature input'
                 )
             sig_elements[component_key] = component_value
         sig_params_node = http_sfv.InnerList(covered_component_ids)
@@ -79,6 +79,7 @@ class HTTPMessageSigner(HTTPSignatureHandler):
         expires: Optional[datetime.datetime] = None,
         nonce: Optional[str] = None,
         label: Optional[str] = None,
+        tag: Optional[str] = None,
         include_alg: bool = True,
         covered_component_ids: Sequence[str] = ("@method", "@authority", "@target-uri"),
     ):
@@ -93,6 +94,8 @@ class HTTPMessageSigner(HTTPSignatureHandler):
             signature_params["expires"] = int(expires.timestamp())
         if nonce:
             signature_params["nonce"] = nonce
+        if tag:
+            signature_params["tag"] = tag
         if include_alg:
             signature_params["alg"] = self.signature_algorithm.algorithm_id
         covered_component_nodes = self._parse_covered_component_ids(covered_component_ids)

http_message_signatures-0.6.1/pyproject.toml

@@ -0,0 +1,54 @@
+[project]
+name = "http-message-signatures"
+description = "An implementation of the IETF HTTP Message Signatures draft standard"
+readme = "README.rst"
+requires-python = ">=3.8"
+license = {text = "Apache Software License"}
+authors = [{ name = "Andrey Kislyuk"}, {email = "kislyuk@gmail.com" }]
+maintainers = [{ name = "Andrey Kislyuk"}, {email = "kislyuk@gmail.com" }]
+dynamic = ["version"]
+classifiers = [
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Apache Software License",
+    "Operating System :: MacOS :: MacOS X",
+    "Operating System :: POSIX",
+    "Programming Language :: Python",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+]
+dependencies = [
+    "http-sfv >= 0.9.3",
+    "cryptography >= 36.0.2",
+]
+
+[project.urls]
+Homepage = "https://github.com/pyauth/http-message-signatures"
+
+[project.optional-dependencies]
+tests = [
+    "flake8",
+    "coverage",
+    "build",
+    "wheel",
+    "mypy",
+    "requests",
+    "ruff",
+]
+
+[build-system]
+requires = ["hatchling", "hatch-vcs"]
+build-backend = "hatchling.build"
+
+[tool.hatch.version]
+source = "vcs"
+
+[tool.isort]
+profile = "black"
+
+[tool.ruff]
+line-length = 120

http_message_signatures-0.6.1/setup.cfg

@@ -0,0 +1,3 @@
+[flake8]
+max-line-length=120
+ignore=E401

{http-message-signatures-0.5.0 → http_message_signatures-0.6.1}/test/test.py

@@ -31,7 +31,7 @@ from http_message_signatures.algorithms import (  # noqa
 )
 
 test_shared_secret = base64.b64decode(
-    "uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasj" "lTMtDQ=="
+    "uzvJfB4u3N0Jy4T7NZ75MDVcr8zSTInedJtkgcu46YW4XByzNJjxBdtjUkdJPBtbmHhIDi6pcl8jsasjlTMtDQ=="
 )
 
 
@@ -59,7 +59,7 @@ class TestHTTPMessageSignatures(unittest.TestCase):
         self.test_request = request.prepare()
         self.test_request.headers["Date"] = "Tue, 20 Apr 2021 02:07:55 GMT"
         self.test_request.headers["Content-Digest"] = (
-            "sha-512=:WZDPaVn/7XgHaAy8pmojAkGWoRx2UFChF41A2svX+TaPm+" "AbwAgBWnrIiYllu7BNNyealdVLvRwEmTHWXvJwew==:"
+            "sha-512=:WZDPaVn/7XgHaAy8pmojAkGWoRx2UFChF41A2svX+TaPm+AbwAgBWnrIiYllu7BNNyealdVLvRwEmTHWXvJwew==:"
         )
         self.test_response = requests.Response()
         self.test_response.request = self.test_request
@@ -68,7 +68,7 @@ class TestHTTPMessageSignatures(unittest.TestCase):
             "Date": "Tue, 20 Apr 2021 02:07:56 GMT",
             "Content-Type": "application/json",
             "Content-Digest": (
-                "sha-512=:JlEy2bfUz7WrWIjc1qV6KVLpdr/7L5/L4h7Sxvh6sNHpDQWDCL+" "GauFQWcZBvVDhiyOnAQsxzZFYwi0wDH+1pw==:"
+                "sha-512=:JlEy2bfUz7WrWIjc1qV6KVLpdr/7L5/L4h7Sxvh6sNHpDQWDCL+GauFQWcZBvVDhiyOnAQsxzZFYwi0wDH+1pw==:"
             ),
             "Content-Length": "23",
         }
@@ -205,7 +205,7 @@ class TestHTTPMessageSignatures(unittest.TestCase):
         verifier = HTTPMessageVerifier(signature_algorithm=ECDSA_P256_SHA256, key_resolver=self.key_resolver)
         self.verify(verifier, self.test_response)
         self.test_response.headers["Signature"] = (
-            "sig-b24=:0Ry6HsvzS5VmA6HlfBYS/fYYeNs7fYuA7s0tAdxfUlPGv0CSVuwrrzBOjc" "CFHTxVRJ01wjvSzM2BetJauj8dsw==:"
+            "sig-b24=:0Ry6HsvzS5VmA6HlfBYS/fYYeNs7fYuA7s0tAdxfUlPGv0CSVuwrrzBOjcCFHTxVRJ01wjvSzM2BetJauj8dsw==:"
         )
         self.verify(verifier, self.test_response)
 
