mirror of
https://git.exozy.me/a/fuwuqi.git
synced 2024-11-25 11:01:18 +00:00
Clean up HTTP signature verification code
This commit is contained in:
parent
7cbb9f7e49
commit
f7403f75da
1 changed files with 7 additions and 9 deletions
16
server.py
16
server.py
|
@ -64,10 +64,9 @@ class fuwuqi(SimpleHTTPRequestHandler):
|
||||||
|
|
||||||
username = search('^/users/(.*)\.(in|out)box$', self.path).group(1)
|
username = search('^/users/(.*)\.(in|out)box$', self.path).group(1)
|
||||||
|
|
||||||
# Get actor public key
|
# Get signer public key
|
||||||
keyid = search('keyId="(.*?)"', self.headers['Signature']).group(1)
|
signer = iri_to_actor(search('keyId="(.*?)"', self.headers['Signature']).group(1))
|
||||||
actor = iri_to_actor(keyid)
|
pubkeypem = signer['publicKey']['publicKeyPem'].encode('utf8')
|
||||||
pubkeypem = actor['publicKey']['publicKeyPem'].encode('utf8')
|
|
||||||
pubkey = serialization.load_pem_public_key(pubkeypem, None)
|
pubkey = serialization.load_pem_public_key(pubkeypem, None)
|
||||||
|
|
||||||
# Assemble headers
|
# Assemble headers
|
||||||
|
@ -84,11 +83,10 @@ class fuwuqi(SimpleHTTPRequestHandler):
|
||||||
signature = search('signature="(.*?)"', self.headers['Signature']).group(1)
|
signature = search('signature="(.*?)"', self.headers['Signature']).group(1)
|
||||||
pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256())
|
pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256())
|
||||||
|
|
||||||
# Make sure activity doer matches HTTP signature
|
# Make sure activity doer matches HTTP signature
|
||||||
actor = keyid.removesuffix('#main-key')
|
if ('actor' in activity and activity['actor'] != signer['id']) or \
|
||||||
if ('actor' in activity and activity['actor'] != actor) or \
|
('attributedTo' in activity and activity['attributedTo'] != signer['id']) or \
|
||||||
('attributedTo' in activity and activity['attributedTo'] != actor) or \
|
('attributedTo' in activity['object'] and activity['object']['attributedTo'] != signer['id']):
|
||||||
('attributedTo' in activity['object'] and activity['object']['attributedTo'] != actor):
|
|
||||||
self.send_response(401)
|
self.send_response(401)
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue