[feat] check inbox signature

demo/actor.py

@@ -0,0 +1,11 @@
+#!/usr/bin/env python3
+"""ActivityPub Actor"""
+import demo.activitypub as ap
+
+
+def fetch_actor(
+        actor_url: str,
+) -> dict:
+    """Fetch actor"""
+    ap_object = ap.fetch(actor_url)
+    return ap_object

demo/httpsig.py

@@ -8,7 +8,7 @@ from dataclasses import dataclass
 from Crypto.Hash import SHA256
 from Crypto.Signature import PKCS1_v1_5
 from Crypto.PublicKey import RSA
-from httpx import Headers
+from werkzeug.datastructures import Headers
 
 
 @dataclass

demo/utils/checker.py

@@ -1,19 +1,48 @@
 """Request checker"""
+import json
+
 from flask import Request, abort
-from demo.httpsig import HttpSignature
+from demo.httpsig import HttpSignature, SignedData
+from demo.actor import fetch_actor
 
 
 def inbox_prechecker(
         request: Request,
 ) -> bool:
     """Inbox request prechecker"""
-    try:
     payload = request.headers
+    ap_body = request.data
+    try:
         parsec_signature = HttpSignature.parse_signature(
             payload["signature"]
         )
-        print(parsec_signature)
     except KeyError:
         abort(401, "Missing signature key!")
 
+    actor_id = request.get_json()["actor"]
+    actor = fetch_actor(actor_id)
+
+    try:
+        pub_key = actor["publicKey"]["publicKeyPem"]
+    except json.JSONDecodeError:
+        raise ValueError
+    except KeyError:
+        print("actore gone?")
+        raise KeyError
+
+    sigdate = SignedData(
+        method = request.method,
+        path = request.path,
+        signed_list = parsec_signature["headers"],
+        body_digest = HttpSignature.calculation_digest(ap_body),
+        headers = request.headers,
+    )
+
+    is_verify = HttpSignature.verify_signature(
+        HttpSignature.build_signature_string(sigdate),
+        parsec_signature["signature"],
+        pub_key,
+    )
+
+    print(is_verify)
     return True