Include a nonce within Json-LD signatures

2022-05-10 17:02:36 +01:00 · 2022-05-10 17:02:36 +01:00 · e6d02454fc
parent 4f3f3643a9
commit e6d02454fc
2 changed files with 4 additions and 1 deletions
--- a/linked_data_sig.py
+++ b/linked_data_sig.py
@ -9,6 +9,7 @@ __email__ = "bob@libreserver.org"
 __status__ = "Production"
 __module_group__ = "Security"

+import random
 import base64
 import hashlib
 from datetime import datetime
@ -100,6 +101,7 @@ def generate_json_signature(doc: {}, private_key_pem: str) -> None:
        return
    options = {
        "type": "RsaSignature2017",
+        "nonce": '%030x' % random.randrange(16**64),
        "creator": doc["actor"] + "#main-key",
        "created": datetime.utcnow().replace(microsecond=0).isoformat() + "Z",
    }
--- a/tests.py
+++ b/tests.py
@ -3880,9 +3880,9 @@ def _test_jsonld():
    assert signed_document
    assert signed_document.get('signature')
    assert signed_document['signature'].get('signatureValue')
+    assert signed_document['signature'].get('nonce')
    assert signed_document['signature'].get('type')
    assert len(signed_document['signature']['signatureValue']) > 50
-    # print str(signed_document['signature'])
    assert signed_document['signature']['type'] == 'RsaSignature2017'
    assert verify_json_signature(signed_document, public_key_pem)

@ -3912,6 +3912,7 @@ def _test_jsonld():
    assert len(str(signed_document['signature']['signatureValue'])) > 340
    assert (signed_document['signature']['signatureValue'] !=
            signed_document2['signature']['signatureValue'])
+    print('json-ld tests passed')


 def _test_site_active():