Rename OpenSSL signature more generically
This commit is contained in:
parent
4287ff4cd3
commit
4339dca96e
|
@ -209,11 +209,7 @@ Mi ne estas knabino!!")
|
||||||
(format nil "host: ~A~%" (quri:uri-host inbox-uri))
|
(format nil "host: ~A~%" (quri:uri-host inbox-uri))
|
||||||
(format nil "date: ~A~%" date-header)
|
(format nil "date: ~A~%" date-header)
|
||||||
(format nil "digest: ~A" digest-header)))
|
(format nil "digest: ~A" digest-header)))
|
||||||
;; (signature (base64:usb8-array-to-base64-string
|
(signature (sign-string *privkey* signed-headers))
|
||||||
;; (ironclad:sign-message (openssl-shell-import-key-pair *privkey*)
|
|
||||||
;; (string-to-ub8-vector
|
|
||||||
;; (string-sha256sum signed-headers))))
|
|
||||||
(signature (openssl-shell-sign-string *privkey* signed-headers))
|
|
||||||
(signature-header (str:concat "keyId=\"" from "#main-key\","
|
(signature-header (str:concat "keyId=\"" from "#main-key\","
|
||||||
"algorithm=\"rsa-sha256\","
|
"algorithm=\"rsa-sha256\","
|
||||||
"headers=\"(request-target) host date digest\","
|
"headers=\"(request-target) host date digest\","
|
||||||
|
|
|
@ -18,8 +18,8 @@
|
||||||
(defpackage #:activitypub-servist/signatures
|
(defpackage #:activitypub-servist/signatures
|
||||||
(:use #:cl)
|
(:use #:cl)
|
||||||
(:nicknames "AP-S/S")
|
(:nicknames "AP-S/S")
|
||||||
(:export :openssl-shell-generate-key-pair
|
(:export :generate-key-pair
|
||||||
:openssl-shell-sign-string :openssl-shell-import-key-pair
|
:sign-string :import-pem-key-pair
|
||||||
:digest-string :string-sha256sum))
|
:digest-string :string-sha256sum))
|
||||||
|
|
||||||
(in-package #:activitypub-servist/signatures)
|
(in-package #:activitypub-servist/signatures)
|
||||||
|
@ -36,7 +36,8 @@
|
||||||
;; But at the moment,I want to focus on other core parts of ActivityPub; I’ve
|
;; But at the moment,I want to focus on other core parts of ActivityPub; I’ve
|
||||||
;; tired of messing with ASN1 & co. That’s for another day! ^^
|
;; tired of messing with ASN1 & co. That’s for another day! ^^
|
||||||
|
|
||||||
(defun openssl-shell-generate-key-pair ()
|
|
||||||
|
(defun generate-key-pair ()
|
||||||
"Generate a 2048-bit RSA key-pair in PEM-format using one’s `openssl` binary.
|
"Generate a 2048-bit RSA key-pair in PEM-format using one’s `openssl` binary.
|
||||||
It returns two values: The private key, then the public key."
|
It returns two values: The private key, then the public key."
|
||||||
(let* ((private-pem-key (inferior-shell:run/s "openssl genrsa 2048"))
|
(let* ((private-pem-key (inferior-shell:run/s "openssl genrsa 2048"))
|
||||||
|
@ -47,7 +48,7 @@ It returns two values: The private key, then the public key."
|
||||||
(values private-pem-key
|
(values private-pem-key
|
||||||
public-pem-key)))
|
public-pem-key)))
|
||||||
|
|
||||||
(defun openssl-shell-destructure-private-key (pem-string &optional results)
|
(defun destructure-openssl-private-key (pem-string &optional results)
|
||||||
"When passed the output of the shell command `openssl rsa -text -noout`, will
|
"When passed the output of the shell command `openssl rsa -text -noout`, will
|
||||||
parse the output into a plist containing relavent numbers:
|
parse the output into a plist containing relavent numbers:
|
||||||
:n (modulus), :e (public exponent), :d (private exponent), :p (1st prime),
|
:n (modulus), :e (public exponent), :d (private exponent), :p (1st prime),
|
||||||
|
@ -117,7 +118,7 @@ parse the output into a plist containing relavent numbers:
|
||||||
(nconc results
|
(nconc results
|
||||||
(list total-string)))))))))
|
(list total-string)))))))))
|
||||||
|
|
||||||
(defun openssl-shell-import-key-pair (private-pem-string)
|
(defun import-pem-key-pair (private-pem-string)
|
||||||
"Given the string value of a private RSA PEM file, this will parse it into two
|
"Given the string value of a private RSA PEM file, this will parse it into two
|
||||||
returned values: An Ironclad private key, and an Ironclad public key."
|
returned values: An Ironclad private key, and an Ironclad public key."
|
||||||
(let ((key-values
|
(let ((key-values
|
||||||
|
@ -138,7 +139,7 @@ returned values: An Ironclad private key, and an Ironclad public key."
|
||||||
|
|
||||||
;;; Signing
|
;;; Signing
|
||||||
;;; ————————————————————————————————————————
|
;;; ————————————————————————————————————————
|
||||||
(defun openssl-shell-sign-string (private-pem-string string)
|
(defun sign-string (private-pem-string string)
|
||||||
"Use the OpenSSL binary on the host system to RSS-SHA256 sign a STRING with a
|
"Use the OpenSSL binary on the host system to RSS-SHA256 sign a STRING with a
|
||||||
private key."
|
private key."
|
||||||
(alexandria:write-string-into-file private-pem-string #p"/tmp/private.pem" :if-does-not-exist :create :if-exists :overwrite)
|
(alexandria:write-string-into-file private-pem-string #p"/tmp/private.pem" :if-does-not-exist :create :if-exists :overwrite)
|
||||||
|
|
Ŝarĝante…
Reference in New Issue