@@ -262,6 +262,41 @@ class TestHTTPMessageSignatures(unittest.TestCase):
         with self.assertRaises(InvalidSignature):
             verifier.verify(self.test_request, max_age=self.max_age)
 
+    def test_http_message_signatures_B27(self):
+        signer = HTTPMessageSigner(signature_algorithm=ED25519, key_resolver=self.key_resolver)
+        signer.sign(
+            self.test_request,
+            key_id="test-key-ed25519",
+            covered_component_ids=("date", "@method", "@path", "@authority", "content-type", "content-length"),
+            created=datetime.fromtimestamp(1618884473),
+            label="sig-b27",
+            tag="tag-b27",
+            include_alg=False,
+        )
+        self.assertEqual(
+            self.test_request.headers["Signature-Input"],
+            (
+                'sig-b27=("date" "@method" "@path" "@authority" "content-type" "content-length");'
+                'created=1618884473;keyid="test-key-ed25519";tag="tag-b27"'
+            ),
+        )
+        signature = "sig-b27=:pDPhW4vxi28JZfogrM4NLeYhZKW+TYDko8KtzCFoTOFeGCCSivD0iVcIuT9gqM6AtGfgzqQU/GaoLqh8sC6bCg==:"
+        self.assertEqual(self.test_request.headers["Signature"], signature)
+        verifier = HTTPMessageVerifier(signature_algorithm=ED25519, key_resolver=self.key_resolver)
+        result = self.verify(verifier, self.test_request)[0]
+
+        self.assertEqual(result.parameters["keyid"], "test-key-ed25519")
+        self.assertEqual(result.parameters["tag"], "tag-b27")
+        self.assertIn("created", result.parameters)
+        self.assertEqual(result.label, "sig-b27")
+
+        self.test_request.headers["Signature"] = "sig-b26=:pxcQw6G3AjtMBQjwo8XzkZf/bws5LelbaMk5rGIGtE8=:"
+        with self.assertRaises(InvalidSignature):
+            verifier.verify(self.test_request, max_age=self.max_age)
+        self.test_request.headers["Signature"] = signature[::-1]
+        with self.assertRaises(InvalidSignature):
+            verifier.verify(self.test_request, max_age=self.max_age)
+
     def test_query_parameters(self):
         signer = HTTPMessageSigner(signature_algorithm=HMAC_SHA256, key_resolver=self.key_resolver)
         signer.sign(

http-message-signatures-0.5.0/http_message_signatures/version.py

@@ -1,16 +0,0 @@
-# file generated by setuptools_scm
-# don't change, don't track in version control
-TYPE_CHECKING = False
-if TYPE_CHECKING:
-    from typing import Tuple, Union
-    VERSION_TUPLE = Tuple[Union[int, str], ...]
-else:
-    VERSION_TUPLE = object
-
-version: str
-__version__: str
-__version_tuple__: VERSION_TUPLE
-version_tuple: VERSION_TUPLE
-
-__version__ = version = '0.5.0'
-__version_tuple__ = version_tuple = (0, 5, 0)

