mirror of https://gitlab.com/bashrc2/epicyon
Remove date
parent
81d77f9843
commit
6855366b4c
14
httpsig.py
14
httpsig.py
|
|
@ -25,13 +25,14 @@ def signPostHeaders(privateKeyPem: str, nickname: str, domain: str, \
|
||||||
if port!=80 and port!=443:
|
if port!=80 and port!=443:
|
||||||
domain=domain+':'+str(port)
|
domain=domain+':'+str(port)
|
||||||
|
|
||||||
|
dateStr=strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime())
|
||||||
keyID = httpPrefix+'://'+domain+'/users/'+nickname+'#main-key'
|
keyID = httpPrefix+'://'+domain+'/users/'+nickname+'#main-key'
|
||||||
if not messageBodyJson:
|
if not messageBodyJson:
|
||||||
headers = {'host': domain}
|
headers = {'host': domain}
|
||||||
else:
|
else:
|
||||||
bodyDigest = \
|
bodyDigest = \
|
||||||
base64.b64encode(SHA256.new(messageBodyJson.encode()).digest())
|
base64.b64encode(SHA256.new(messageBodyJson.encode()).digest())
|
||||||
headers = {'host': domain, 'date': strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()),'digest': f'SHA-256={bodyDigest}'}
|
headers = {'host': domain,'digest': f'SHA-256={bodyDigest}'}
|
||||||
privateKeyPem = RSA.import_key(privateKeyPem)
|
privateKeyPem = RSA.import_key(privateKeyPem)
|
||||||
headers.update({
|
headers.update({
|
||||||
'(request-target)': f'post {path}',
|
'(request-target)': f'post {path}',
|
||||||
|
|
@ -52,11 +53,13 @@ def signPostHeaders(privateKeyPem: str, nickname: str, domain: str, \
|
||||||
signatureDict = {
|
signatureDict = {
|
||||||
'keyId': keyID,
|
'keyId': keyID,
|
||||||
'algorithm': 'rsa-sha256',
|
'algorithm': 'rsa-sha256',
|
||||||
|
# 'date': dateStr,
|
||||||
'headers': ' '.join(signedHeaderKeys),
|
'headers': ' '.join(signedHeaderKeys),
|
||||||
'signature': signature
|
'signature': signature
|
||||||
}
|
}
|
||||||
signatureHeader = ','.join(
|
signatureHeader = ','.join(
|
||||||
[f'{k}="{v}"' for k, v in signatureDict.items()])
|
[f'{k}="{v}"' for k, v in signatureDict.items()])
|
||||||
|
# print('signatureHeader: '+str(signatureHeader))
|
||||||
return signatureHeader
|
return signatureHeader
|
||||||
|
|
||||||
def createSignedHeader(privateKeyPem: str,nickname: str,domain: str,port: int, \
|
def createSignedHeader(privateKeyPem: str,nickname: str,domain: str,port: int, \
|
||||||
|
|
@ -67,16 +70,18 @@ def createSignedHeader(privateKeyPem: str,nickname: str,domain: str,port: int, \
|
||||||
if port!=80 and port!=443:
|
if port!=80 and port!=443:
|
||||||
headerDomain=headerDomain+':'+str(port)
|
headerDomain=headerDomain+':'+str(port)
|
||||||
|
|
||||||
|
dateStr=strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime())
|
||||||
if not withDigest:
|
if not withDigest:
|
||||||
headers = {'host': headerDomain}
|
headers = {'host': headerDomain}
|
||||||
else:
|
else:
|
||||||
messageBodyJsonStr=json.dumps(messageBodyJson)
|
messageBodyJsonStr=json.dumps(messageBodyJson)
|
||||||
bodyDigest = \
|
bodyDigest = \
|
||||||
base64.b64encode(SHA256.new(messageBodyJsonStr.encode()).digest())
|
base64.b64encode(SHA256.new(messageBodyJsonStr.encode()).digest())
|
||||||
headers = {'host': headerDomain, 'date': strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()), 'digest': f'SHA-256={bodyDigest}'}
|
headers = {'host': headerDomain, 'digest': f'SHA-256={bodyDigest}'}
|
||||||
path='/inbox'
|
path='/inbox'
|
||||||
signatureHeader = signPostHeaders(privateKeyPem, nickname, domain, port, \
|
signatureHeader = signPostHeaders(privateKeyPem, nickname, domain, port, \
|
||||||
path, httpPrefix, None)
|
path, httpPrefix, None)
|
||||||
|
headers['date'] = dateStr
|
||||||
headers['signature'] = signatureHeader
|
headers['signature'] = signatureHeader
|
||||||
headers['Content-type'] = 'application/json'
|
headers['Content-type'] = 'application/json'
|
||||||
return headers
|
return headers
|
||||||
|
|
