Clean up HTTP signature verification code

This commit is contained in:
Anthony Wang 2023-01-19 22:09:55 +00:00
parent 7cbb9f7e49
commit f7403f75da
No known key found for this signature in database
GPG key ID: 1DDC6BC38786C595

View file

@ -64,10 +64,9 @@ class fuwuqi(SimpleHTTPRequestHandler):
username = search('^/users/(.*)\.(in|out)box$', self.path).group(1) username = search('^/users/(.*)\.(in|out)box$', self.path).group(1)
# Get actor public key # Get signer public key
keyid = search('keyId="(.*?)"', self.headers['Signature']).group(1) signer = iri_to_actor(search('keyId="(.*?)"', self.headers['Signature']).group(1))
actor = iri_to_actor(keyid) pubkeypem = signer['publicKey']['publicKeyPem'].encode('utf8')
pubkeypem = actor['publicKey']['publicKeyPem'].encode('utf8')
pubkey = serialization.load_pem_public_key(pubkeypem, None) pubkey = serialization.load_pem_public_key(pubkeypem, None)
# Assemble headers # Assemble headers
@ -85,10 +84,9 @@ class fuwuqi(SimpleHTTPRequestHandler):
pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256()) pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256())
# Make sure activity doer matches HTTP signature # Make sure activity doer matches HTTP signature
actor = keyid.removesuffix('#main-key') if ('actor' in activity and activity['actor'] != signer['id']) or \
if ('actor' in activity and activity['actor'] != actor) or \ ('attributedTo' in activity and activity['attributedTo'] != signer['id']) or \
('attributedTo' in activity and activity['attributedTo'] != actor) or \ ('attributedTo' in activity['object'] and activity['object']['attributedTo'] != signer['id']):
('attributedTo' in activity['object'] and activity['object']['attributedTo'] != actor):
self.send_response(401) self.send_response(401)
return return