Comments (3)
Thank you, but the problem have another: it should have a digest that is a converted string from json of request body via sha256 and base64.
The result is here:
from cryptography.hazmat.backends import default_backend as crypto_default_backend
from cryptography.hazmat.primitives import serialization as crypto_serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from urllib.parse import urlparse
import base64
import datetime
import requests
import json
import hashlib
target_id = "https://dest.instance.social/users/peter"
recipient_url = target_id
recipient_inbox = target_id + "/inbox"
sender_url = "https://example.net/users/john"
sender_key = "https://example.net/users/john#main-key"
activity_id = "https://example.net/users/john/follows/test"
# The following is to sign the HTTP request as defined in HTTP Signatures.
private_key_text = open('./lianlok/private.pem', 'rb').read() # load from file
private_key = crypto_serialization.load_pem_private_key(
private_key_text,
password=None,
backend=crypto_default_backend()
)
current_date = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
recipient_parsed = urlparse(recipient_inbox)
recipient_host = recipient_parsed.netloc
recipient_path = recipient_parsed.path
# Now that the header is set up, we will construct the message
follow_request_message = {
"@context": "https://www.w3.org/ns/activitystreams",
"id": "https://example.net/users/john",
"type": "Follow",
"actor": sender_url,
"object": recipient_url
}
# generating digest
request_message_json = json.dumps(follow_request_message)
digest = base64.b64encode(hashlib.sha256(request_message_json.__str__().encode('utf-8')).digest())
signature_text = b'(request-target): post %s\ndigest: SHA-256=%s\nhost: %s\ndate: %s' % (recipient_path.encode('utf-8'), digest, recipient_host.encode('utf-8'), current_date.encode('utf-8'))
raw_signature = private_key.sign(
signature_text,
padding.PKCS1v15(),
hashes.SHA256()
)
signature_header = 'keyId="%s",algorithm="rsa-sha256",headers="(request-target) digest host date",signature="%s"' % (sender_key, base64.b64encode(raw_signature).decode('utf-8'))
headers = {
'Date': current_date,
'Content-Type': 'application/activity+json',
'Host': recipient_host,
'Digest': "SHA-256="+digest.decode('utf-8'),
'Signature': signature_header
}
r = requests.post(recipient_inbox, headers=headers, json=follow_request_message)
Then it gives:
<Response [202]>
Therefore, the digest-adding can be added to the tutorial.
Close the issue.
from activity-pub-tutorial.
Try using the following for private_key_text
, I believe you need to use a bytestring instead of an ascii string.
private_key_text = open('./lianlok/private.pem', 'rb').read()
from activity-pub-tutorial.
I suggest to merge the code of this issue into the current readme
from activity-pub-tutorial.
Related Issues (1)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from activity-pub-tutorial.