diff options
| author | Anthony Wang | 2023-01-19 22:09:55 +0000 |
|---|---|---|
| committer | Anthony Wang | 2023-01-19 22:09:55 +0000 |
| commit | f7403f75dab5fea8e1f3dc022a6cfdd523094e1c (patch) | |
| tree | 2a33cb564200b8fc941299a26df70cf657028bf6 | |
| parent | 7cbb9f7e496b09b2fc88ddd42faa9cfa7fa4c8ee (diff) | |
Clean up HTTP signature verification code
| -rw-r--r-- | server.py | 16 |
1 files changed, 7 insertions, 9 deletions
@@ -64,10 +64,9 @@ class fuwuqi(SimpleHTTPRequestHandler): username = search('^/users/(.*)\.(in|out)box$', self.path).group(1) - # Get actor public key - keyid = search('keyId="(.*?)"', self.headers['Signature']).group(1) - actor = iri_to_actor(keyid) - pubkeypem = actor['publicKey']['publicKeyPem'].encode('utf8') + # Get signer public key + signer = iri_to_actor(search('keyId="(.*?)"', self.headers['Signature']).group(1)) + pubkeypem = signer['publicKey']['publicKeyPem'].encode('utf8') pubkey = serialization.load_pem_public_key(pubkeypem, None) # Assemble headers @@ -84,11 +83,10 @@ class fuwuqi(SimpleHTTPRequestHandler): signature = search('signature="(.*?)"', self.headers['Signature']).group(1) pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256()) - # Make sure activity doer matches HTTP signature - actor = keyid.removesuffix('#main-key') - if ('actor' in activity and activity['actor'] != actor) or \ - ('attributedTo' in activity and activity['attributedTo'] != actor) or \ - ('attributedTo' in activity['object'] and activity['object']['attributedTo'] != actor): + # Make sure activity doer matches HTTP signature + if ('actor' in activity and activity['actor'] != signer['id']) or \ + ('attributedTo' in activity and activity['attributedTo'] != signer['id']) or \ + ('attributedTo' in activity['object'] and activity['object']['attributedTo'] != signer['id']): self.send_response(401) return |