http-message-signatures-0.5.0/http_message_signatures.egg-info/PKG-INFO

@@ -1,127 +0,0 @@
-Metadata-Version: 2.1
-Name: http-message-signatures
-Version: 0.5.0
-Summary: An implementation of the IETF HTTP Message Signatures draft standard
-Home-page: https://github.com/pyauth/http-message-signatures
-Author: Andrey Kislyuk
-Author-email: kislyuk@gmail.com
-License: Apache Software License
-Platform: MacOS X
-Platform: Posix
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: Apache Software License
-Classifier: Operating System :: MacOS :: MacOS X
-Classifier: Operating System :: POSIX
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Topic :: Software Development :: Libraries :: Python Modules
-License-File: LICENSE
-Requires-Dist: http-sfv>=0.9.3
-Requires-Dist: cryptography>=36.0.2
-Provides-Extra: tests
-Requires-Dist: flake8; extra == "tests"
-Requires-Dist: coverage; extra == "tests"
-Requires-Dist: build; extra == "tests"
-Requires-Dist: wheel; extra == "tests"
-Requires-Dist: mypy; extra == "tests"
-Requires-Dist: requests; extra == "tests"
-Requires-Dist: ruff; extra == "tests"
-
-http-message-signatures: An implementation of RFC 9421, the IETF HTTP Message Signatures standard
-=================================================================================================
-
-*http-message-signatures* is an implementation of the IETF
-`RFC 9421 HTTP Message Signatures <https://datatracker.ietf.org/doc/rfc9421/>`_ draft standard in
-Python.
-
-Installation
-------------
-::
-
-    pip3 install http-message-signatures
-
-Synopsis
---------
-
-.. code-block:: python
-
-    from http_message_signatures import HTTPMessageSigner, HTTPMessageVerifier, HTTPSignatureKeyResolver, algorithms
-    import requests, base64, hashlib, http_sfv
-
-    class MyHTTPSignatureKeyResolver(HTTPSignatureKeyResolver):
-        keys = {"my-key": b"top-secret-key"}
-
-        def resolve_public_key(self, key_id: str):
-            return self.keys[key_id]
-
-        def resolve_private_key(self, key_id: str):
-            return self.keys[key_id]
-
-    request = requests.Request('POST', 'https://example.com/foo?param=Value&Pet=dog', json={"hello": "world"})
-    request = request.prepare()
-    request.headers["Content-Digest"] = str(http_sfv.Dictionary({"sha-256": hashlib.sha256(request.body).digest()}))
-
-    signer = HTTPMessageSigner(signature_algorithm=algorithms.HMAC_SHA256, key_resolver=MyHTTPSignatureKeyResolver())
-    signer.sign(request, key_id="my-key", covered_component_ids=("@method", "@authority", "@target-uri", "content-digest"))
-
-    verifier = HTTPMessageVerifier(signature_algorithm=algorithms.HMAC_SHA256, key_resolver=MyHTTPSignatureKeyResolver())
-    verifier.verify(request)
-
-Note that verifying the body content-digest is outside the scope of this package's functionality, so it remains the
-caller's responsibility. The `requests-http-signature <https://github.com/pyauth/requests-http-signature>`_ library
-builds upon this package to provide integrated signing and validation of the request body.
-
-.. admonition:: See what is signed
-
- It is important to understand and follow the best practice rule of "See what is signed" when verifying HTTP message
- signatures. The gist of this rule is: if your application neglects to verify that the information it trusts is
- what was actually signed, the attacker can supply a valid signature but point you to malicious data that wasn't signed
- by that signature. Failure to follow this rule can lead to vulnerability against signature wrapping and substitution
- attacks.
-
- In http-message-signatures, you can ensure that the information signed is what you expect to be signed by only trusting the
- data returned by the ``verify()`` method::
-
-   verify_results = verifier.verify(request)
-
- This returns a list of ``VerifyResult`` s, which are ``namedtuple`` s with the following attributes:
-
- * label (str): The label for the signature
- * algorithm: (same as signature_algorithm above)
- * covered_components: A mapping of component names to their values, as covered by the signature
- * parameters: A mapping of signature parameters to their values, as covered by the signature
- * body: Always ``None`` (the `requests-http-signature <https://github.com/pyauth/requests-http-signature>`_ package
-   implements returning the body upon successful digest validation).
-
-Given an HTTP request can potentially have multiple signatures the ``verify()`` method returns a list of ``VerifyResult`` s.
-However, the implementation currently supports just one signature, so the returned list currently contains just one element.
-If more signatures are found in the request then ``InvalidSignature`` is raised.
-
-Additionally, the ``verify()`` method raises ``HTTPMessageSignaturesException`` or an exception derived from this class in
-case an error occurs (unable to load PEM key, unsupported algorithm specified in signature input, signature doesn't match
-digest etc.)
-
-Authors
--------
-* Andrey Kislyuk
-
-Links
------
-* `Project home page (GitHub) <https://github.com/pyauth/http-message-signatures>`_
-* `Documentation <https://FIXME>`_
-* `Package distribution (PyPI) <https://pypi.python.org/pypi/http-message-signatures>`_
-* `Change log <https://github.com/pyauth/http-message-signatures/blob/master/Changes.rst>`_
-* `IETF HTTP Message Signatures standard tracker <https://datatracker.ietf.org/doc/rfc9421/>`_
-* `OWASP Top Ten <https://owasp.org/www-project-top-ten/>`_
-
-Bugs
-~~~~
-Please report bugs, issues, feature requests, etc. on `GitHub <https://github.com/pyauth/http-message-signatures/issues>`_.
-
-License
--------
-Licensed under the terms of the `Apache License, Version 2.0 <http://www.apache.org/licenses/LICENSE-2.0>`_.

