forked from indymedia/epicyon
Add content langth to http signature
parent
a4c43e44c3
commit
6deab18126
|
|
@ -28,7 +28,7 @@ Or on Debian:
|
||||||
``` bash
|
``` bash
|
||||||
sudo apt-get -y install tor python3-pip python3-socks imagemagick \
|
sudo apt-get -y install tor python3-pip python3-socks imagemagick \
|
||||||
python3-numpy python3-setuptools python3-crypto \
|
python3-numpy python3-setuptools python3-crypto \
|
||||||
python3-dateutil python3-pil.imagetk certbot nginx
|
python3-dateutil python3-pil.imagetk certbot nginx
|
||||||
sudo pip3 install requests commentjson beautifulsoup4 pycryptodome
|
sudo pip3 install requests commentjson beautifulsoup4 pycryptodome
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
||||||
10
httpsig.py
10
httpsig.py
|
|
@ -104,13 +104,14 @@ def createSignedHeader(privateKeyPem: str,nickname: str, \
|
||||||
path,httpPrefix,None)
|
path,httpPrefix,None)
|
||||||
else:
|
else:
|
||||||
bodyDigest=messageContentDigest(messageBodyJsonStr)
|
bodyDigest=messageContentDigest(messageBodyJsonStr)
|
||||||
|
contentLength=len(messageBodyJsonStr)
|
||||||
#print('***************************Send (request-target): post '+path)
|
#print('***************************Send (request-target): post '+path)
|
||||||
#print('***************************Send host: '+headerDomain)
|
#print('***************************Send host: '+headerDomain)
|
||||||
#print('***************************Send date: '+dateStr)
|
#print('***************************Send date: '+dateStr)
|
||||||
#print('***************************Send digest: '+bodyDigest)
|
#print('***************************Send digest: '+bodyDigest)
|
||||||
#print('***************************Send Content-type: '+contentType)
|
#print('***************************Send Content-type: '+contentType)
|
||||||
#print('***************************Send messageBodyJsonStr: '+messageBodyJsonStr)
|
#print('***************************Send messageBodyJsonStr: '+messageBodyJsonStr)
|
||||||
headers = {'(request-target)': f'post {path}','host': headerDomain,'date': dateStr,'digest': f'SHA-256={bodyDigest}','content-type': contentType}
|
headers = {'(request-target)': f'post {path}','host': headerDomain,'date': dateStr,'digest': f'SHA-256={bodyDigest}','content-length': contentLength,'content-type': contentType}
|
||||||
signatureHeader = \
|
signatureHeader = \
|
||||||
signPostHeaders(dateStr,privateKeyPem,nickname, \
|
signPostHeaders(dateStr,privateKeyPem,nickname, \
|
||||||
domain,port, \
|
domain,port, \
|
||||||
|
|
@ -168,6 +169,7 @@ def verifyPostHeaders(httpPrefix: str,publicKeyPem: str,headers: dict, \
|
||||||
# Unpack the signed headers and set values based on current headers and
|
# Unpack the signed headers and set values based on current headers and
|
||||||
# body (if a digest was included)
|
# body (if a digest was included)
|
||||||
signedHeaderList = []
|
signedHeaderList = []
|
||||||
|
contentLength=len(messageBodyJsonStr)
|
||||||
for signedHeader in signatureDict['headers'].split(' '):
|
for signedHeader in signatureDict['headers'].split(' '):
|
||||||
if signedHeader == '(request-target)':
|
if signedHeader == '(request-target)':
|
||||||
signedHeaderList.append(
|
signedHeaderList.append(
|
||||||
|
|
@ -183,6 +185,9 @@ def verifyPostHeaders(httpPrefix: str,publicKeyPem: str,headers: dict, \
|
||||||
#print('***************************Verify messageBodyJsonStr: '+messageBodyJsonStr)
|
#print('***************************Verify messageBodyJsonStr: '+messageBodyJsonStr)
|
||||||
else:
|
else:
|
||||||
if headers.get(signedHeader):
|
if headers.get(signedHeader):
|
||||||
|
if signedHeader=='content-length':
|
||||||
|
if int(headers[signedHeader])!=contentLength:
|
||||||
|
return False
|
||||||
if signedHeader=='date':
|
if signedHeader=='date':
|
||||||
if not verifyRecentSignature(headers[signedHeader]):
|
if not verifyRecentSignature(headers[signedHeader]):
|
||||||
return False
|
return False
|
||||||
|
|
@ -191,6 +196,9 @@ def verifyPostHeaders(httpPrefix: str,publicKeyPem: str,headers: dict, \
|
||||||
f'{signedHeader}: {headers[signedHeader]}')
|
f'{signedHeader}: {headers[signedHeader]}')
|
||||||
else:
|
else:
|
||||||
signedHeaderCap=signedHeader.capitalize()
|
signedHeaderCap=signedHeader.capitalize()
|
||||||
|
if signedHeaderCap=='Content-length':
|
||||||
|
if int(headers[signedHeader])!=contentLength:
|
||||||
|
return False
|
||||||
if signedHeaderCap=='Date':
|
if signedHeaderCap=='Date':
|
||||||
if not verifyRecentSignature(headers[signedHeaderCap]):
|
if not verifyRecentSignature(headers[signedHeaderCap]):
|
||||||
return False
|
return False
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue