use http signing code from pubgate

4 years ago · d65d135eec
2 changed files with 74 additions and 58 deletions
--- a/basic_ap.py
+++ b/basic_ap.py
@ -30,6 +30,8 @@ from Crypto.Hash import SHA256
 from Crypto.Signature import pkcs1_15
 from Crypto.PublicKey import RSA

+from httpsig import HTTPSigAuth
+
 #
 import logging
 import http.client as http_client
@ -61,69 +63,69 @@ def public_key():

 public_key() #generate public_key on first launch

-def build_signing_string(headers, header_values):
-    return '\n'.join(map(lambda x: ': '.join([x.lower(), headers[x]]), header_values))
+# def build_signing_string(headers, header_values):
+#     return '\n'.join(map(lambda x: ': '.join([x.lower(), headers[x]]), header_values))

-def messageContentDigest(messageBodyJsonStr: str) -> str:
-    msg = messageBodyJsonStr.encode('utf-8')
-    digestStr = SHA256.new(msg).digest()
-    return base64.b64encode(digestStr).decode('utf-8')
+# def messageContentDigest(messageBodyJsonStr: str) -> str:
+#     msg = messageBodyJsonStr.encode('utf-8')
+#     digestStr = SHA256.new(msg).digest()
+#     return base64.b64encode(digestStr).decode('utf-8')



-def sign_header(private_key, keyID, host, messageBodyJsonStr):
-    """
-    Sign HTTP headers 
-    """
-    date = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()) #RFC1123 Time format
+# def sign_header(private_key, keyID, host, messageBodyJsonStr):
+#     """
+#     Sign HTTP headers 
+#     """
+#     date = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()) #RFC1123 Time format

-    #Based on https://code.freedombone.net/bashrc/epicyon/src/main/httpsig.py
-    keyfile = open(private_key,'rb').read()
-    secret = RSA.import_key(keyfile) 
+#     #Based on https://code.freedombone.net/bashrc/epicyon/src/main/httpsig.py
+#     keyfile = open(private_key,'rb').read()
+#     secret = RSA.import_key(keyfile) 

-    bodyDigest = messageContentDigest(messageBodyJsonStr)
-    contentLength = len(messageBodyJsonStr)
-    print(contentLength)
+#     bodyDigest = messageContentDigest(messageBodyJsonStr)
+#     contentLength = len(messageBodyJsonStr)
+#     print(contentLength)
    
-    path = '/inbox'
-
-    headers = {
-            '(request-target)': f'post {path}',
-            'host': host,
-            'date': date,
-            'digest': f'SHA-256={bodyDigest}',
-            'content-type': 'application/json',
-            'content-length': str(contentLength)
-        }
-
-
-    signedHeaderKeys = headers.keys()
-    signedHeaderText = ''
-
-    for headerKey in signedHeaderKeys:
-        signedHeaderText += f'{headerKey}: {headers[headerKey]}\n'
-
-    signedHeaderText = signedHeaderText.strip()
-    headerDigest = SHA256.new(signedHeaderText.encode('ascii'))
-
-    # Sign the digest
-    rawSignature = pkcs1_15.new(secret).sign(headerDigest)
-    signature = base64.b64encode(rawSignature).decode('ascii')
-
-    # Put it into a valid HTTP signature format
-    signatureDict = {
-        'keyId': keyID,
-        'algorithm': 'rsa-sha256',
-        'headers': ' '.join(signedHeaderKeys),
-        'signature': signature
-    }
-    signatureHeader = ', '.join(
-        [f'{k}="{v}"' for k, v in signatureDict.items()])
+#     path = '/inbox'
+
+#     headers = {
+#             '(request-target)': f'post {path}',
+#             'host': host,
+#             'date': date,
+#             'digest': f'SHA-256={bodyDigest}',
+#             'content-type': 'application/json',
+#             'content-length': str(contentLength)
+#         }
+
+
+#     signedHeaderKeys = headers.keys()
+#     signedHeaderText = ''
+
+#     for headerKey in signedHeaderKeys:
+#         signedHeaderText += f'{headerKey}: {headers[headerKey]}\n'
+
+#     signedHeaderText = signedHeaderText.strip()
+#     headerDigest = SHA256.new(signedHeaderText.encode('ascii'))
+
+#     # Sign the digest
+#     rawSignature = pkcs1_15.new(secret).sign(headerDigest)
+#     signature = base64.b64encode(rawSignature).decode('ascii')
+
+#     # Put it into a valid HTTP signature format
+#     signatureDict = {
+#         'keyId': keyID,
+#         'algorithm': 'rsa-sha256',
+#         'headers': ' '.join(signedHeaderKeys),
+#         'signature': signature
+#     }
+#     signatureHeader = ', '.join(
+#         [f'{k}="{v}"' for k, v in signatureDict.items()])
    

-    headers['signature'] = signatureHeader
+#     headers['signature'] = signatureHeader

-    return headers
+#     return headers



@ -163,14 +165,28 @@ def profile(actor):

@app.route('/post/', methods=['POST','GET'])
 def post():
-    date = strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime())
+
+    keyfile = open('private.pem','rb').read()
+    key = {'privkey': RSA.import_key(keyfile), 'keyId': DOMAIN+'/users/'+USERNAME+'#main-key'} 
+
+    headers = {"content-type": "application/activity+json",
+               "user-agent": f"test v:1"}

    json_message=json.loads(flask.render_template('create.json',
-        domain=DOMAIN,public_key=public_key(),actor=USERNAME,host='DOMAIN', date=date))
+        domain=DOMAIN,public_key=public_key(),actor=USERNAME,host='DOMAIN'))
    
-    signed_headers = sign_header('private.pem', DOMAIN+'/users/'+USERNAME+'#main-key','https://post.lurk.org', json.dumps(json_message))

-    r = requests.post('https://post.lurk.org/inbox', json=json_message, headers=signed_headers)
+    http_sig = HTTPSigAuth(key, headers)
+
+    url = 'https://post.lurk.org/inbox'
+
+    body = json.dumps(json_message)
+
+    headers = http_sig.sign(url,body)
+
+    #signed_headers = sign_header('private.pem', DOMAIN+'/users/'+USERNAME+'#main-key','https://post.lurk.org', json.dumps(json_message))
+
+    r = requests.post('https://post.lurk.org/inbox', json=body, headers=headers)

    html = f'Status code <pre>{r.status_code}</pre></br>Response Headers: <pre>{r.headers}</pre></br></br> json message: <pre>{r.request.body}</pre></br></br> Request headers: <pre>{r.request.headers}</pre>'
    html_headers = f'<html><head><style>pre {{overflow:auto;background-color:#eee;}}</style></head><body>{html}</body></html>'
--- a/templates/create.json
+++ b/templates/create.json
@ -8,7 +8,7 @@
 	"object": {
 		"id": "{{domain}}/hello-world",
 		"type": "Note",
-		"published": "{{date}}",
+		"published": "2018-06-23T17:17:11Z",
 		"attributedTo": "{{domain}}/users/{{actor}}",
 		"inReplyTo": "https://post.lurk.org/@rra/101224791711855553",
 		"content": "<p>This is a test from a <a href='https://git.vvvvvvaria.org/rra/basic_ap'>flask based implementation</a> of the mastodon tutorial</p>",