diff --git a/fedireads/broadcast.py b/fedireads/broadcast.py index 6501137e..ba0aaf3a 100644 --- a/fedireads/broadcast.py +++ b/fedireads/broadcast.py @@ -63,37 +63,38 @@ def broadcast_task(sender_id, activity, recipients): return errors -def sign_and_send(sender, activity, destination): - ''' crpyto whatever and http junk ''' +def make_signature(sender, destination, date): inbox_parts = urlparse(destination) - now = http_date() signature_headers = [ '(request-target): post %s' % inbox_parts.path, 'host: %s' % inbox_parts.netloc, - 'date: %s' % now + 'date: %s' % date, ] message_to_sign = '\n'.join(signature_headers) - - if not sender.private_key: - # this shouldn't happen. it would be bad if it happened. - raise ValueError('No private key found for sender') signer = pkcs1_15.new(RSA.import_key(sender.private_key)) signed_message = signer.sign(SHA256.new(message_to_sign.encode('utf8'))) - signature = { 'keyId': '%s#main-key' % sender.actor, 'algorithm': 'rsa-sha256', 'headers': '(request-target) host date', 'signature': b64encode(signed_message).decode('utf8'), } - signature = ','.join('%s="%s"' % (k, v) for (k, v) in signature.items()) + return ','.join('%s="%s"' % (k, v) for (k, v) in signature.items()) + +def sign_and_send(sender, activity, destination): + ''' crpyto whatever and http junk ''' + now = http_date() + + if not sender.private_key: + # this shouldn't happen. it would be bad if it happened. + raise ValueError('No private key found for sender') response = requests.post( destination, data=json.dumps(activity), headers={ 'Date': now, - 'Signature': signature, + 'Signature': make_signature(sender, destination, now), 'Content-Type': 'application/activity+json; charset=utf-8', }, ) diff --git a/fedireads/incoming.py b/fedireads/incoming.py index 580d978f..6827e8ee 100644 --- a/fedireads/incoming.py +++ b/fedireads/incoming.py @@ -1,6 +1,8 @@ ''' handles all of the activity coming in to the server ''' import json from base64 import b64decode +from urllib.parse import urldefrag + from Crypto.Hash import SHA256 from Crypto.PublicKey import RSA from Crypto.Signature import pkcs1_15 @@ -46,7 +48,7 @@ def shared_inbox(request): return HttpResponseBadRequest() try: - verify_signature(request) + verify_signature(activity.get('actor'), request) except ValueError: return HttpResponse(status=401) @@ -82,7 +84,24 @@ def shared_inbox(request): return HttpResponse() -def verify_signature(request): +def get_public_key(key_actor): + try: + user = models.User.objects.get(actor=key_actor) + public_key = user.public_key + actor = user.actor + except models.User.DoesNotExist: + response = requests.get( + key_actor, + headers={'Accept': 'application/activity+json'} + ) + if not response.ok: + raise ValueError('Could not load public key') + user_data = response.json() + public_key = user_data['publicKey']['publicKeyPem'] + + return RSA.import_key(public_key) + +def verify_signature(required_actor, request): ''' verify rsa signature ''' signature_dict = {} for pair in request.headers['Signature'].split(','): @@ -97,15 +116,13 @@ def verify_signature(request): except KeyError: raise ValueError('Invalid auth header') - response = requests.get( - key_id, - headers={'Accept': 'application/activity+json'} - ) - if not response.ok: - raise ValueError('Could not load public key') + # TODO Use the fragment - actors can have multiple keys? + key_actor = urldefrag(key_id).url - actor = response.json() - key = RSA.import_key(actor['publicKey']['publicKeyPem']) + if key_actor != required_actor: + raise ValueError("Wrong actor created signature.") + + key = get_public_key(key_actor) comparison_string = [] for signed_header_name in headers.split(' '): @@ -125,8 +142,6 @@ def verify_signature(request): # raises a ValueError if it fails signer.verify(digest, signature) - return True - @app.task def handle_follow(activity): diff --git a/fedireads/tests/test_signing.py b/fedireads/tests/test_signing.py new file mode 100644 index 00000000..6cb69f16 --- /dev/null +++ b/fedireads/tests/test_signing.py @@ -0,0 +1,92 @@ +from collections import namedtuple +from urllib.parse import urlsplit + +from Crypto import Random +from Crypto.PublicKey import RSA + +import responses + +from django.test import TestCase, Client +from django.utils.http import http_date + +from fedireads.models import User +from fedireads.broadcast import make_signature +from fedireads.activitypub import get_follow_request +from fedireads.settings import DOMAIN + +Sender = namedtuple('Sender', ('actor', 'private_key', 'public_key')) + +class Signature(TestCase): + def setUp(self): + self.mouse = User.objects.create_user('mouse', 'mouse@example.com', '') + self.rat = User.objects.create_user('rat', 'rat@example.com', '') + self.cat = User.objects.create_user('cat', 'cat@example.com', '') + + random_generator = Random.new().read + key = RSA.generate(1024, random_generator) + private_key = key.export_key().decode('utf8') + public_key = key.publickey().export_key().decode('utf8') + + self.fake_remote = Sender( + 'http://localhost/user/remote', + private_key, + public_key, + ) + + def send_follow(self, sender, signature, now): + c = Client() + return c.post( + urlsplit(self.rat.inbox).path, + data=get_follow_request( + sender, + self.rat, + ), + content_type='application/json', + **{ + 'HTTP_DATE': now, + 'HTTP_SIGNATURE': signature, + 'HTTP_CONTENT_TYPE': 'application/activity+json; charset=utf-8', + 'HTTP_HOST': DOMAIN, + } + ) + + def test_correct_signature(self): + now = http_date() + signature = make_signature(self.mouse, self.rat.inbox, now) + return self.send_follow(self.mouse, signature, now).status_code == 200 + + def test_wrong_signature(self): + ''' Messages must be signed by the right actor. + (cat cannot sign messages on behalf of mouse) + ''' + now = http_date() + signature = make_signature(self.cat, self.rat.inbox, now) + assert self.send_follow(self.mouse, signature, now).status_code == 401 + + @responses.activate + def test_remote_signer(self): + responses.add( + responses.GET, + self.fake_remote.actor, + json={'publicKey': { + 'publicKeyPem': self.fake_remote.public_key + }}, + status=200) + + now = http_date() + sender = self.fake_remote + signature = make_signature(sender, self.rat.inbox, now) + assert self.send_follow(sender, signature, now).status_code == 200 + + @responses.activate + def test_nonexistent_signer(self): + responses.add( + responses.GET, + self.fake_remote.actor, + json={'error': 'not found'}, + status=404) + + now = http_date() + sender = self.fake_remote + signature = make_signature(sender, self.rat.inbox, now) + assert self.send_follow(sender, signature, now).status_code == 401 diff --git a/requirements.txt b/requirements.txt index 8dd653e6..7c386d2f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ celery==4.4.2 -coverage=5.1 +coverage==5.1 Django==3.0.3 django-model-utils==4.0.0 environs==7.2.0 @@ -10,3 +10,4 @@ pycryptodome==3.9.4 python-dateutil==2.8.1 redis==3.4.1 requests==2.22.0 +responses==0.10.14