aboutsummaryrefslogtreecommitdiff
path: root/server.py
diff options
context:
space:
mode:
authorAnthony Wang2023-01-19 22:09:55 +0000
committerAnthony Wang2023-01-19 22:09:55 +0000
commitf7403f75dab5fea8e1f3dc022a6cfdd523094e1c (patch)
tree2a33cb564200b8fc941299a26df70cf657028bf6 /server.py
parent7cbb9f7e496b09b2fc88ddd42faa9cfa7fa4c8ee (diff)
Clean up HTTP signature verification code
Diffstat (limited to 'server.py')
-rw-r--r--server.py16
1 files changed, 7 insertions, 9 deletions
diff --git a/server.py b/server.py
index 3fe33ab..18fa263 100644
--- a/server.py
+++ b/server.py
@@ -64,10 +64,9 @@ class fuwuqi(SimpleHTTPRequestHandler):
username = search('^/users/(.*)\.(in|out)box$', self.path).group(1)
- # Get actor public key
- keyid = search('keyId="(.*?)"', self.headers['Signature']).group(1)
- actor = iri_to_actor(keyid)
- pubkeypem = actor['publicKey']['publicKeyPem'].encode('utf8')
+ # Get signer public key
+ signer = iri_to_actor(search('keyId="(.*?)"', self.headers['Signature']).group(1))
+ pubkeypem = signer['publicKey']['publicKeyPem'].encode('utf8')
pubkey = serialization.load_pem_public_key(pubkeypem, None)
# Assemble headers
@@ -84,11 +83,10 @@ class fuwuqi(SimpleHTTPRequestHandler):
signature = search('signature="(.*?)"', self.headers['Signature']).group(1)
pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256())
- # Make sure activity doer matches HTTP signature
- actor = keyid.removesuffix('#main-key')
- if ('actor' in activity and activity['actor'] != actor) or \
- ('attributedTo' in activity and activity['attributedTo'] != actor) or \
- ('attributedTo' in activity['object'] and activity['object']['attributedTo'] != actor):
+ # Make sure activity doer matches HTTP signature
+ if ('actor' in activity and activity['actor'] != signer['id']) or \
+ ('attributedTo' in activity and activity['attributedTo'] != signer['id']) or \
+ ('attributedTo' in activity['object'] and activity['object']['attributedTo'] != signer['id']):
self.send_response(401)
return