From 80c9bb8c14c6b7a790d581148b927b1a1b20ec7c Mon Sep 17 00:00:00 2001
From: Kevin Gill <kevin@movieextras.ie>
Date: Fri, 19 Oct 2018 16:38:40 +0100
Subject: [PATCH 1/2] Added RSA512 algorithm.

---
 requests_http_signature/__init__.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/requests_http_signature/__init__.py b/requests_http_signature/__init__.py
index a61e67c..4786131 100644
--- a/requests_http_signature/__init__.py
+++ b/requests_http_signature/__init__.py
@@ -13,7 +13,7 @@ class Crypto:
             from cryptography.hazmat.backends import default_backend
             from cryptography.hazmat.primitives.asymmetric import rsa, ec
             from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
-            from cryptography.hazmat.primitives.hashes import SHA1, SHA256
+            from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512
         self.__dict__.update(locals())
 
     def sign(self, string_to_sign, key, passphrase=None):
@@ -23,6 +23,9 @@ class Crypto:
         if self.algorithm in {"rsa-sha1", "rsa-sha256"}:
             hasher = self.SHA1() if self.algorithm.endswith("sha1") else self.SHA256()
             signer = key.signer(padding=self.PKCS1v15(), algorithm=hasher)
+        elif self.algorithm in {"rsa-sha512"}:
+            hasher = self.SHA512()
+            signer = key.signer(padding=self.PKCS1v15(), algorithm=hasher)
         elif self.algorithm == "ecdsa-sha256":
             signer = key.signer(signature_algorithm=self.ec.ECDSA(algorithm=self.SHA256()))
         signer.update(string_to_sign)
@@ -44,6 +47,7 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
     known_algorithms = {
         "rsa-sha1",
         "rsa-sha256",
+        "rsa-sha512",
         "hmac-sha256",
         "ecdsa-sha256",
     }

From be44d4f19fd21fdbb7904e314c7fa470b01f6a75 Mon Sep 17 00:00:00 2001
From: Kevin Gill <kevin@movieextras.ie>
Date: Fri, 19 Oct 2018 21:36:45 +0100
Subject: [PATCH 2/2] Support
 https://tools.ietf.org/html/draft-cavage-http-signatures-08#section-4, which
 uses a Signature header instead of Authorization header.

---
 requests_http_signature/__init__.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/requests_http_signature/__init__.py b/requests_http_signature/__init__.py
index 4786131..27ab7a9 100644
--- a/requests_http_signature/__init__.py
+++ b/requests_http_signature/__init__.py
@@ -121,3 +121,25 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
         sts = self.get_string_to_sign(request, headers)
         key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
         Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
+
+class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
+    """
+        https://tools.ietf.org/html/draft-cavage-http-signatures-08#section-4
+
+        Using "Signature" header instead of "Authorization" header.
+    """
+
+    def __call__(self, request):
+        self.add_date(request)
+        self.add_digest(request)
+        raw_sig = Crypto(self.algorithm).sign(string_to_sign=self.get_string_to_sign(request, self.headers),
+                                              key=self.key,
+                                              passphrase=self.passphrase)
+        sig = base64.b64encode(raw_sig).decode()
+        sig_struct = [("keyId", self.key_id),
+                      ("algorithm", self.algorithm),
+                      ("headers", " ".join(self.headers)),
+                      ("signature", sig)]
+        request.headers["Signature"] = ",".join('{}="{}"'.format(k, v) for k, v in sig_struct)
+        return request
+