now also use RSA keys of pubgate

4 years ago · 22c6985ae2
3 changed files with 90 additions and 77 deletions
--- a/basic_ap.py
+++ b/basic_ap.py
@ -31,6 +31,7 @@ from Crypto.Signature import pkcs1_15
 from Crypto.PublicKey import RSA

 from httpsig import HTTPSigAuth
+from key import Key, get_key

 #
 import logging
@ -61,73 +62,7 @@ def public_key():
        public_key = public_key.replace('\n','\\n') #public key shouldn't contain verbatim linebreaks in json
        return public_key

-public_key() #generate public_key on first launch
-
-# def build_signing_string(headers, header_values):
-#     return '\n'.join(map(lambda x: ': '.join([x.lower(), headers[x]]), header_values))
-
-# def messageContentDigest(messageBodyJsonStr: str) -> str:
-#     msg = messageBodyJsonStr.encode('utf-8')
-#     digestStr = SHA256.new(msg).digest()
-#     return base64.b64encode(digestStr).decode('utf-8')
-
-
-
-# def sign_header(private_key, keyID, host, messageBodyJsonStr):
-#     """
-#     Sign HTTP headers 
-#     """
-#     date = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()) #RFC1123 Time format
-
-#     #Based on https://code.freedombone.net/bashrc/epicyon/src/main/httpsig.py
-#     keyfile = open(private_key,'rb').read()
-#     secret = RSA.import_key(keyfile) 
-
-#     bodyDigest = messageContentDigest(messageBodyJsonStr)
-#     contentLength = len(messageBodyJsonStr)
-#     print(contentLength)
-    
-#     path = '/inbox'
-
-#     headers = {
-#             '(request-target)': f'post {path}',
-#             'host': host,
-#             'date': date,
-#             'digest': f'SHA-256={bodyDigest}',
-#             'content-type': 'application/json',
-#             'content-length': str(contentLength)
-#         }
-
-
-#     signedHeaderKeys = headers.keys()
-#     signedHeaderText = ''
-
-#     for headerKey in signedHeaderKeys:
-#         signedHeaderText += f'{headerKey}: {headers[headerKey]}\n'
-
-#     signedHeaderText = signedHeaderText.strip()
-#     headerDigest = SHA256.new(signedHeaderText.encode('ascii'))
-
-#     # Sign the digest
-#     rawSignature = pkcs1_15.new(secret).sign(headerDigest)
-#     signature = base64.b64encode(rawSignature).decode('ascii')
-
-#     # Put it into a valid HTTP signature format
-#     signatureDict = {
-#         'keyId': keyID,
-#         'algorithm': 'rsa-sha256',
-#         'headers': ' '.join(signedHeaderKeys),
-#         'signature': signature
-#     }
-#     signatureHeader = ', '.join(
-#         [f'{k}="{v}"' for k, v in signatureDict.items()])
-    
-
-#     headers['signature'] = signatureHeader
-
-#     return headers
-
-
+key = get_key(f'{DOMAIN}/users/{USERNAME}') #generate public_key on first launch


 #Flask
@ -159,34 +94,38 @@ def profile(actor):
    Return an Actor object 
    see templates/actor.json
    """
-    json = flask.render_template('actor.json', preferred_username=USERNAME, actor=actor, domain=DOMAIN, public_key=public_key()) # render our ActivityPub answer
+    key = get_key(f'{DOMAIN}/users/{actor}')
+    publicKeyPem = key.to_dict()['publicKeyPem']
+    publicKeyPem = publicKeyPem.replace('\n','\\n') #public key shouldn't contain verbatim linebreaks in json
+
+    json = flask.render_template('actor.json', preferred_username=USERNAME, actor=actor, domain=DOMAIN, public_key=publicKeyPem) # render our ActivityPub answer
+    
    return Response(response=json, status=200,  mimetype="application/json") # return that answer as a json object


@app.route('/post/', methods=['POST','GET'])
 def post():

-    keyfile = open('private.pem','rb').read()
-    key = {'privkey': RSA.import_key(keyfile), 'keyId': DOMAIN+'/users/'+USERNAME+'#main-key'} 
+    #key = get_key(f'{DOMAIN}/users/{USERNAME}')

    headers = {"content-type": "application/activity+json",
-               "user-agent": f"test v:1"}
+               "user-agent": f"Basic AP v: 0.0"}