http-message-signatures-0.5.0/http_message_signatures.egg-info/SOURCES.txt

@@ -1,36 +0,0 @@
-.gitignore
-Changes.rst
-LICENSE
-Makefile
-README.rst
-common.mk
-pyproject.toml
-setup.cfg
-setup.py
-.github/FUNDING.yml
-.github/workflows/ci.yml
-docs/conf.py
-docs/index.rst
-http_message_signatures/__init__.py
-http_message_signatures/_algorithms.py
-http_message_signatures/algorithms.py
-http_message_signatures/exceptions.py
-http_message_signatures/py.typed
-http_message_signatures/resolvers.py
-http_message_signatures/signatures.py
-http_message_signatures/structures.py
-http_message_signatures/version.py
-http_message_signatures.egg-info/PKG-INFO
-http_message_signatures.egg-info/SOURCES.txt
-http_message_signatures.egg-info/dependency_links.txt
-http_message_signatures.egg-info/requires.txt
-http_message_signatures.egg-info/top_level.txt
-test/test-key-ecc-p256.key
-test/test-key-ecc-p256.pem
-test/test-key-ed25519.key
-test/test-key-ed25519.pem
-test/test-key-rsa-pss.key
-test/test-key-rsa-pss.pem
-test/test-key-rsa.key
-test/test-key-rsa.pem
-test/test.py

http-message-signatures-0.5.0/http_message_signatures.egg-info/dependency_links.txt

@@ -1 +0,0 @@
-

http-message-signatures-0.5.0/http_message_signatures.egg-info/requires.txt

@@ -1,11 +0,0 @@
-http-sfv>=0.9.3
-cryptography>=36.0.2
-
-[tests]
-flake8
-coverage
-build
-wheel
-mypy
-requests
-ruff

http-message-signatures-0.5.0/http_message_signatures.egg-info/top_level.txt

@@ -1 +0,0 @@
-http_message_signatures

http-message-signatures-0.5.0/pyproject.toml

@@ -1,7 +0,0 @@
-[tool.black]
-line-length = 120
-exclude = ".*/version.py"
-[tool.isort]
-profile = "black"
-[tool.ruff]
-line-length=120

http-message-signatures-0.5.0/setup.cfg

@@ -1,8 +0,0 @@
-[flake8]
-max-line-length = 120
-ignore = E401
-
-[egg_info]
-tag_build = 
-tag_date = 0
-

http-message-signatures-0.5.0/setup.py

@@ -1,49 +0,0 @@
-#!/usr/bin/env python
-
-from setuptools import find_packages, setup  # type: ignore
-
-setup(
-    name="http-message-signatures",
-    url="https://github.com/pyauth/http-message-signatures",
-    license="Apache Software License",
-    author="Andrey Kislyuk",
-    author_email="kislyuk@gmail.com",
-    description="An implementation of the IETF HTTP Message Signatures draft standard",
-    long_description=open("README.rst").read(),
-    use_scm_version={
-        "write_to": "http_message_signatures/version.py",
-    },
-    setup_requires=["setuptools_scm >= 3.4.3"],
-    install_requires=["http-sfv >= 0.9.3", "cryptography >= 36.0.2"],
-    extras_require={
-        "tests": [
-            "flake8",
-            "coverage",
-            "build",
-            "wheel",
-            "mypy",
-            "requests",
-            "ruff",
-        ]
-    },
-    packages=find_packages(exclude=["test"]),
-    include_package_data=True,
-    package_data={
-        "http_message_signatures": ["py.typed"],
-    },
-    platforms=["MacOS X", "Posix"],
-    test_suite="test",
-    classifiers=[
-        "Intended Audience :: Developers",
-        "License :: OSI Approved :: Apache Software License",
-        "Operating System :: MacOS :: MacOS X",
-        "Operating System :: POSIX",
-        "Programming Language :: Python",
-        "Programming Language :: Python :: 3.8",
-        "Programming Language :: Python :: 3.9",
-        "Programming Language :: Python :: 3.10",
-        "Programming Language :: Python :: 3.11",
-        "Programming Language :: Python :: 3.12",
-        "Topic :: Software Development :: Libraries :: Python Modules",
-    ],
-)