serve pub key, not cert
This commit is contained in:
jesopo
parent
b18586ba51
commit
3fa71a75af
2 changed files with 14 additions and 3 deletions
|
|
@ -1,9 +1,14 @@
|
|||
import base64, typing
|
||||
|
||||
try:
|
||||
from cryptography import x509
|
||||
from cryptography.hazmat.primitives import hashes, serialization
|
||||
from cryptography.hazmat.primitives.asymmetric import padding, rsa
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
|
||||
from cryptography.hazmat.primitives.serialization import Encoding
|
||||
from cryptography.hazmat.primitives.serialization import PublicFormat
|
||||
|
||||
has_crypto = True
|
||||
except ModuleNotFoundError:
|
||||
has_crypto = False
|
||||
|
|
@ -21,6 +26,13 @@ class PrivateKey(object):
|
|||
self.key = _private_key(filename)
|
||||
self.id = id
|
||||
|
||||
def public_key(key_filename: str) -> str:
|
||||
with open(key_filename, "rb") as key_file:
|
||||
cert = x509.load_pem_x509_certificate(key_file.read(),
|
||||
default_backend())
|
||||
return cert.public_key().public_bytes(
|
||||
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo).decode("ascii")
|
||||
|
||||
def signature(key: PrivateKey, headers: typing.List[typing.Tuple[str, str]]
|
||||
) -> str:
|
||||
sign_header_keys = " ".join(h[0].lower() for h in headers)
|
||||
|
|
|
|||
|
|
@ -138,8 +138,7 @@ class Server(object):
|
|||
outbox = self._ap_outbox_url(event["url_for"])
|
||||
|
||||
cert_filename = self.bot.config["tls-certificate"]
|
||||
with open(cert_filename) as cert_file:
|
||||
cert = cert_file.read()
|
||||
pubkey = ap_security.public_key(cert_filename)
|
||||
|
||||
event["response"].content_type = ap_utils.LD_TYPE
|
||||
event["response"].write_json({
|
||||
|
|
@ -153,7 +152,7 @@ class Server(object):
|
|||
"publicKey": {
|
||||
"id": "%s#key" % self_id,
|
||||
"owner": self_id,
|
||||
"publicKeyPem": cert
|
||||
"publicKeyPem": pubkey
|
||||
}
|
||||
})
|
||||
else:
|
||||
|
|
|
|||
Loading…
Reference in a new issue