-    json_message=json.loads(flask.render_template('create.json',
-        domain=DOMAIN,public_key=public_key(),actor=USERNAME,host='DOMAIN'))
+    activity=json.loads(flask.render_template('create.json',
+        domain=DOMAIN, actor=USERNAME))
    

    http_sig = HTTPSigAuth(key, headers)

    url = 'https://post.lurk.org/inbox'

-    body = json.dumps(json_message)
+    body = json.dumps(activity)

    headers = http_sig.sign(url,body)

    #signed_headers = sign_header('private.pem', DOMAIN+'/users/'+USERNAME+'#main-key','https://post.lurk.org', json.dumps(json_message))

-    r = requests.post('https://post.lurk.org/inbox', json=body, headers=headers)
+    r = requests.post(url, json=body, headers=headers)

    html = f'Status code <pre>{r.status_code}</pre></br>Response Headers: <pre>{r.headers}</pre></br></br> json message: <pre>{r.request.body}</pre></br></br> Request headers: <pre>{r.request.headers}</pre>'
    html_headers = f'<html><head><style>pre {{overflow:auto;background-color:#eee;}}</style></head><body>{html}</body></html>'
--- a/httpsig.py
+++ b/httpsig.py
@ -103,13 +103,13 @@ class HTTPSigAuth:
        sigheaders = headers.keys()
        sigstring = build_signing_string(headers, sigheaders)

-        signer = PKCS1_v1_5.new(self.key['privkey'])
+        signer = PKCS1_v1_5.new(self.key.privkey)
        digest = SHA256.new()
        digest.update(sigstring.encode("ascii"))
        sigdata = base64.b64encode(signer.sign(digest))

        sig = {
-            'keyId': self.key['keyId'],
+            'keyId': self.key.key_id(),
            'algorithm': 'rsa-sha256',
            'headers': ' '.join(sigheaders),
            'signature': sigdata.decode('ascii')
--- a/key.py
+++ b/key.py
@ -0,0 +1,74 @@
+import os
+import re
+import base64
+from Crypto.PublicKey import RSA
+from Crypto.Util import number
+from typing import Any
+from typing import Dict
+from typing import Optional
+
+KEY_DIR = os.path.join(os.path.dirname(os.path.abspath(__file__)), '.')
+
+class Key(object):
+    DEFAULT_KEY_SIZE = 2048
+
+    def __init__(self, owner: str) -> None:
+        self.owner = owner
+        self.privkey_pem: Optional[str] = None
+        self.pubkey_pem: Optional[str] = None
+        self.privkey: Optional[Any] = None
+        self.pubkey: Optional[Any] = None
+
+    def load_pub(self, pubkey_pem: str) -> None:
+        self.pubkey_pem = pubkey_pem
+        self.pubkey = RSA.importKey(pubkey_pem)
+
+    def load(self, privkey_pem: str) -> None:
+        self.privkey_pem = privkey_pem
+        self.privkey = RSA.importKey(self.privkey_pem)
+        self.pubkey_pem = self.privkey.publickey().exportKey("PEM").decode("utf-8")
+
+    def new(self) -> None:
+        k = RSA.generate(self.DEFAULT_KEY_SIZE)
+        self.privkey_pem = k.exportKey("PEM").decode("utf-8")
+        self.pubkey_pem = k.publickey().exportKey("PEM").decode("utf-8")
+        self.privkey = k
+
+    def key_id(self) -> str:
+        return f"{self.owner}#main-key"
+
+    def to_dict(self) -> Dict[str, Any]:
+        return {
+            "id": self.key_id(),
+            "owner": self.owner,
+            "publicKeyPem": self.pubkey_pem,
+        }
+
+    def to_magic_key(self) -> str:
+        mod = base64.urlsafe_b64encode(
+            number.long_to_bytes(self.privkey.n)  # type: ignore
+        ).decode("utf-8")
+        pubexp = base64.urlsafe_b64encode(
+            number.long_to_bytes(self.privkey.e)  # type: ignore
+        ).decode("utf-8")
+        return f"data:application/magic-public-key,RSA.{mod}.{pubexp}"
+
+
+def get_key(owner: str) -> Key:
+    """"Loads or generates an RSA key."""
+    k = Key(owner)
+    user = re.sub('[^\w\d]', "_", owner)
+    key_path = os.path.join(KEY_DIR, f"key_{user}.pem")
+    if os.path.isfile(key_path):
+        with open(key_path) as f:
+            privkey_pem = f.read()
+            k.load(privkey_pem)
+    else:
+        k.new()
+        with open(key_path, "w") as f:
+            f.write(k.privkey_pem)
+
+    return k
+
+
+