@ -115,9 +120,8 @@ def verifyPostHeaders(httpPrefix: str, publicKeyPem: str, headers: dict, \
|
||||||
elif signedHeader.lower() == 'content-type':
|
elif signedHeader.lower() == 'content-type':
|
||||||
continue
|
continue
|
||||||
elif signedHeader == 'date':
|
elif signedHeader == 'date':
|
||||||
dateJson=messageBodyJsonStr.encode()
|
signedHeaderList.append(f'date: {date}')
|
||||||
print('*********************date: '+str(dateJson))
|
continue
|
||||||
#signedHeaderList.append(f'date: SHA-256={dateStr}')
|
|
||||||
elif signedHeader == 'digest':
|
elif signedHeader == 'digest':
|
||||||
bodyDigest = \
|
bodyDigest = \
|
||||||
base64.b64encode(SHA256.new(messageBodyJsonStr.encode()).digest())
|
base64.b64encode(SHA256.new(messageBodyJsonStr.encode()).digest())
|
||||||
|
|
|
||||||
10
tests.py
10
tests.py
|
|
@ -11,6 +11,7 @@ import time
|
||||||
import os, os.path
|
import os, os.path
|
||||||
import shutil
|
import shutil
|
||||||
import commentjson
|
import commentjson
|
||||||
|
from time import gmtime, strftime
|
||||||
from pprint import pprint
|
from pprint import pprint
|
||||||
from person import createPerson
|
from person import createPerson
|
||||||
from Crypto.Hash import SHA256
|
from Crypto.Hash import SHA256
|
||||||
|
|
@ -81,18 +82,19 @@ def testHttpsigBase(withDigest):
|
||||||
privateKeyPem,publicKeyPem,person,wfEndpoint= \
|
privateKeyPem,publicKeyPem,person,wfEndpoint= \
|
||||||
createPerson(path,nickname,domain,port,httpPrefix,False,password)
|
createPerson(path,nickname,domain,port,httpPrefix,False,password)
|
||||||
assert privateKeyPem
|
assert privateKeyPem
|
||||||
messageBodyJsonStr = '{"a key": "a value", "another key": "A string"}'
|
messageBodyJsonStr = '{"a key": "a value", "another key": "A string","yet another key": "A string"}'
|
||||||
|
|
||||||
headersDomain=domain
|
headersDomain=domain
|
||||||
if port!=80 and port !=443:
|
if port!=80 and port !=443:
|
||||||
headersDomain=domain+':'+str(port)
|
headersDomain=domain+':'+str(port)
|
||||||
|
|
||||||
|
dateStr=strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime())
|
||||||
if not withDigest:
|
if not withDigest:
|
||||||
headers = {'host': headersDomain}
|
headers = {'host': headersDomain}
|
||||||
else:
|
else:
|
||||||
bodyDigest = \
|
bodyDigest = \
|
||||||
base64.b64encode(SHA256.new(messageBodyJsonStr.encode()).digest())
|
base64.b64encode(SHA256.new(messageBodyJsonStr.encode()).digest())
|
||||||
headers = {'host': headersDomain, 'digest': f'SHA-256={bodyDigest}'}
|
headers = {'host': headersDomain, 'date': dateStr, 'digest': f'SHA-256={bodyDigest}'}
|
||||||
|
|
||||||
boxpath='/inbox'
|
boxpath='/inbox'
|
||||||
signatureHeader = \
|
signatureHeader = \
|
||||||
|
|
@ -109,9 +111,9 @@ def testHttpsigBase(withDigest):
|
||||||
headers = {'host': 'bogon.domain'}
|
headers = {'host': 'bogon.domain'}
|
||||||
else:
|
else:
|
||||||
# correct domain but fake message
|
# correct domain but fake message
|
||||||
messageBodyJsonStr = '{"a key": "a value", "another key": "Fake GNUs"}'
|
messageBodyJsonStr = '{"a key": "a value", "another key": "Fake GNUs", "yet another key": "Fake GNUs"}'
|
||||||
bodyDigest = base64.b64encode(SHA256.new(messageBodyJsonStr.encode()).digest())
|
bodyDigest = base64.b64encode(SHA256.new(messageBodyJsonStr.encode()).digest())
|
||||||
headers = {'host': domain, 'digest': f'SHA-256={bodyDigest}'}
|
headers = {'host': domain, 'date': dateStr, 'digest': f'SHA-256={bodyDigest}'}
|
||||||
headers['signature'] = signatureHeader
|
headers['signature'] = signatureHeader
|
||||||
assert verifyPostHeaders(httpPrefix, publicKeyPem, headers, \
|
assert verifyPostHeaders(httpPrefix, publicKeyPem, headers, \
|
||||||
'/inbox', True, messageBodyJsonStr) == False
|
'/inbox', True, messageBodyJsonStr) == False
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue