indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Signing GET requests

merge-requests/30/head
Bob Mottram 2021-09-08 11:05:45 +01:00
parent 9aeab4555b
commit d9cda14782
3 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
httpsig.py
View File

@ -24,6 +24,7 @@ from time import gmtime, strftime
import datetime import datetime
from utils import getFullDomain from utils import getFullDomain
from utils import getSHA256 from utils import getSHA256
from utils import getSHA512
from utils import localActorUrl from utils import localActorUrl
@ -49,11 +50,12 @@ def signPostHeaders(dateStr: str, privateKeyPem: str,
if not dateStr: if not dateStr:
dateStr = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()) dateStr = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime())
if nickname != domain: if nickname != domain and nickname.lower() != 'actor':
keyID = localActorUrl(httpPrefix, nickname, domain) + '#main-key' keyID = localActorUrl(httpPrefix, nickname, domain)
else: else:
# instance actor # instance actor
keyID = httpPrefix + '://' + domain + '/actor#main-key' keyID = httpPrefix + '://' + domain + '/actor'
keyID += '#main-key'
if not messageBodyJsonStr: if not messageBodyJsonStr:
headers = { headers = {
'(request-target)': f'get {path}', '(request-target)': f'get {path}',
@ -82,7 +84,8 @@ def signPostHeaders(dateStr: str, privateKeyPem: str,
signedHeaderText = '' signedHeaderText = ''
for headerKey in signedHeaderKeys: for headerKey in signedHeaderKeys:
signedHeaderText += f'{headerKey}: {headers[headerKey]}\n' signedHeaderText += f'{headerKey}: {headers[headerKey]}\n'
signedHeaderText = signedHeaderText.strip() # strip the trailing linefeed
signedHeaderText = signedHeaderText.rstrip('\n')
# signedHeaderText.encode('ascii') matches # signedHeaderText.encode('ascii') matches
headerDigest = getSHA256(signedHeaderText.encode('ascii')) headerDigest = getSHA256(signedHeaderText.encode('ascii'))
# print('headerDigest2: ' + str(headerDigest)) # print('headerDigest2: ' + str(headerDigest))
@ -159,11 +162,18 @@ def signPostHeadersNew(dateStr: str, privateKeyPem: str,
for headerKey in signedHeaderKeys: for headerKey in signedHeaderKeys:
signedHeaderText += f'{headerKey}: {headers[headerKey]}\n' signedHeaderText += f'{headerKey}: {headers[headerKey]}\n'
signedHeaderText = signedHeaderText.strip() signedHeaderText = signedHeaderText.strip()
headerDigest = getSHA256(signedHeaderText.encode('ascii'))
# Sign the digest. Potentially other signing algorithms can be added here. # Sign the digest. Potentially other signing algorithms can be added here.
signature = '' signature = ''
if algorithm == 'rsa-sha256': if algorithm == 'rsa-sha512':
headerDigest = getSHA512(signedHeaderText.encode('ascii'))
rawSignature = key.sign(headerDigest,
padding.PKCS1v15(),
hazutils.Prehashed(hashes.SHA512()))
signature = base64.b64encode(rawSignature).decode('ascii')
else:
# default sha256
headerDigest = getSHA256(signedHeaderText.encode('ascii'))
rawSignature = key.sign(headerDigest, rawSignature = key.sign(headerDigest,
padding.PKCS1v15(), padding.PKCS1v15(),
hazutils.Prehashed(hashes.SHA256())) hazutils.Prehashed(hashes.SHA256()))

6
session.py
View File

@ -175,11 +175,8 @@ def _getJsonSigned(session, url: str, domainFull: str, sessionHeaders: {},
toPort = 443 toPort = 443
else: else:
toPort = 80 toPort = 80
# instance actor
nickname = domain
# if debug: # if debug:
print('Signed GET nickname: ' + nickname)
print('Signed GET domain: ' + domain + ' ' + str(port)) print('Signed GET domain: ' + domain + ' ' + str(port))
print('Signed GET toDomain: ' + toDomain + ' ' + str(toPort)) print('Signed GET toDomain: ' + toDomain + ' ' + str(toPort))
print('Signed GET url: ' + url) print('Signed GET url: ' + url)
@ -191,7 +188,7 @@ def _getJsonSigned(session, url: str, domainFull: str, sessionHeaders: {},
else: else:
path = '/actor' path = '/actor'
signatureHeaderJson = \ signatureHeaderJson = \
createSignedHeader(signingPrivateKeyPem, nickname, domain, port, createSignedHeader(signingPrivateKeyPem, 'actor', domain, port,
toDomain, toPort, path, httpPrefix, withDigest, toDomain, toPort, path, httpPrefix, withDigest,
messageStr) messageStr)
print('Signed GET signatureHeaderJson ' + str(signatureHeaderJson)) print('Signed GET signatureHeaderJson ' + str(signatureHeaderJson))
@ -201,7 +198,6 @@ def _getJsonSigned(session, url: str, domainFull: str, sessionHeaders: {},
sessionHeaders[key.title()] = value sessionHeaders[key.title()] = value
if sessionHeaders.get(key.lower()): if sessionHeaders.get(key.lower()):
del sessionHeaders[key.lower()] del sessionHeaders[key.lower()]
sessionHeaders['Content-Length'] = '0'
print('Signed GET sessionHeaders ' + str(sessionHeaders)) print('Signed GET sessionHeaders ' + str(sessionHeaders))
return _getJsonRequest(session, url, domainFull, sessionHeaders, return _getJsonRequest(session, url, domainFull, sessionHeaders,

8
utils.py
View File

@ -147,6 +147,14 @@ def getSHA256(msg: str):
return digest.finalize() return digest.finalize()
def getSHA512(msg: str):
"""Returns a SHA512 hash of the given string
"""
digest = hashes.Hash(hashes.SHA512(), backend=default_backend())
digest.update(msg)
return digest.finalize()
def _localNetworkHost(host: str) -> bool: def _localNetworkHost(host: str) -> bool:
"""Returns true if the given host is on the local network """Returns true if the given host is on the local network
""" """