2022-11-12 14:50:18 +01:00
|
|
|
#! /usr/bin/env python3
|
|
|
|
|
|
2022-12-07 17:00:52 +01:00
|
|
|
import base64
|
|
|
|
|
import os
|
|
|
|
|
import json
|
|
|
|
|
import time
|
|
|
|
|
import logging
|
2022-11-12 19:57:16 +01:00
|
|
|
import OpenSSL
|
2022-11-17 06:43:43 +01:00
|
|
|
from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
|
2022-11-12 19:57:16 +01:00
|
|
|
|
2022-11-12 14:50:18 +01:00
|
|
|
|
|
|
|
|
PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
|
|
|
|
|
|
2022-12-07 17:00:52 +01:00
|
|
|
|
2022-11-12 14:50:18 +01:00
|
|
|
class AuthVerifyer ():
|
|
|
|
|
|
2022-12-07 17:00:52 +01:00
|
|
|
def __init__(self, domain, pubkey=PUBKEY_FILE):
|
2022-11-12 14:50:18 +01:00
|
|
|
self.domain = domain
|
|
|
|
|
with open(pubkey) as pk:
|
|
|
|
|
pk_content = ""
|
|
|
|
|
for line in pk.readlines():
|
|
|
|
|
pk_content += line
|
2022-11-20 10:57:33 +01:00
|
|
|
logging.debug(pk_content)
|
2022-11-12 19:57:16 +01:00
|
|
|
pkey = load_publickey(FILETYPE_PEM, pk_content)
|
|
|
|
|
self.x509 = X509()
|
|
|
|
|
self.x509.set_pubkey(pkey)
|
2022-12-07 17:00:52 +01:00
|
|
|
|
2022-11-20 10:57:33 +01:00
|
|
|
logging.debug(self.x509)
|
2022-12-07 17:00:52 +01:00
|
|
|
|
2022-11-12 14:50:18 +01:00
|
|
|
def verify(self, params, signature):
|
2022-11-20 10:57:33 +01:00
|
|
|
# logging.debug(type(sig))
|
2022-12-07 17:00:52 +01:00
|
|
|
# OpenSSL_verify(self.pubkey, sig
|
|
|
|
|
# , base64.b64decode(params), "sha512")
|
2022-11-12 19:57:16 +01:00
|
|
|
sig = base64.b64decode(signature)
|
2022-11-20 10:57:33 +01:00
|
|
|
logging.info(f"sig: {sig}")
|
|
|
|
|
logging.info(f"params: {params}")
|
2022-11-12 19:57:16 +01:00
|
|
|
try:
|
|
|
|
|
verify(self.x509, sig, params, 'sha512')
|
|
|
|
|
except OpenSSL.crypto.Error:
|
|
|
|
|
return False, "Signature Failed"
|
2022-12-07 17:00:52 +01:00
|
|
|
|
2022-11-17 06:43:43 +01:00
|
|
|
try:
|
|
|
|
|
user_data = json.loads(base64.b64decode(params))
|
2022-12-07 17:00:52 +01:00
|
|
|
if (time.time() - user_data["time"]) > 60:
|
2022-11-17 06:43:43 +01:00
|
|
|
return False, "Signature to old"
|
|
|
|
|
except json.decoder.JSONDecodeError:
|
|
|
|
|
# we shouldn't get here unless kioubit's service is misbehaving
|
|
|
|
|
return False, "invalid JSON"
|
|
|
|
|
except KeyError:
|
|
|
|
|
return False, "value not found in JSON"
|
2022-11-20 10:57:33 +01:00
|
|
|
logging.debug(user_data)
|
2022-11-17 06:43:43 +01:00
|
|
|
return True, user_data
|
2022-11-12 14:50:18 +01:00
|
|
|
|
2022-12-07 17:00:52 +01:00
|
|
|
|
2022-11-12 14:50:18 +01:00
|
|
|
if __name__ == "__main__":
|
|
|
|
|
example_com_verifier = AuthVerifyer("example.com")
|
2022-12-07 17:00:52 +01:00
|
|
|
logging.info(example_com_verifier.verify(
|
2022-11-12 19:57:16 +01:00
|
|
|
params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
|
|
|
|
|
signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
|
2022-12-07 17:00:52 +01:00
|
|
|
))
|
|
|
|
|
#params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
|
2022-11-12 14:50:18 +01:00
|
|
|
#signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'
|
