forked from mirrors/bookwyrm
commit
4190793f17
4 changed files with 133 additions and 24 deletions
|
@ -63,37 +63,38 @@ def broadcast_task(sender_id, activity, recipients):
|
||||||
return errors
|
return errors
|
||||||
|
|
||||||
|
|
||||||
def sign_and_send(sender, activity, destination):
|
def make_signature(sender, destination, date):
|
||||||
''' crpyto whatever and http junk '''
|
|
||||||
inbox_parts = urlparse(destination)
|
inbox_parts = urlparse(destination)
|
||||||
now = http_date()
|
|
||||||
signature_headers = [
|
signature_headers = [
|
||||||
'(request-target): post %s' % inbox_parts.path,
|
'(request-target): post %s' % inbox_parts.path,
|
||||||
'host: %s' % inbox_parts.netloc,
|
'host: %s' % inbox_parts.netloc,
|
||||||
'date: %s' % now
|
'date: %s' % date,
|
||||||
]
|
]
|
||||||
message_to_sign = '\n'.join(signature_headers)
|
message_to_sign = '\n'.join(signature_headers)
|
||||||
|
|
||||||
if not sender.private_key:
|
|
||||||
# this shouldn't happen. it would be bad if it happened.
|
|
||||||
raise ValueError('No private key found for sender')
|
|
||||||
signer = pkcs1_15.new(RSA.import_key(sender.private_key))
|
signer = pkcs1_15.new(RSA.import_key(sender.private_key))
|
||||||
signed_message = signer.sign(SHA256.new(message_to_sign.encode('utf8')))
|
signed_message = signer.sign(SHA256.new(message_to_sign.encode('utf8')))
|
||||||
|
|
||||||
signature = {
|
signature = {
|
||||||
'keyId': '%s#main-key' % sender.actor,
|
'keyId': '%s#main-key' % sender.actor,
|
||||||
'algorithm': 'rsa-sha256',
|
'algorithm': 'rsa-sha256',
|
||||||
'headers': '(request-target) host date',
|
'headers': '(request-target) host date',
|
||||||
'signature': b64encode(signed_message).decode('utf8'),
|
'signature': b64encode(signed_message).decode('utf8'),
|
||||||
}
|
}
|
||||||
signature = ','.join('%s="%s"' % (k, v) for (k, v) in signature.items())
|
return ','.join('%s="%s"' % (k, v) for (k, v) in signature.items())
|
||||||
|
|
||||||
|
def sign_and_send(sender, activity, destination):
|
||||||
|
''' crpyto whatever and http junk '''
|
||||||
|
now = http_date()
|
||||||
|
|
||||||
|
if not sender.private_key:
|
||||||
|
# this shouldn't happen. it would be bad if it happened.
|
||||||
|
raise ValueError('No private key found for sender')
|
||||||
|
|
||||||
response = requests.post(
|
response = requests.post(
|
||||||
destination,
|
destination,
|
||||||
data=json.dumps(activity),
|
data=json.dumps(activity),
|
||||||
headers={
|
headers={
|
||||||
'Date': now,
|
'Date': now,
|
||||||
'Signature': signature,
|
'Signature': make_signature(sender, destination, now),
|
||||||
'Content-Type': 'application/activity+json; charset=utf-8',
|
'Content-Type': 'application/activity+json; charset=utf-8',
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
''' handles all of the activity coming in to the server '''
|
''' handles all of the activity coming in to the server '''
|
||||||
import json
|
import json
|
||||||
from base64 import b64decode
|
from base64 import b64decode
|
||||||
|
from urllib.parse import urldefrag
|
||||||
|
|
||||||
from Crypto.Hash import SHA256
|
from Crypto.Hash import SHA256
|
||||||
from Crypto.PublicKey import RSA
|
from Crypto.PublicKey import RSA
|
||||||
from Crypto.Signature import pkcs1_15
|
from Crypto.Signature import pkcs1_15
|
||||||
|
@ -46,7 +48,7 @@ def shared_inbox(request):
|
||||||
return HttpResponseBadRequest()
|
return HttpResponseBadRequest()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
verify_signature(request)
|
verify_signature(activity.get('actor'), request)
|
||||||
except ValueError:
|
except ValueError:
|
||||||
return HttpResponse(status=401)
|
return HttpResponse(status=401)
|
||||||
|
|
||||||
|
@ -82,7 +84,24 @@ def shared_inbox(request):
|
||||||
return HttpResponse()
|
return HttpResponse()
|
||||||
|
|
||||||
|
|
||||||
def verify_signature(request):
|
def get_public_key(key_actor):
|
||||||
|
try:
|
||||||
|
user = models.User.objects.get(actor=key_actor)
|
||||||
|
public_key = user.public_key
|
||||||
|
actor = user.actor
|
||||||
|
except models.User.DoesNotExist:
|
||||||
|
response = requests.get(
|
||||||
|
key_actor,
|
||||||
|
headers={'Accept': 'application/activity+json'}
|
||||||
|
)
|
||||||
|
if not response.ok:
|
||||||
|
raise ValueError('Could not load public key')
|
||||||
|
user_data = response.json()
|
||||||
|
public_key = user_data['publicKey']['publicKeyPem']
|
||||||
|
|
||||||
|
return RSA.import_key(public_key)
|
||||||
|
|
||||||
|
def verify_signature(required_actor, request):
|
||||||
''' verify rsa signature '''
|
''' verify rsa signature '''
|
||||||
signature_dict = {}
|
signature_dict = {}
|
||||||
for pair in request.headers['Signature'].split(','):
|
for pair in request.headers['Signature'].split(','):
|
||||||
|
@ -97,15 +116,13 @@ def verify_signature(request):
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise ValueError('Invalid auth header')
|
raise ValueError('Invalid auth header')
|
||||||
|
|
||||||
response = requests.get(
|
# TODO Use the fragment - actors can have multiple keys?
|
||||||
key_id,
|
key_actor = urldefrag(key_id).url
|
||||||
headers={'Accept': 'application/activity+json'}
|
|
||||||
)
|
|
||||||
if not response.ok:
|
|
||||||
raise ValueError('Could not load public key')
|
|
||||||
|
|
||||||
actor = response.json()
|
if key_actor != required_actor:
|
||||||
key = RSA.import_key(actor['publicKey']['publicKeyPem'])
|
raise ValueError("Wrong actor created signature.")
|
||||||
|
|
||||||
|
key = get_public_key(key_actor)
|
||||||
|
|
||||||
comparison_string = []
|
comparison_string = []
|
||||||
for signed_header_name in headers.split(' '):
|
for signed_header_name in headers.split(' '):
|
||||||
|
@ -125,8 +142,6 @@ def verify_signature(request):
|
||||||
# raises a ValueError if it fails
|
# raises a ValueError if it fails
|
||||||
signer.verify(digest, signature)
|
signer.verify(digest, signature)
|
||||||
|
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
@app.task
|
@app.task
|
||||||
def handle_follow(activity):
|
def handle_follow(activity):
|
||||||
|
|
92
fedireads/tests/test_signing.py
Normal file
92
fedireads/tests/test_signing.py
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
from collections import namedtuple
|
||||||
|
from urllib.parse import urlsplit
|
||||||
|
|
||||||
|
from Crypto import Random
|
||||||
|
from Crypto.PublicKey import RSA
|
||||||
|
|
||||||
|
import responses
|
||||||
|
|
||||||
|
from django.test import TestCase, Client
|
||||||
|
from django.utils.http import http_date
|
||||||
|
|
||||||
|
from fedireads.models import User
|
||||||
|
from fedireads.broadcast import make_signature
|
||||||
|
from fedireads.activitypub import get_follow_request
|
||||||
|
from fedireads.settings import DOMAIN
|
||||||
|
|
||||||
|
Sender = namedtuple('Sender', ('actor', 'private_key', 'public_key'))
|
||||||
|
|
||||||
|
class Signature(TestCase):
|
||||||
|
def setUp(self):
|
||||||
|
self.mouse = User.objects.create_user('mouse', 'mouse@example.com', '')
|
||||||
|
self.rat = User.objects.create_user('rat', 'rat@example.com', '')
|
||||||
|
self.cat = User.objects.create_user('cat', 'cat@example.com', '')
|
||||||
|
|
||||||
|
random_generator = Random.new().read
|
||||||
|
key = RSA.generate(1024, random_generator)
|
||||||
|
private_key = key.export_key().decode('utf8')
|
||||||
|
public_key = key.publickey().export_key().decode('utf8')
|
||||||
|
|
||||||
|
self.fake_remote = Sender(
|
||||||
|
'http://localhost/user/remote',
|
||||||
|
private_key,
|
||||||
|
public_key,
|
||||||
|
)
|
||||||
|
|
||||||
|
def send_follow(self, sender, signature, now):
|
||||||
|
c = Client()
|
||||||
|
return c.post(
|
||||||
|
urlsplit(self.rat.inbox).path,
|
||||||
|
data=get_follow_request(
|
||||||
|
sender,
|
||||||
|
self.rat,
|
||||||
|
),
|
||||||
|
content_type='application/json',
|
||||||
|
**{
|
||||||
|
'HTTP_DATE': now,
|
||||||
|
'HTTP_SIGNATURE': signature,
|
||||||
|
'HTTP_CONTENT_TYPE': 'application/activity+json; charset=utf-8',
|
||||||
|
'HTTP_HOST': DOMAIN,
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_correct_signature(self):
|
||||||
|
now = http_date()
|
||||||
|
signature = make_signature(self.mouse, self.rat.inbox, now)
|
||||||
|
return self.send_follow(self.mouse, signature, now).status_code == 200
|
||||||
|
|
||||||
|
def test_wrong_signature(self):
|
||||||
|
''' Messages must be signed by the right actor.
|
||||||
|
(cat cannot sign messages on behalf of mouse)
|
||||||
|
'''
|
||||||
|
now = http_date()
|
||||||
|
signature = make_signature(self.cat, self.rat.inbox, now)
|
||||||
|
assert self.send_follow(self.mouse, signature, now).status_code == 401
|
||||||
|
|
||||||
|
@responses.activate
|
||||||
|
def test_remote_signer(self):
|
||||||
|
responses.add(
|
||||||
|
responses.GET,
|
||||||
|
self.fake_remote.actor,
|
||||||
|
json={'publicKey': {
|
||||||
|
'publicKeyPem': self.fake_remote.public_key
|
||||||
|
}},
|
||||||
|
status=200)
|
||||||
|
|
||||||
|
now = http_date()
|
||||||
|
sender = self.fake_remote
|
||||||
|
signature = make_signature(sender, self.rat.inbox, now)
|
||||||
|
assert self.send_follow(sender, signature, now).status_code == 200
|
||||||
|
|
||||||
|
@responses.activate
|
||||||
|
def test_nonexistent_signer(self):
|
||||||
|
responses.add(
|
||||||
|
responses.GET,
|
||||||
|
self.fake_remote.actor,
|
||||||
|
json={'error': 'not found'},
|
||||||
|
status=404)
|
||||||
|
|
||||||
|
now = http_date()
|
||||||
|
sender = self.fake_remote
|
||||||
|
signature = make_signature(sender, self.rat.inbox, now)
|
||||||
|
assert self.send_follow(sender, signature, now).status_code == 401
|
|
@ -1,5 +1,5 @@
|
||||||
celery==4.4.2
|
celery==4.4.2
|
||||||
coverage=5.1
|
coverage==5.1
|
||||||
Django==3.0.3
|
Django==3.0.3
|
||||||
django-model-utils==4.0.0
|
django-model-utils==4.0.0
|
||||||
environs==7.2.0
|
environs==7.2.0
|
||||||
|
@ -10,3 +10,4 @@ pycryptodome==3.9.4
|
||||||
python-dateutil==2.8.1
|
python-dateutil==2.8.1
|
||||||
redis==3.4.1
|
redis==3.4.1
|
||||||
requests==2.22.0
|
requests==2.22.0
|
||||||
|
responses==0.10.14
|
||||||
|
|
Loading…
Reference in a new issue