Browse Source

use http signing code from pubgate

master
rra 4 years ago
parent
commit
d65d135eec
  1. 130
      basic_ap.py
  2. 2
      templates/create.json

130
basic_ap.py

@ -30,6 +30,8 @@ from Crypto.Hash import SHA256
from Crypto.Signature import pkcs1_15 from Crypto.Signature import pkcs1_15
from Crypto.PublicKey import RSA from Crypto.PublicKey import RSA
from httpsig import HTTPSigAuth
# #
import logging import logging
import http.client as http_client import http.client as http_client
@ -61,69 +63,69 @@ def public_key():
public_key() #generate public_key on first launch public_key() #generate public_key on first launch
def build_signing_string(headers, header_values): # def build_signing_string(headers, header_values):
return '\n'.join(map(lambda x: ': '.join([x.lower(), headers[x]]), header_values)) # return '\n'.join(map(lambda x: ': '.join([x.lower(), headers[x]]), header_values))
def messageContentDigest(messageBodyJsonStr: str) -> str: # def messageContentDigest(messageBodyJsonStr: str) -> str:
msg = messageBodyJsonStr.encode('utf-8') # msg = messageBodyJsonStr.encode('utf-8')
digestStr = SHA256.new(msg).digest() # digestStr = SHA256.new(msg).digest()
return base64.b64encode(digestStr).decode('utf-8') # return base64.b64encode(digestStr).decode('utf-8')
def sign_header(private_key, keyID, host, messageBodyJsonStr): # def sign_header(private_key, keyID, host, messageBodyJsonStr):
""" # """
Sign HTTP headers # Sign HTTP headers
""" # """
date = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()) #RFC1123 Time format # date = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()) #RFC1123 Time format
#Based on https://code.freedombone.net/bashrc/epicyon/src/main/httpsig.py # #Based on https://code.freedombone.net/bashrc/epicyon/src/main/httpsig.py
keyfile = open(private_key,'rb').read() # keyfile = open(private_key,'rb').read()
secret = RSA.import_key(keyfile) # secret = RSA.import_key(keyfile)
bodyDigest = messageContentDigest(messageBodyJsonStr) # bodyDigest = messageContentDigest(messageBodyJsonStr)
contentLength = len(messageBodyJsonStr) # contentLength = len(messageBodyJsonStr)
print(contentLength) # print(contentLength)
path = '/inbox' # path = '/inbox'
headers = { # headers = {
'(request-target)': f'post {path}', # '(request-target)': f'post {path}',
'host': host, # 'host': host,
'date': date, # 'date': date,
'digest': f'SHA-256={bodyDigest}', # 'digest': f'SHA-256={bodyDigest}',
'content-type': 'application/json', # 'content-type': 'application/json',
'content-length': str(contentLength) # 'content-length': str(contentLength)
} # }
signedHeaderKeys = headers.keys() # signedHeaderKeys = headers.keys()
signedHeaderText = '' # signedHeaderText = ''
for headerKey in signedHeaderKeys: # for headerKey in signedHeaderKeys:
signedHeaderText += f'{headerKey}: {headers[headerKey]}\n' # signedHeaderText += f'{headerKey}: {headers[headerKey]}\n'
signedHeaderText = signedHeaderText.strip() # signedHeaderText = signedHeaderText.strip()
headerDigest = SHA256.new(signedHeaderText.encode('ascii')) # headerDigest = SHA256.new(signedHeaderText.encode('ascii'))
# Sign the digest # # Sign the digest
rawSignature = pkcs1_15.new(secret).sign(headerDigest) # rawSignature = pkcs1_15.new(secret).sign(headerDigest)
signature = base64.b64encode(rawSignature).decode('ascii') # signature = base64.b64encode(rawSignature).decode('ascii')
# Put it into a valid HTTP signature format # # Put it into a valid HTTP signature format
signatureDict = { # signatureDict = {
'keyId': keyID, # 'keyId': keyID,
'algorithm': 'rsa-sha256', # 'algorithm': 'rsa-sha256',
'headers': ' '.join(signedHeaderKeys), # 'headers': ' '.join(signedHeaderKeys),
'signature': signature # 'signature': signature
} # }
signatureHeader = ', '.join( # signatureHeader = ', '.join(
[f'{k}="{v}"' for k, v in signatureDict.items()]) # [f'{k}="{v}"' for k, v in signatureDict.items()])
headers['signature'] = signatureHeader # headers['signature'] = signatureHeader
return headers # return headers
@ -163,14 +165,28 @@ def profile(actor):
@app.route('/post/', methods=['POST','GET']) @app.route('/post/', methods=['POST','GET'])
def post(): def post():
date = strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime())
keyfile = open('private.pem','rb').read()
key = {'privkey': RSA.import_key(keyfile), 'keyId': DOMAIN+'/users/'+USERNAME+'#main-key'}
headers = {"content-type": "application/activity+json",
"user-agent": f"test v:1"}
json_message=json.loads(flask.render_template('create.json', json_message=json.loads(flask.render_template('create.json',
domain=DOMAIN,public_key=public_key(),actor=USERNAME,host='DOMAIN', date=date)) domain=DOMAIN,public_key=public_key(),actor=USERNAME,host='DOMAIN'))
signed_headers = sign_header('private.pem', DOMAIN+'/users/'+USERNAME+'#main-key','https://post.lurk.org', json.dumps(json_message))
r = requests.post('https://post.lurk.org/inbox', json=json_message, headers=signed_headers) http_sig = HTTPSigAuth(key, headers)
url = 'https://post.lurk.org/inbox'
body = json.dumps(json_message)
headers = http_sig.sign(url,body)
#signed_headers = sign_header('private.pem', DOMAIN+'/users/'+USERNAME+'#main-key','https://post.lurk.org', json.dumps(json_message))
r = requests.post('https://post.lurk.org/inbox', json=body, headers=headers)
html = f'Status code <pre>{r.status_code}</pre></br>Response Headers: <pre>{r.headers}</pre></br></br> json message: <pre>{r.request.body}</pre></br></br> Request headers: <pre>{r.request.headers}</pre>' html = f'Status code <pre>{r.status_code}</pre></br>Response Headers: <pre>{r.headers}</pre></br></br> json message: <pre>{r.request.body}</pre></br></br> Request headers: <pre>{r.request.headers}</pre>'
html_headers = f'<html><head><style>pre {{overflow:auto;background-color:#eee;}}</style></head><body>{html}</body></html>' html_headers = f'<html><head><style>pre {{overflow:auto;background-color:#eee;}}</style></head><body>{html}</body></html>'

2
templates/create.json

@ -8,7 +8,7 @@
"object": { "object": {
"id": "{{domain}}/hello-world", "id": "{{domain}}/hello-world",
"type": "Note", "type": "Note",
"published": "{{date}}", "published": "2018-06-23T17:17:11Z",
"attributedTo": "{{domain}}/users/{{actor}}", "attributedTo": "{{domain}}/users/{{actor}}",
"inReplyTo": "https://post.lurk.org/@rra/101224791711855553", "inReplyTo": "https://post.lurk.org/@rra/101224791711855553",
"content": "<p>This is a test from a <a href='https://git.vvvvvvaria.org/rra/basic_ap'>flask based implementation</a> of the mastodon tutorial</p>", "content": "<p>This is a test from a <a href='https://git.vvvvvvaria.org/rra/basic_ap'>flask based implementation</a> of the mastodon tutorial</p>",

Loading…
Cancel
Save