From 8dfe48e81c5a4a4116ac6b8bdc48b3a6c8c90fa4 Mon Sep 17 00:00:00 2001 From: rra Date: Wed, 17 Jun 2020 17:41:08 +0200 Subject: [PATCH] another attempt --- basic_ap.py | 86 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 57 insertions(+), 29 deletions(-) diff --git a/basic_ap.py b/basic_ap.py index a2fabdb..edbf7cb 100644 --- a/basic_ap.py +++ b/basic_ap.py @@ -27,7 +27,7 @@ from time import strftime, gmtime from Crypto.Hash import SHA256 -from Crypto.Signature import PKCS1_v1_5 +from Crypto.Signature import pkcs1_15 from Crypto.PublicKey import RSA # @@ -64,44 +64,70 @@ public_key() #generate public_key on first launch def build_signing_string(headers, header_values): return '\n'.join(map(lambda x: ': '.join([x.lower(), headers[x]]), header_values)) -def sign_header(private_key, key_id, host): +def messageContentDigest(messageBodyJsonStr: str) -> str: + msg = messageBodyJsonStr.encode('utf-8') + digestStr = SHA256.new(msg).digest() + return base64.b64encode(digestStr).decode('utf-8') + + + +def sign_header(private_key, keyID, host, messageBodyJsonStr): """ Sign HTTP headers """ - date = strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime()) #RFC1123 Time format + date = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()) #RFC1123 Time format - #Based on https://github.com/autogestion/pubgate/ + #Based on https://code.freedombone.net/bashrc/epicyon/src/main/httpsig.py keyfile = open(private_key,'rb').read() secret = RSA.import_key(keyfile) - signer = PKCS1_v1_5.new(secret) - - - headers = { 'request-target': 'post /inbox', - 'host': host, #this is the destination host - 'date': date, - } - sigheaders = headers.keys() - - sigstring = build_signing_string(headers, sigheaders) - print(sigstring - ) - digest = SHA256.new() - digest.update(sigstring.encode('ascii')) - sigdata = base64.b64encode(signer.sign(digest)) - - sig = { - 'keyId': key_id, - 'algorithm': 'rsa-sha256', - 'headers': ' '.join(sigheaders), - 'signature': sigdata.decode('ascii') + + bodyDigest = messageContentDigest(messageBodyJsonStr) + contentLength = len(messageBodyJsonStr) + print(contentLength) + + path = '/inbox' + + headers = { + '(request-target)': f'post {path}', + 'host': host, + 'date': date, + 'digest': f'SHA-256={bodyDigest}', + 'content-type': 'application/json', + 'content-length': str(contentLength) } + + + signedHeaderKeys = headers.keys() + signedHeaderText = '' + + for headerKey in signedHeaderKeys: + signedHeaderText += f'{headerKey}: {headers[headerKey]}\n' + + signedHeaderText = signedHeaderText.strip() + headerDigest = SHA256.new(signedHeaderText.encode('ascii')) + + # Sign the digest + rawSignature = pkcs1_15.new(secret).sign(headerDigest) + signature = base64.b64encode(rawSignature).decode('ascii') + + # Put it into a valid HTTP signature format + signatureDict = { + 'keyId': keyID, + 'algorithm': 'rsa-sha256', + 'headers': ' '.join(signedHeaderKeys), + 'signature': signature + } + signatureHeader = ','.join( + [f'{k}="{v}"' for k, v in signatureDict.items()]) - headers["signature"] = ','.join(['{}="{}"'.format(k, v) for k, v in sig.items()]) + + headers['signature'] = signatureHeader return headers + #Flask app = flask.Flask(__name__) @@ -138,11 +164,13 @@ def profile(actor): @app.route('/post/', methods=['POST','GET']) def post(): date = strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime()) - activity=json.loads(flask.render_template('create.json', + + json_message=json.loads(flask.render_template('create.json', domain=DOMAIN,public_key=public_key(),actor=USERNAME,host='DOMAIN', date=date)) - signed_headers = sign_header('private.pem', DOMAIN+'/users/'+USERNAME+'#main-key','https://post.lurk.org') + + signed_headers = sign_header('private.pem', DOMAIN+'/users/'+USERNAME+'#main-key','https://post.lurk.org', json.dumps(json_message)) - r = requests.post('https://post.lurk.org/inbox', json=activity, headers=signed_headers) + r = requests.post('https://post.lurk.org/inbox', json=json_message, headers=signed_headers) a = (r.status_code, r.text, r.headers) a = str(a)