kopia lustrzana https://gitlab.com/jaywink/federation
Implement LD signatures for outbound payloads.
Alain St-Denis
rodzic
f787c2f998
commit
0d42bb7018
|
|
@ -8,7 +8,7 @@ from Crypto.PublicKey.RSA import RsaKey
|
||||||
|
|
||||||
from federation.entities.activitypub.enums import ActorType
|
from federation.entities.activitypub.enums import ActorType
|
||||||
from federation.entities.mixins import BaseEntity
|
from federation.entities.mixins import BaseEntity
|
||||||
from federation.protocols.activitypub.signing import verify_request_signature, verify_ld_signature
|
from federation.protocols.activitypub.signing import verify_request_signature, verify_ld_signature, create_ld_signature
|
||||||
from federation.types import UserType, RequestType
|
from federation.types import UserType, RequestType
|
||||||
from federation.utils.text import decode_if_bytes
|
from federation.utils.text import decode_if_bytes
|
||||||
|
|
||||||
|
|
@ -59,6 +59,7 @@ class Protocol:
|
||||||
rendered = entity.outbound_doc
|
rendered = entity.outbound_doc
|
||||||
else:
|
else:
|
||||||
rendered = entity.to_as2()
|
rendered = entity.to_as2()
|
||||||
|
create_ld_signature(rendered, from_user)
|
||||||
return rendered
|
return rendered
|
||||||
|
|
||||||
def extract_actor(self):
|
def extract_actor(self):
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ import datetime
|
||||||
import logging
|
import logging
|
||||||
import math
|
import math
|
||||||
import re
|
import re
|
||||||
from base64 import b64decode
|
from base64 import b64encode, b64decode
|
||||||
from copy import copy
|
from copy import copy
|
||||||
from funcy import omit
|
from funcy import omit
|
||||||
from pyld import jsonld
|
from pyld import jsonld
|
||||||
|
|
@ -45,10 +45,6 @@ def get_http_authentication(private_key: RsaKey, private_key_id: str, digest: bo
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def create_ld_signature(payload, private_key):
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
def verify_request_signature(request: RequestType, required: bool=True):
|
def verify_request_signature(request: RequestType, required: bool=True):
|
||||||
"""
|
"""
|
||||||
Verify HTTP signature in request against a public key.
|
Verify HTTP signature in request against a public key.
|
||||||
|
|
@ -95,6 +91,33 @@ def verify_request_signature(request: RequestType, required: bool=True):
|
||||||
return signer.id
|
return signer.id
|
||||||
|
|
||||||
|
|
||||||
|
def create_ld_signature(obj, author):
|
||||||
|
# Use models.Signature? Maybe overkill...
|
||||||
|
sig = {
|
||||||
|
'created': datetime.datetime.now(tz=datetime.timezone.utc).isoformat(timespec='seconds'),
|
||||||
|
'creator': f'{author.id}#main-key',
|
||||||
|
'@context':'https://w3id.org/security/v1'
|
||||||
|
}
|
||||||
|
|
||||||
|
try:
|
||||||
|
private_key = import_key(author.private_key)
|
||||||
|
except ValueError as exc:
|
||||||
|
logger.warning(f'ld_signature - {exc}')
|
||||||
|
return None
|
||||||
|
signer = pkcs1_15.new(private_key)
|
||||||
|
|
||||||
|
sig_nquads = normalize(sig, options={'format':'application/nquads','algorithm':'URDNA2015'}).encode('utf-8')
|
||||||
|
sig_digest = SHA256.new(sig_nquads).hexdigest()
|
||||||
|
obj_nquads = normalize(obj, options={'format':'application/nquads','algorithm':'URDNA2015'}).encode('utf-8')
|
||||||
|
obj_digest = SHA256.new(obj_nquads).hexdigest()
|
||||||
|
digest = (sig_digest + obj_digest).encode('utf-8')
|
||||||
|
|
||||||
|
signature = signer.sign(SHA256.new(digest))
|
||||||
|
sig.update({'type': 'RsaSignature2017', 'signatureValue': b64encode(signature).decode()})
|
||||||
|
sig.pop('@context')
|
||||||
|
|
||||||
|
obj.update({'signature':sig})
|
||||||
|
|
||||||
def verify_ld_signature(payload):
|
def verify_ld_signature(payload):
|
||||||
"""
|
"""
|
||||||
Verify inbound payload LD signature
|
Verify inbound payload LD signature
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue