mirror of https://gitlab.com/bashrc2/epicyon
Move jsonld signatures to python3-cryptography
parent
3f248ce33b
commit
0e9aa4766f
13
httpsig.py
13
httpsig.py
|
@ -19,17 +19,12 @@ import base64
|
||||||
from time import gmtime, strftime
|
from time import gmtime, strftime
|
||||||
import datetime
|
import datetime
|
||||||
from utils import getFullDomain
|
from utils import getFullDomain
|
||||||
|
from utils import getSHA256
|
||||||
|
|
||||||
def _getSHA256(msg: str):
|
|
||||||
digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
|
|
||||||
digest.update(msg)
|
|
||||||
return digest.finalize()
|
|
||||||
|
|
||||||
|
|
||||||
def messageContentDigest(messageBodyJsonStr: str) -> str:
|
def messageContentDigest(messageBodyJsonStr: str) -> str:
|
||||||
msg = messageBodyJsonStr.encode('utf-8')
|
msg = messageBodyJsonStr.encode('utf-8')
|
||||||
hashResult = _getSHA256(msg)
|
hashResult = getSHA256(msg)
|
||||||
return base64.b64encode(hashResult).decode('utf-8')
|
return base64.b64encode(hashResult).decode('utf-8')
|
||||||
|
|
||||||
|
|
||||||
|
@ -80,7 +75,7 @@ def signPostHeaders(dateStr: str, privateKeyPem: str,
|
||||||
signedHeaderText += f'{headerKey}: {headers[headerKey]}\n'
|
signedHeaderText += f'{headerKey}: {headers[headerKey]}\n'
|
||||||
signedHeaderText = signedHeaderText.strip()
|
signedHeaderText = signedHeaderText.strip()
|
||||||
# signedHeaderText.encode('ascii') matches
|
# signedHeaderText.encode('ascii') matches
|
||||||
headerDigest = _getSHA256(signedHeaderText.encode('ascii'))
|
headerDigest = getSHA256(signedHeaderText.encode('ascii'))
|
||||||
# print('headerDigest2: ' + str(headerDigest))
|
# print('headerDigest2: ' + str(headerDigest))
|
||||||
|
|
||||||
# Sign the digest
|
# Sign the digest
|
||||||
|
@ -252,7 +247,7 @@ def verifyPostHeaders(httpPrefix: str, publicKeyPem: str, headers: dict,
|
||||||
print('DEBUG: signedHeaderList: ' + str(signedHeaderList))
|
print('DEBUG: signedHeaderList: ' + str(signedHeaderList))
|
||||||
# Now we have our header data digest
|
# Now we have our header data digest
|
||||||
signedHeaderText = '\n'.join(signedHeaderList)
|
signedHeaderText = '\n'.join(signedHeaderList)
|
||||||
headerDigest = _getSHA256(signedHeaderText.encode('ascii'))
|
headerDigest = getSHA256(signedHeaderText.encode('ascii'))
|
||||||
|
|
||||||
# Get the signature, verify with public key, return result
|
# Get the signature, verify with public key, return result
|
||||||
signature = base64.b64decode(signatureDict['signature'])
|
signature = base64.b64decode(signatureDict['signature'])
|
||||||
|
|
|
@ -11,18 +11,15 @@ __status__ = "Production"
|
||||||
import base64
|
import base64
|
||||||
import hashlib
|
import hashlib
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
try:
|
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
||||||
from Cryptodome.PublicKey import RSA
|
from cryptography.hazmat.primitives.serialization import load_pem_public_key
|
||||||
from Cryptodome.Hash import SHA256
|
from cryptography.hazmat.primitives.asymmetric import padding
|
||||||
from Cryptodome.Signature import pkcs1_5 as PKCS1_v1_5
|
from cryptography.hazmat.primitives import hashes
|
||||||
except ImportError:
|
from cryptography.hazmat.primitives.asymmetric import utils as hazutils
|
||||||
from Crypto.PublicKey import RSA
|
|
||||||
from Crypto.Hash import SHA256
|
|
||||||
from Crypto.Signature import PKCS1_v1_5
|
|
||||||
|
|
||||||
from pyjsonld import normalize
|
from pyjsonld import normalize
|
||||||
from context import hasValidContext
|
from context import hasValidContext
|
||||||
|
from utils import getSHA256
|
||||||
|
|
||||||
|
|
||||||
def _options_hash(doc: {}) -> str:
|
def _options_hash(doc: {}) -> str:
|
||||||
|
@ -73,14 +70,23 @@ def verifyJsonSignature(doc: {}, publicKeyPem: str) -> bool:
|
||||||
"""
|
"""
|
||||||
if not hasValidContext(doc):
|
if not hasValidContext(doc):
|
||||||
return False
|
return False
|
||||||
key = RSA.importKey(publicKeyPem)
|
pubkey = load_pem_public_key(publicKeyPem.encode('utf-8'),
|
||||||
|
backend=default_backend())
|
||||||
to_be_signed = _options_hash(doc) + _doc_hash(doc)
|
to_be_signed = _options_hash(doc) + _doc_hash(doc)
|
||||||
signature = doc["signature"]["signatureValue"]
|
signature = doc["signature"]["signatureValue"]
|
||||||
signer = PKCS1_v1_5.new(key) # type: ignore
|
|
||||||
digest = SHA256.new()
|
digest = getSHA256(to_be_signed.encode("utf-8"))
|
||||||
digest.update(to_be_signed.encode("utf-8"))
|
|
||||||
base64sig = base64.b64decode(signature)
|
base64sig = base64.b64decode(signature)
|
||||||
return signer.verify(digest, base64sig) # type: ignore
|
|
||||||
|
try:
|
||||||
|
pubkey.verify(
|
||||||
|
base64sig,
|
||||||
|
digest,
|
||||||
|
padding.PKCS1v15(),
|
||||||
|
hazutils.Prehashed(hashes.SHA256()))
|
||||||
|
return True
|
||||||
|
except BaseException:
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
def generateJsonSignature(doc: {}, privateKeyPem: str) -> None:
|
def generateJsonSignature(doc: {}, privateKeyPem: str) -> None:
|
||||||
|
@ -98,9 +104,11 @@ def generateJsonSignature(doc: {}, privateKeyPem: str) -> None:
|
||||||
doc["signature"] = options
|
doc["signature"] = options
|
||||||
to_be_signed = _options_hash(doc) + _doc_hash(doc)
|
to_be_signed = _options_hash(doc) + _doc_hash(doc)
|
||||||
|
|
||||||
key = RSA.importKey(privateKeyPem)
|
key = load_pem_private_key(privateKeyPem.encode('utf-8'),
|
||||||
signer = PKCS1_v1_5.new(key)
|
None, backend=default_backend())
|
||||||
digest = SHA256.new()
|
digest = getSHA256(to_be_signed.encode("utf-8"))
|
||||||
digest.update(to_be_signed.encode("utf-8"))
|
signature = key.sign(digest,
|
||||||
sig = base64.b64encode(signer.sign(digest)) # type: ignore
|
padding.PKCS1v15(),
|
||||||
|
hazutils.Prehashed(hashes.SHA256()))
|
||||||
|
sig = base64.b64encode(signature)
|
||||||
options["signatureValue"] = sig.decode("utf-8")
|
options["signatureValue"] = sig.decode("utf-8")
|
||||||
|
|
10
utils.py
10
utils.py
|
@ -18,6 +18,16 @@ import idna
|
||||||
from pprint import pprint
|
from pprint import pprint
|
||||||
from calendar import monthrange
|
from calendar import monthrange
|
||||||
from followingCalendar import addPersonToCalendar
|
from followingCalendar import addPersonToCalendar
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
from cryptography.hazmat.primitives import hashes
|
||||||
|
|
||||||
|
|
||||||
|
def getSHA256(msg: str):
|
||||||
|
"""Returns a SHA256 hash of the given string
|
||||||
|
"""
|
||||||
|
digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
|
||||||
|
digest.update(msg)
|
||||||
|
return digest.finalize()
|
||||||
|
|
||||||
|
|
||||||
def _localNetworkHost(host: str) -> bool:
|
def _localNetworkHost(host: str) -> bool:
|
||||||
|
|
Loading…
Reference in New Issue