mirror of https://gitlab.com/bashrc2/epicyon
Separate signing and digest algorithms
parent
1b9277e323
commit
9dc4189d57
18
httpsig.py
18
httpsig.py
|
|
@ -71,14 +71,11 @@ def signPostHeaders(dateStr: str, privateKeyPem: str,
|
||||||
httpPrefix: str,
|
httpPrefix: str,
|
||||||
messageBodyJsonStr: str,
|
messageBodyJsonStr: str,
|
||||||
contentType: str,
|
contentType: str,
|
||||||
algorithm: str) -> str:
|
algorithm: str,
|
||||||
|
digestAlgorithm: str) -> str:
|
||||||
"""Returns a raw signature string that can be plugged into a header and
|
"""Returns a raw signature string that can be plugged into a header and
|
||||||
used to verify the authenticity of an HTTP transmission.
|
used to verify the authenticity of an HTTP transmission.
|
||||||
"""
|
"""
|
||||||
# it is assumed that the hash used for the digest will be the same
|
|
||||||
# as for the signature
|
|
||||||
digestAlgorithm = algorithm
|
|
||||||
|
|
||||||
domain = getFullDomain(domain, port)
|
domain = getFullDomain(domain, port)
|
||||||
|
|
||||||
toDomain = getFullDomain(toDomain, toPort)
|
toDomain = getFullDomain(toDomain, toPort)
|
||||||
|
|
@ -152,16 +149,13 @@ def signPostHeadersNew(dateStr: str, privateKeyPem: str,
|
||||||
path: str,
|
path: str,
|
||||||
httpPrefix: str,
|
httpPrefix: str,
|
||||||
messageBodyJsonStr: str,
|
messageBodyJsonStr: str,
|
||||||
algorithm: str, debug: bool) -> (str, str):
|
algorithm: str, digestAlgorithm: str,
|
||||||
|
debug: bool) -> (str, str):
|
||||||
"""Returns a raw signature strings that can be plugged into a header
|
"""Returns a raw signature strings that can be plugged into a header
|
||||||
as "Signature-Input" and "Signature"
|
as "Signature-Input" and "Signature"
|
||||||
used to verify the authenticity of an HTTP transmission.
|
used to verify the authenticity of an HTTP transmission.
|
||||||
See https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures
|
See https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures
|
||||||
"""
|
"""
|
||||||
# it is assumed that the hash used for the digest will be the same
|
|
||||||
# as for the signature
|
|
||||||
digestAlgorithm = algorithm
|
|
||||||
|
|
||||||
domain = getFullDomain(domain, port)
|
domain = getFullDomain(domain, port)
|
||||||
|
|
||||||
toDomain = getFullDomain(toDomain, toPort)
|
toDomain = getFullDomain(toDomain, toPort)
|
||||||
|
|
@ -274,7 +268,7 @@ def createSignedHeader(dateStr: str, privateKeyPem: str, nickname: str,
|
||||||
signPostHeaders(dateStr, privateKeyPem, nickname,
|
signPostHeaders(dateStr, privateKeyPem, nickname,
|
||||||
domain, port, toDomain, toPort,
|
domain, port, toDomain, toPort,
|
||||||
path, httpPrefix, None, contentType,
|
path, httpPrefix, None, contentType,
|
||||||
algorithm)
|
algorithm, None)
|
||||||
else:
|
else:
|
||||||
bodyDigest = messageContentDigest(messageBodyJsonStr, digestAlgorithm)
|
bodyDigest = messageContentDigest(messageBodyJsonStr, digestAlgorithm)
|
||||||
digestPrefix = getDigestPrefix(digestAlgorithm)
|
digestPrefix = getDigestPrefix(digestAlgorithm)
|
||||||
|
|
@ -292,7 +286,7 @@ def createSignedHeader(dateStr: str, privateKeyPem: str, nickname: str,
|
||||||
domain, port,
|
domain, port,
|
||||||
toDomain, toPort,
|
toDomain, toPort,
|
||||||
path, httpPrefix, messageBodyJsonStr,
|
path, httpPrefix, messageBodyJsonStr,
|
||||||
contentType, algorithm)
|
contentType, algorithm, digestAlgorithm)
|
||||||
headers['signature'] = signatureHeader
|
headers['signature'] = signatureHeader
|
||||||
return headers
|
return headers
|
||||||
|
|
||||||
|
|
|
||||||
23
tests.py
23
tests.py
|
|
@ -392,7 +392,7 @@ def _testSignAndVerify() -> None:
|
||||||
pubkey.verify(signature2, headerDigest, paddingStr, alg)
|
pubkey.verify(signature2, headerDigest, paddingStr, alg)
|
||||||
|
|
||||||
|
|
||||||
def _testHttpSigNew():
|
def _testHttpSigNew(algorithm: str, digestAlgorithm: str):
|
||||||
print('testHttpSigNew')
|
print('testHttpSigNew')
|
||||||
httpPrefix = 'https'
|
httpPrefix = 'https'
|
||||||
port = 443
|
port = 443
|
||||||
|
|
@ -403,8 +403,6 @@ def _testHttpSigNew():
|
||||||
pathStr = "/" + nickname + "?param=value&pet=dog HTTP/1.1"
|
pathStr = "/" + nickname + "?param=value&pet=dog HTTP/1.1"
|
||||||
domain = 'example.com'
|
domain = 'example.com'
|
||||||
dateStr = 'Tue, 20 Apr 2021 02:07:55 GMT'
|
dateStr = 'Tue, 20 Apr 2021 02:07:55 GMT'
|
||||||
algorithm = 'rsa-sha256'
|
|
||||||
digestAlgorithm = 'rsa-sha256'
|
|
||||||
digestPrefix = getDigestPrefix(digestAlgorithm)
|
digestPrefix = getDigestPrefix(digestAlgorithm)
|
||||||
digestStr = digestPrefix + '=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE='
|
digestStr = digestPrefix + '=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE='
|
||||||
bodyDigest = messageContentDigest(messageBodyJsonStr, digestAlgorithm)
|
bodyDigest = messageContentDigest(messageBodyJsonStr, digestAlgorithm)
|
||||||
|
|
@ -491,7 +489,7 @@ def _testHttpSigNew():
|
||||||
domain, port,
|
domain, port,
|
||||||
domain, port,
|
domain, port,
|
||||||
pathStr, httpPrefix, messageBodyJsonStr,
|
pathStr, httpPrefix, messageBodyJsonStr,
|
||||||
algorithm, debug)
|
algorithm, digestAlgorithm, debug)
|
||||||
print('signatureIndexHeader1: ' + str(signatureIndexHeader))
|
print('signatureIndexHeader1: ' + str(signatureIndexHeader))
|
||||||
print('signatureHeader1: ' + str(signatureHeader))
|
print('signatureHeader1: ' + str(signatureHeader))
|
||||||
sigInput = "keyId=\"https://example.com/users/foo#main-key\"; " + \
|
sigInput = "keyId=\"https://example.com/users/foo#main-key\"; " + \
|
||||||
|
|
@ -571,7 +569,7 @@ def _testHttpsigBase(withDigest: bool, baseDir: str):
|
||||||
domain, port,
|
domain, port,
|
||||||
hostDomain, port,
|
hostDomain, port,
|
||||||
boxpath, httpPrefix, None, contentType,
|
boxpath, httpPrefix, None, contentType,
|
||||||
algorithm)
|
algorithm, None)
|
||||||
else:
|
else:
|
||||||
digestPrefix = getDigestPrefix(digestAlgorithm)
|
digestPrefix = getDigestPrefix(digestAlgorithm)
|
||||||
bodyDigest = messageContentDigest(messageBodyJsonStr, digestAlgorithm)
|
bodyDigest = messageContentDigest(messageBodyJsonStr, digestAlgorithm)
|
||||||
|
|
@ -589,7 +587,7 @@ def _testHttpsigBase(withDigest: bool, baseDir: str):
|
||||||
domain, port,
|
domain, port,
|
||||||
hostDomain, port,
|
hostDomain, port,
|
||||||
boxpath, httpPrefix, messageBodyJsonStr,
|
boxpath, httpPrefix, messageBodyJsonStr,
|
||||||
contentType, algorithm)
|
contentType, algorithm, digestAlgorithm)
|
||||||
|
|
||||||
headers['signature'] = signatureHeader
|
headers['signature'] = signatureHeader
|
||||||
GETmethod = not withDigest
|
GETmethod = not withDigest
|
||||||
|
|
@ -5893,7 +5891,7 @@ def _testValidEmojiContent() -> None:
|
||||||
|
|
||||||
|
|
||||||
def _testHttpsigBaseNew(withDigest: bool, baseDir: str,
|
def _testHttpsigBaseNew(withDigest: bool, baseDir: str,
|
||||||
algorithm: str) -> None:
|
algorithm: str, digestAlgorithm: str) -> None:
|
||||||
print('testHttpsigNew(' + str(withDigest) + ')')
|
print('testHttpsigNew(' + str(withDigest) + ')')
|
||||||
|
|
||||||
debug = True
|
debug = True
|
||||||
|
|
@ -5903,7 +5901,6 @@ def _testHttpsigBaseNew(withDigest: bool, baseDir: str,
|
||||||
os.mkdir(path)
|
os.mkdir(path)
|
||||||
os.chdir(path)
|
os.chdir(path)
|
||||||
|
|
||||||
digestAlgorithm = algorithm
|
|
||||||
contentType = 'application/activity+json'
|
contentType = 'application/activity+json'
|
||||||
nickname = 'socrates'
|
nickname = 'socrates'
|
||||||
hostDomain = 'someother.instance'
|
hostDomain = 'someother.instance'
|
||||||
|
|
@ -5940,7 +5937,7 @@ def _testHttpsigBaseNew(withDigest: bool, baseDir: str,
|
||||||
domain, port,
|
domain, port,
|
||||||
hostDomain, port,
|
hostDomain, port,
|
||||||
boxpath, httpPrefix, messageBodyJsonStr,
|
boxpath, httpPrefix, messageBodyJsonStr,
|
||||||
algorithm, debug)
|
algorithm, digestAlgorithm, debug)
|
||||||
else:
|
else:
|
||||||
digestPrefix = getDigestPrefix(digestAlgorithm)
|
digestPrefix = getDigestPrefix(digestAlgorithm)
|
||||||
bodyDigest = messageContentDigest(messageBodyJsonStr, digestAlgorithm)
|
bodyDigest = messageContentDigest(messageBodyJsonStr, digestAlgorithm)
|
||||||
|
|
@ -5958,7 +5955,7 @@ def _testHttpsigBaseNew(withDigest: bool, baseDir: str,
|
||||||
domain, port,
|
domain, port,
|
||||||
hostDomain, port,
|
hostDomain, port,
|
||||||
boxpath, httpPrefix, messageBodyJsonStr,
|
boxpath, httpPrefix, messageBodyJsonStr,
|
||||||
algorithm, debug)
|
algorithm, digestAlgorithm, debug)
|
||||||
|
|
||||||
headers['signature'] = signatureHeader
|
headers['signature'] = signatureHeader
|
||||||
headers['signature-input'] = signatureIndexHeader
|
headers['signature-input'] = signatureIndexHeader
|
||||||
|
|
@ -6086,9 +6083,9 @@ def runAllTests():
|
||||||
_testActorParsing()
|
_testActorParsing()
|
||||||
_testHttpsig(baseDir)
|
_testHttpsig(baseDir)
|
||||||
_testHttpSignedGET(baseDir)
|
_testHttpSignedGET(baseDir)
|
||||||
_testHttpSigNew()
|
_testHttpSigNew('rsa-sha256', 'rsa-sha256')
|
||||||
_testHttpsigBaseNew(True, baseDir, 'rsa-sha256')
|
_testHttpsigBaseNew(True, baseDir, 'rsa-sha256', 'rsa-sha256')
|
||||||
_testHttpsigBaseNew(False, baseDir, 'rsa-sha256')
|
_testHttpsigBaseNew(False, baseDir, 'rsa-sha256', 'rsa-sha256')
|
||||||
_testCache()
|
_testCache()
|
||||||
_testThreads()
|
_testThreads()
|
||||||
_testCreatePerson(baseDir)
|
_testCreatePerson(baseDir)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue