summaryrefslogtreecommitdiffstats
path: root/users/models
diff options
context:
space:
mode:
authorAndrew Godwin2022-11-12 15:10:15 -0700
committerAndrew Godwin2022-11-12 15:10:15 -0700
commitdd4328ae523bb375dd871e85d1bacd9311e87a89 (patch)
tree6a4ec8bc83be3bdd18421b3f0c221b7a6091cf9e /users/models
parent8fd5a9292c7d3aac352d3c0e96288bff8a79cb47 (diff)
downloadtakahe-dd4328ae523bb375dd871e85d1bacd9311e87a89.tar.gz
takahe-dd4328ae523bb375dd871e85d1bacd9311e87a89.tar.bz2
takahe-dd4328ae523bb375dd871e85d1bacd9311e87a89.zip
Add JSON-LD signatures and tests for sig stuff
Diffstat (limited to 'users/models')
-rw-r--r--users/models/follow.py9
-rw-r--r--users/models/identity.py36
2 files changed, 8 insertions, 37 deletions
diff --git a/users/models/follow.py b/users/models/follow.py
index 81ffcd9..238081e 100644
--- a/users/models/follow.py
+++ b/users/models/follow.py
@@ -37,7 +37,8 @@ class FollowStates(StateGraph):
await HttpSignature.signed_request(
uri=follow.target.inbox_uri,
body=canonicalise(follow.to_ap()),
- identity=follow.source,
+ private_key=follow.source.public_key,
+ key_id=follow.source.public_key_id,
)
return cls.local_requested
@@ -56,7 +57,8 @@ class FollowStates(StateGraph):
await HttpSignature.signed_request(
uri=follow.source.inbox_uri,
body=canonicalise(follow.to_accept_ap()),
- identity=follow.target,
+ private_key=follow.target.public_key,
+ key_id=follow.target.public_key_id,
)
return cls.accepted
@@ -69,7 +71,8 @@ class FollowStates(StateGraph):
await HttpSignature.signed_request(
uri=follow.target.inbox_uri,
body=canonicalise(follow.to_undo_ap()),
- identity=follow.source,
+ private_key=follow.source.public_key,
+ key_id=follow.source.public_key_id,
)
return cls.undone_remotely
diff --git a/users/models/identity.py b/users/models/identity.py
index 4ec0342..96e09c8 100644
--- a/users/models/identity.py
+++ b/users/models/identity.py
@@ -11,7 +11,6 @@ from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from django.db import models
from django.utils import timezone
-from OpenSSL import crypto
from core.ld import canonicalise
from stator.models import State, StateField, StateGraph, StatorModel
@@ -89,6 +88,7 @@ class Identity(StatorModel):
private_key = models.TextField(null=True, blank=True)
public_key = models.TextField(null=True, blank=True)
+ public_key_id = models.TextField(null=True, blank=True)
created = models.DateTimeField(auto_now_add=True)
updated = models.DateTimeField(auto_now=True)
@@ -182,10 +182,6 @@ class Identity(StatorModel):
# TODO: Setting
return self.data_age > 60 * 24 * 24
- @property
- def key_id(self):
- return self.actor_uri + "#main-key"
-
### Actor/Webfinger fetching ###
@classmethod
@@ -242,6 +238,7 @@ class Identity(StatorModel):
"as:manuallyApprovesFollowers"
)
self.public_key = document.get("publicKey", {}).get("publicKeyPem")
+ self.public_key_id = document.get("publicKey", {}).get("id")
self.icon_uri = document.get("icon", {}).get("url")
self.image_uri = document.get("image", {}).get("url")
# Now go do webfinger with that info to see if we can get a canonical domain
@@ -286,32 +283,3 @@ class Identity(StatorModel):
.decode("ascii")
)
self.save()
-
- def sign(self, cleartext: str) -> bytes:
- if not self.private_key:
- raise ValueError("Cannot sign - no private key")
- pkey = crypto.load_privatekey(
- crypto.FILETYPE_PEM,
- self.private_key.encode("ascii"),
- )
- return crypto.sign(
- pkey,
- cleartext.encode("ascii"),
- "sha256",
- )
-
- def verify_signature(self, signature: bytes, cleartext: str) -> bool:
- if not self.public_key:
- raise ValueError("Cannot verify - no public key")
- x509 = crypto.X509()
- x509.set_pubkey(
- crypto.load_publickey(
- crypto.FILETYPE_PEM,
- self.public_key.encode("ascii"),
- )
- )
- try:
- crypto.verify(x509, signature, cleartext.encode("ascii"), "sha256")
- except crypto.Error:
- return False
- return True