aboutsummaryrefslogtreecommitdiff
path: root/modules/fediverse_server/security.py
diff options
context:
space:
mode:
Diffstat (limited to 'modules/fediverse_server/security.py')
-rw-r--r--modules/fediverse_server/security.py32
1 files changed, 32 insertions, 0 deletions
diff --git a/modules/fediverse_server/security.py b/modules/fediverse_server/security.py
new file mode 100644
index 00000000..6ae75cd3
--- /dev/null
+++ b/modules/fediverse_server/security.py
@@ -0,0 +1,32 @@
+import base64, typing
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import padding, rsa
+from cryptography.hazmat.backends import default_backend
+
+SIGNATURE_FORMAT = (
+ "keyId=\"%s\",headers=\"%s\",signature=\"%s\",algorithm=\"rsa-sha256\"")
+
+
+def private_key(key_filename: str) -> rsa.RSAPrivateKey:
+ with open(key_filename) as key_file:
+ return serialization.load_pem_private_key(
+ key_file.read(), password=None, backend=default_backend())
+
+def signature(key: rsa.RSAPrivateKey, key_id: str,
+ headers: typing.List[typing.Tuple[str, str]]) -> str:
+ private_key = _private_key(key_filename)
+ sign_header_keys = " ".join(h[0] for h in headers)
+
+ sign_string_parts = ["%s: %s" % (k, v) for k, v in headers]
+ sign_string = "\n".join(sign_string_parts)
+
+ signature = private_key.sign(
+ sign_string.encode("utf8"),
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA256()),
+ salt_length=padding.PSS.MAX_LENGTH),
+ hashes.SHA256()
+ )
+
+ signature = base64.b64encode(signature).decode("ascii")
+ return SIGNATURE_FORMAT % (key_id, sign_header_keys, signature)
generated by cgit v1.3.1-10-gc9f91 (git 2.54.0) at 2026-06-11 23:56:02 +0000