diff --git a/modules/fediverse/ap_security.py b/modules/fediverse/ap_security.py index f7d17a2e..a466aaa5 100644 --- a/modules/fediverse/ap_security.py +++ b/modules/fediverse/ap_security.py @@ -1,9 +1,14 @@ import base64, typing try: + from cryptography import x509 from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import padding, rsa from cryptography.hazmat.backends import default_backend + + from cryptography.hazmat.primitives.serialization import Encoding + from cryptography.hazmat.primitives.serialization import PublicFormat + has_crypto = True except ModuleNotFoundError: has_crypto = False @@ -21,6 +26,13 @@ class PrivateKey(object): self.key = _private_key(filename) self.id = id +def public_key(key_filename: str) -> str: + with open(key_filename, "rb") as key_file: + cert = x509.load_pem_x509_certificate(key_file.read(), + default_backend()) + return cert.public_key().public_bytes( + Encoding.PEM, PublicFormat.SubjectPublicKeyInfo).decode("ascii") + def signature(key: PrivateKey, headers: typing.List[typing.Tuple[str, str]] ) -> str: sign_header_keys = " ".join(h[0].lower() for h in headers) diff --git a/modules/fediverse/ap_server.py b/modules/fediverse/ap_server.py index 89b884a4..d4ae9044 100644 --- a/modules/fediverse/ap_server.py +++ b/modules/fediverse/ap_server.py @@ -138,8 +138,7 @@ class Server(object): outbox = self._ap_outbox_url(event["url_for"]) cert_filename = self.bot.config["tls-certificate"] - with open(cert_filename) as cert_file: - cert = cert_file.read() + pubkey = ap_security.public_key(cert_filename) event["response"].content_type = ap_utils.LD_TYPE event["response"].write_json({ @@ -153,7 +152,7 @@ class Server(object): "publicKey": { "id": "%s#key" % self_id, "owner": self_id, - "publicKeyPem": cert + "publicKeyPem": pubkey } }) else: